Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.Cloaked/Service-GEN


  • This topic is locked This topic is locked
8 replies to this topic

#1 woodman77382

woodman77382

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 22 March 2012 - 11:46 PM

I run SuperAntiSpyware and Malwarebytes periodically (weekly, monthly) and recieved the following from SuperAntiSpyware:

Rootkit.Cloaked/Service-GEN
HKLM\system\controlset002\services\a9e045434411ae3
C:\WINDOWS\SYSTEM32\DRIVERS\A9E045434411AE3.SYS
HKLM\system\controlset003\services\a9e045434411ae3

but it does not get removed after reboot. Malwarebytes shows no issues.

The problems appear to be sound going out periodically, firefox locking up, and programs that hang when I try to shut down.

GMER did not find anything but I got the following errors when trying to start it:
1. LoadDriver("C:Docume~1\HP_Adm~1\Locals~1\Temp\pwldapods.sys") error 0xc0000001:cannot create a stable subkey under a volatile parent key.

2. C:\WINDOWS\system32\config\system: the process cannot access the file because it is being used by another process.

3. system: the process cannot access the file because it is being used by another process.

4. software: the process cannot access the file because it is being used by another process.

5. ntuser.dat: the process cannot access the file because it is being used by another process.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29
Run by HP_Administrator at 23:16:01 on 2012-03-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3518.2916 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\svchost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mWindow Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uRun: [7z8qaj0txd] c:\documents and settings\hp_administrator\7z8qaj0txd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: turbotax.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw_promo.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} - hxxp://l.yimg.com/jh/games/web_games/playtime/mysterysolitaire/SpinTopGamesLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://onlinedesigner.hgtv.com/images/app/view22rte.cab
DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} - hxxp://l.yimg.com/jh/games/web_games/sony/bewitched/main.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7DFB6385-7A44-46CD-986B-1F9C60CF0713} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\two8lgn6.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\hp_administrator\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-8-18 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-8-18 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-2 116608]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-8-18 12872]
.
=============== Created Last 30 ================
.
2012-03-21 17:43:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-21 17:27:08 46264 ----a-w- c:\windows\system32\drivers\a9e045434411ae3.sys
2012-03-20 19:19:32 20424 ----a-w- c:\documents and settings\hp_administrator\7z8qaj0txd.exe
2012-03-19 13:42:55 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-19 13:42:55 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-17 14:42:22 -------- d-----w- c:\program files\iPod
2012-03-17 14:42:17 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2012-02-19 15:44:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 16:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 23:16:52.62 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:28 PM

Posted 23 March 2012 - 08:08 AM

Hello woodman77382 and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________


Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:


Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • In the Posted Image box Cope & Paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. aswMBR log file.
3. OTL.txt & Extras.txt log files.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Edited by SweetTech, 23 March 2012 - 08:14 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 woodman77382

woodman77382
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 23 March 2012 - 10:06 AM

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.

No questions, I did see another thread posted by AZELO on Oct 5, 2011 that sounds just like my issue.
When I ran the aswMBR it prompted me to d/l an anti-virus software. I did not d/l since it was not in your instructions. Please let me know if I need to re-run with the d/l. Thanks for your help!
Also I had a Google re-direct a couple days ago which I fixed with TDSKiller. May or may not be related to this issue.



2. aswMBR log file.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-23 09:28:14
-----------------------------
09:28:14.562 OS Version: Windows 5.1.2600 Service Pack 3
09:28:14.562 Number of processors: 2 586 0x4302
09:28:14.562 ComputerName: OFFICE UserName:
09:28:14.593 Initialze error C0000001 - driver not loadedAccess is denied.
09:29:58.781 Service scanning
09:29:59.343 Modules scanning
09:29:59.343 Disk 0 trace - called modules:
09:29:59.343
09:29:59.343 Scan finished successfully
09:30:51.875 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"


3. OTL.txt & Extras.txt log files.

OTL logfile created on: 3/23/2012 9:33:45 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.44 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 82.34% Memory free
5.27 Gb Paging File | 4.87 Gb Available in Paging File | 92.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.23 Gb Total Space | 107.08 Gb Free Space | 37.02% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.61 Gb Free Space | 6.86% Space Free | Partition Type: FAT32
Drive J: | 55.86 Gb Total Space | 23.78 Gb Free Space | 42.57% Space Free | Partition Type: FAT32
Drive K: | 931.28 Gb Total Space | 295.81 Gb Free Space | 31.76% Space Free | Partition Type: FAT32
Drive L: | 298.02 Gb Total Space | 128.48 Gb Free Space | 43.11% Space Free | Partition Type: FAT32

Computer Name: OFFICE | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/23 09:31:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2012/03/19 08:42:55 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/17 19:59:28 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2009/01/29 00:11:22 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/02 18:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/19 08:42:54 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/19 10:44:42 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/19 04:13:51 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/19 04:09:13 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/19 04:08:32 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/02/19 04:08:31 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/02/19 04:08:31 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/02/19 04:08:28 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/02/19 04:08:28 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/02/19 04:08:27 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/02/19 04:08:27 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2012/02/19 04:08:26 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/02/19 04:08:24 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2012/02/19 04:08:21 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/14 18:38:00 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2011/10/13 07:45:52 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2009/08/30 22:14:16 | 003,571,200 | ---- | M] () -- C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ffdshow.ax
MOD - [2009/08/11 15:18:28 | 000,497,664 | ---- | M] () -- C:\WINDOWS\system32\ac3filter.acm
MOD - [2009/04/12 11:46:06 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2009/04/12 11:46:06 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2009/04/12 11:46:06 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2009/04/12 11:46:06 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2009/04/12 11:46:05 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/04/12 11:46:04 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2009/02/28 16:39:34 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MOD - [2009/02/28 16:39:32 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2009/02/28 16:39:32 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2009/02/28 16:39:31 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
MOD - [2009/02/28 16:39:31 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
MOD - [2009/02/28 16:39:31 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
MOD - [2009/02/28 16:39:31 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
MOD - [2009/02/28 16:39:30 | 000,023,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2009/02/28 16:39:30 | 000,012,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2009/02/28 16:39:29 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/12/03 14:53:06 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005/11/28 12:44:30 | 000,102,400 | ---- | M] () -- C:\WINDOWS\system32\hcwXDS.dll
MOD - [2005/08/05 16:01:54 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax
MOD - [2005/08/05 15:06:50 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2004/08/09 16:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2011/08/17 19:59:28 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2009/01/29 00:11:22 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2005/08/02 18:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\nbvtiwwbduyfqrju.sys -- (nbvtiwwbduyfqrju)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\combofix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/01/09 11:20:25 | 000,139,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2011/08/17 08:49:54 | 000,138,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\afd.sys -- (AFD)
DRV - [2011/08/03 20:06:06 | 000,067,664 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/03 20:06:06 | 000,012,880 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/15 08:29:31 | 000,456,320 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2011/07/08 09:02:00 | 000,010,496 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2011/04/21 08:37:43 | 000,105,472 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2011/02/17 08:18:03 | 000,357,888 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2010/11/02 10:17:02 | 000,040,960 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2010/02/24 10:17:33 | 000,012,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/20 11:20:16 | 000,265,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 06:18:41 | 000,092,928 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/06/20 06:51:12 | 000,361,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 19:13:21 | 000,021,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 19:13:20 | 000,040,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 19:13:20 | 000,012,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 14:28:39 | 000,175,744 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 14:20:42 | 000,091,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 14:20:37 | 000,182,656 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 14:19:48 | 000,048,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 14:19:43 | 000,051,328 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 14:19:42 | 000,075,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 14:18:00 | 000,052,480 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 14:17:18 | 000,083,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 14:15:55 | 000,060,800 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 14:15:53 | 000,574,976 | ---- | M] () [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 14:15:45 | 000,064,512 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 14:14:29 | 000,143,744 | ---- | M] () [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 14:14:21 | 000,063,744 | ---- | M] () [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 14:00:19 | 000,030,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 13:57:32 | 000,041,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 13:57:27 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 13:57:21 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 13:57:15 | 000,152,832 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 13:57:07 | 000,020,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 13:56:38 | 000,069,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 13:56:32 | 000,035,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 13:56:02 | 000,034,688 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 13:55:58 | 000,014,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 13:54:28 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 13:53:34 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 13:51:25 | 000,061,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 13:51:25 | 000,060,800 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 13:51:25 | 000,059,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 13:47:37 | 000,025,856 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/13 13:46:25 | 000,085,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC)
DRV - [2008/04/13 13:46:24 | 000,019,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC)
DRV - [2008/04/13 13:46:23 | 000,017,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE)
DRV - [2008/04/13 13:46:23 | 000,011,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP)
DRV - [2008/04/13 13:46:22 | 000,010,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP)
DRV - [2008/04/13 13:46:21 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip)
DRV - [2008/04/13 13:46:18 | 000,061,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 13:45:38 | 000,026,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (usbstor)
DRV - [2008/04/13 13:45:37 | 000,059,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 13:45:35 | 000,030,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 13:45:35 | 000,020,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 13:45:35 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2008/04/13 13:45:34 | 000,015,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 13:45:13 | 000,002,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 13:45:09 | 000,172,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 13:45:09 | 000,056,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 13:45:07 | 000,006,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 13:45:01 | 000,052,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 13:44:48 | 000,799,744 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 13:44:46 | 000,153,344 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 13:44:40 | 000,020,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 13:41:01 | 000,052,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 13:40:58 | 000,042,112 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 13:40:49 | 000,019,712 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 13:40:48 | 000,011,392 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 13:40:47 | 000,036,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 13:40:46 | 000,062,976 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 13:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 13:40:29 | 000,005,504 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2008/04/13 13:40:27 | 000,057,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 13:40:25 | 000,027,392 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 13:40:25 | 000,020,480 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 13:40:10 | 000,080,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 13:39:53 | 000,004,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 13:39:52 | 000,007,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 13:39:51 | 000,004,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 13:39:50 | 000,005,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/04/13 13:39:50 | 000,005,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 13:39:47 | 000,024,576 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 13:39:47 | 000,023,040 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 13:39:46 | 000,384,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 13:39:46 | 000,042,368 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 13:36:52 | 000,073,472 | ---- | M] () [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/13 13:36:46 | 000,015,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 13:36:44 | 000,068,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 13:36:43 | 000,120,192 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 13:36:41 | 000,037,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 13:36:35 | 000,187,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 13:33:28 | 000,044,544 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 13:32:59 | 000,129,792 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 13:32:51 | 000,196,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 13:32:44 | 000,180,608 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 13:32:39 | 000,030,848 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 13:32:39 | 000,019,072 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 13:32:36 | 000,066,048 | ---- | M] () [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 13:31:32 | 000,036,352 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 13:31:30 | 000,035,840 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2008/04/13 11:39:23 | 000,142,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2006/09/28 19:00:34 | 000,082,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 18:55:50 | 000,077,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2006/06/14 06:04:12 | 004,299,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/13 11:47:38 | 000,168,064 | ---- | M] () [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2006/03/03 10:31:04 | 000,013,056 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 10:31:02 | 000,034,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 06:20:50 | 000,241,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 06:20:40 | 000,936,448 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/08/02 18:19:16 | 000,005,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arkbcfltr.sys -- (arkbcfltr)
DRV - [2005/08/02 18:19:16 | 000,004,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\armoucfltr.sys -- (armoucfltr)
DRV - [2005/08/02 18:19:14 | 000,022,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aracpi.sys -- (aracpi)
DRV - [2005/08/02 18:19:14 | 000,019,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\arhidfltr.sys -- (arhidfltr)
DRV - [2005/08/02 18:19:14 | 000,010,112 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arpolicy.sys -- (ARPolicy)
DRV - [2005/03/09 09:53:00 | 000,036,352 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/09 23:00:00 | 000,018,688 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/09 21:45:04 | 000,011,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mhndrv.sys -- (MHNDRV)
DRV - [2004/08/09 16:00:00 | 000,125,056 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/09 16:00:00 | 000,032,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/09 16:00:00 | 000,032,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/09 16:00:00 | 000,016,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/09 16:00:00 | 000,013,952 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/09 16:00:00 | 000,012,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/09 16:00:00 | 000,011,648 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/09 16:00:00 | 000,008,832 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/09 16:00:00 | 000,007,936 | ---- | M] () [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/09 16:00:00 | 000,006,784 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/09 16:00:00 | 000,005,888 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/09 16:00:00 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/09 16:00:00 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/09 16:00:00 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2004/08/09 16:00:00 | 000,002,944 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2004/08/03 09:31:34 | 000,020,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 15:51:52 | 000,003,328 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2001/08/17 00:59:44 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012



IE - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007\..\SearchScopes\{A48B3EBD-3387-4E13-B4F7-CCB61DAC75B9}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 08:42:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 09:36:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\HP_Administrator\Application Data\Move Networks [2010/01/03 16:01:42 | 000,000,000 | ---D | M]

[2008/08/15 18:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2012/03/22 21:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\two8lgn6.default\extensions
[2010/04/27 19:53:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\two8lgn6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/22 21:45:20 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\two8lgn6.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/09/24 11:07:37 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\two8lgn6.default\searchplugins\dictionary.xml
[2012/01/11 17:58:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\TWO8LGN6.DEFAULT\EXTENSIONS\SEARCHIMDB@SOGAME.CAT.XPI
[2012/03/19 08:42:55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/09/15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2008/12/15 22:55:05 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/21 12:33:17 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [combofix] C:\lexplorer\CF21582.cfxxe /c C:\lexplorer\Combobatch.bat File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [Hferekanugazi] rundll32.exe "C:\WINDOWS\eyixasuxomodoruv.dll",Startup File not found
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007..\Run: [7z8qaj0txd] C:\Documents and Settings\HP_Administrator\7z8qaj0txd.exe ()
O4 - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw_promo.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} http://l.yimg.com/jh/games/web_games/playtime/mysterysolitaire/SpinTopGamesLauncher.cab (SpinTop Games Launcher)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://onlinedesigner.hgtv.com/images/app/view22rte.cab (View22RTE Class)
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} http://l.yimg.com/jh/games/web_games/sony/bewitched/main.cab (BewitchedGameClass Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DFB6385-7A44-46CD-986B-1F9C60CF0713}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cryptnet: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cscdll: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\Schedule: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\termsrv: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/18 08:38:06 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2005/01/11 17:13:32 | 000,000,000 | R--D | M] - J:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/06/04 08:06:48 | 000,000,000 | ---D | M] - L:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2007/12/21 14:56:46 | 000,000,069 | -H-- | M] () - L:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: dmboot.sys - C:\WINDOWS\system32\drivers\dmboot.sys ()
SafeBootMin: dmio.sys - C:\WINDOWS\system32\drivers\dmio.sys ()
SafeBootMin: dmload.sys - C:\WINDOWS\system32\drivers\dmload.sys ()
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: sr.sys - C:\WINDOWS\system32\drivers\sr.sys ()
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: vgasave.sys - C:\WINDOWS\system32\drivers\vga.sys ()
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\xvidvfw.dll ()

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/23 09:31:37 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2012/03/23 09:27:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.exe
[2012/03/22 23:14:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2012/03/21 12:43:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/21 12:43:04 | 002,064,944 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2012/03/21 12:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\GooredFix Backups
[2012/03/21 12:40:45 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\HP_Administrator\Desktop\GooredFix.exe
[2012/03/21 11:48:46 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTM.exe
[2012/03/17 09:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/03/17 09:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/17 09:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

========== Files - Modified Within 30 Days ==========

[2012/03/23 09:31:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2012/03/23 09:27:50 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.exe
[2012/03/22 23:21:26 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2012/03/22 23:14:02 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2012/03/22 23:12:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2012/03/22 23:12:03 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[2012/03/22 22:38:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/22 22:38:16 | 3689,467,904 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/22 20:48:24 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/21 12:40:36 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\HP_Administrator\Desktop\GooredFix.exe
[2012/03/21 12:27:08 | 000,046,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\a9e045434411ae3.sys
[2012/03/21 11:52:02 | 002,046,155 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.zip
[2012/03/21 11:48:33 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTM.exe
[2012/03/21 11:20:10 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/21 09:08:20 | 002,064,944 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2012/03/20 14:18:58 | 000,020,424 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\7z8qaj0txd.exe
[2012/03/19 19:24:27 | 000,103,424 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/18 20:31:01 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mobipocket Reader.lnk
[2012/03/16 13:04:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/14 18:17:39 | 000,198,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 07:39:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/13 19:56:48 | 008,531,968 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\My Money.mny
[2012/03/13 19:56:34 | 001,758,186 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\My Money Backup_2012-03-13_195629.mbf
[2012/03/12 17:24:17 | 000,443,232 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/12 17:24:17 | 000,072,372 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/25 20:42:39 | 000,094,464 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\IMG_0877.jpg
[2012/02/25 20:42:32 | 000,086,983 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\IMG_0876.jpg
[2012/02/25 20:42:13 | 000,088,470 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\IMG_0875.jpg
[2012/02/25 20:41:52 | 000,095,795 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\IMG_0874.jpg
[2012/02/25 14:47:50 | 000,000,639 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\AutoGK.ini

========== Files Created - No Company Name ==========

[2012/03/22 23:22:15 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe
[2012/03/22 23:21:30 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2012/03/22 23:12:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2012/03/22 23:12:08 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[2012/03/21 12:27:08 | 000,046,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\a9e045434411ae3.sys
[2012/03/20 14:19:32 | 000,020,424 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\7z8qaj0txd.exe
[2012/03/13 19:56:34 | 001,758,186 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\My Money Backup_2012-03-13_195629.mbf
[2012/02/25 20:42:39 | 000,094,464 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\IMG_0877.jpg
[2012/02/25 20:42:32 | 000,086,983 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\IMG_0876.jpg
[2012/02/25 20:42:13 | 000,088,470 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\IMG_0875.jpg
[2012/02/25 20:41:52 | 000,095,795 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\IMG_0874.jpg
[2012/02/15 22:10:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/13 15:05:25 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\inst.exe
[2011/05/08 10:56:26 | 000,006,548 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\h4ax20e50joalc518bqq507fr2q73w5r646pt4q8ck
[2011/05/08 10:56:26 | 000,006,548 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h4ax20e50joalc518bqq507fr2q73w5r646pt4q8ck
[2010/11/28 14:40:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Smovuyevi.dat
[2010/11/28 14:40:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hzakaco.bin
[2010/06/12 09:38:20 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/06/12 09:38:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/04/04 10:07:04 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbaapl.sys
[2010/03/27 21:20:26 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:49 | 000,377,984 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ati2dvaa.dll
[2008/04/13 19:11:49 | 000,201,728 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ati2dvag.dll
[2008/04/13 19:11:49 | 000,870,784 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ati3d1ag.dll
[2008/04/13 19:11:50 | 001,888,992 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ati3duag.dll
[2008/04/13 19:11:50 | 000,516,768 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ativvaxx.dll
[2011/02/15 07:56:39 | 000,290,432 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\atmfd.dll
[2004/08/09 16:00:00 | 000,012,288 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\bootvid.dll
[2011/10/28 00:31:48 | 000,033,280 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\csrsrv.dll
[2008/04/13 19:09:33 | 000,009,344 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\framebuf.dll
[2008/04/13 13:31:28 | 000,134,400 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\HAL.DLL
[2001/08/17 14:55:56 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbd101b.dll
[2001/08/17 14:55:56 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbd101c.dll
[2001/08/17 14:55:56 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbd103.dll
[2008/04/13 19:09:55 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbd106.dll
[2004/08/09 23:00:00 | 000,006,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\KBDAL.DLL
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdaze.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdazel.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdbe.dll
[2004/08/09 16:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdbene.dll
[2008/04/13 19:09:55 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdbhc.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdblr.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdbr.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdbu.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdca.dll
[2004/08/09 16:00:00 | 000,007,680 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdcan.dll
[2004/08/09 23:00:00 | 000,006,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdcr.dll
[2004/08/09 23:00:00 | 000,007,168 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdcz.dll
[2004/08/09 23:00:00 | 000,006,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdcz1.dll
[2004/08/09 23:00:00 | 000,006,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdcz2.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdda.dll
[2004/08/09 23:00:00 | 000,005,120 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbddv.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdes.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdest.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdfc.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdfi.dll
[2008/04/13 19:09:55 | 000,007,168 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdfi1.dll
[2004/08/09 16:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdfo.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdfr.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdgae.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdgkl.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdgr.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdgr1.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdhe.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdhe220.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdhe319.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdhela2.dll
[2004/08/09 23:00:00 | 000,006,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdhela3.dll
[2004/08/09 23:00:00 | 000,008,192 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdhept.dll
[2004/08/09 23:00:00 | 000,006,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdhu.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdhu1.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdic.dll
[2008/04/13 19:09:55 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdinbe1.dll
[2008/04/13 19:09:55 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdinben.dll
[2008/04/13 19:09:55 | 000,006,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdinmal.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdir.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdit.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdit142.dll
[2008/04/13 19:09:55 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdiultn.dll
[2001/08/17 22:36:18 | 000,008,704 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdjpn.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdkaz.dll
[2001/08/17 22:36:18 | 000,008,192 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdkor.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdkyr.dll
[2004/08/09 23:00:00 | 000,006,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdla.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdlt.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdlt1.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdlv.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdlv1.dll
[2004/08/09 16:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdmac.dll
[2008/04/13 19:09:55 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdmaori.dll
[2008/04/13 19:09:55 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdmlt47.dll
[2008/04/13 19:09:55 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdmlt48.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdmon.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdne.dll
[2008/04/13 19:09:55 | 000,007,168 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdnec.dll
[2008/04/13 19:09:55 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdnepr.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdno.dll
[2008/04/13 19:09:55 | 000,007,168 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdno1.dll
[2008/04/13 19:09:55 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdpash.dll
[2004/08/09 23:00:00 | 000,006,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdpl.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdpl1.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdpo.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdro.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdru.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdru1.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdsf.dll
[2004/08/09 23:00:00 | 000,006,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdsg.dll
[2004/08/09 23:00:00 | 000,006,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdsl.dll
[2004/08/09 23:00:00 | 000,006,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdsl1.dll
[2008/04/13 19:09:55 | 000,007,680 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdsmsfi.dll
[2008/04/13 19:09:55 | 000,007,680 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdsmsno.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdsp.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdsw.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdtat.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdtuf.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdtuq.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbduk.dll
[2008/04/13 19:09:55 | 000,007,168 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdukx.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdur.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdus.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdusl.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdusr.dll
[2004/08/09 23:00:00 | 000,006,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdusx.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbduzb.dll
[2004/08/09 23:00:00 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdycc.dll
[2004/08/09 23:00:00 | 000,006,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kbdycl.dll
[2008/04/13 13:31:35 | 000,007,424 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kd1394.dll
[2004/08/09 16:00:00 | 000,007,040 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kdcom.dll
[2004/08/09 16:00:00 | 000,010,496 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\mcdsrv32.dll
[2008/04/13 19:11:57 | 000,034,560 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\mnmdd.dll
[2004/08/09 16:00:00 | 000,010,112 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\modex.dll
[2008/04/13 13:30:46 | 000,061,440 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\msvcrt40.dll
[2008/04/13 19:12:01 | 001,737,856 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\mtxparhd.dll
[2006/05/09 10:50:00 | 003,955,200 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\nv4_disp.dll
[2008/04/13 19:13:22 | 000,092,424 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\rdpdd.dll
[2008/04/13 19:12:04 | 000,397,056 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\s3gnb.dll
[2009/08/26 03:00:21 | 000,247,326 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\strmdll.dll
[2008/04/13 19:13:21 | 000,012,168 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\tsddd.dll
[2004/08/09 16:00:00 | 000,009,344 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\vga.dll
[2004/08/09 16:00:00 | 000,051,456 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\vga256.dll
[2004/08/09 16:00:00 | 000,018,176 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\vga64k.dll
[2004/08/09 16:00:00 | 000,051,200 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wmerrenu.dll
[2008/04/13 19:12:10 | 000,303,616 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wmstream.dll
[2004/08/09 23:00:00 | 000,003,200 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wowfax.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/04/13 13:46:18 | 000,053,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\1394bus.sys
[2012/03/21 12:27:08 | 000,046,264 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\a9e045434411ae3.sys
[2008/04/13 13:36:35 | 000,187,776 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\acpi.sys
[2004/08/09 16:00:00 | 000,011,648 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\acpiec.sys
[2008/04/13 11:39:23 | 000,142,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\aec.sys
[2011/08/17 08:49:54 | 000,138,496 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\agp440.sys
[2008/04/13 13:36:39 | 000,044,928 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\agpcpq.sys
[2008/04/13 13:36:38 | 000,042,752 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\alim1541.sys
[2008/04/13 13:36:39 | 000,043,008 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\amdagp.sys
[2008/04/13 13:31:32 | 000,037,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\amdk6.sys
[2008/04/13 13:31:33 | 000,037,760 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\amdk7.sys
[2005/03/09 09:53:00 | 000,036,352 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\AmdK8.sys
[2005/08/02 18:19:14 | 000,022,784 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\aracpi.sys
[2005/08/02 18:19:14 | 000,019,200 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\arhidfltr.sys
[2005/08/02 18:19:16 | 000,005,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\arkbcfltr.sys
[2005/08/02 18:19:16 | 000,004,992 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\armoucfltr.sys
[2008/04/13 13:51:25 | 000,060,800 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\arp1394.sys
[2005/08/02 18:19:14 | 000,010,112 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\arpolicy.sys
[1999/09/10 13:06:00 | 000,025,244 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ASPI32.SYS
[2008/04/13 13:57:27 | 000,014,336 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\asyncmac.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:29:30 | 000,056,623 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ati1btxx.sys
[2004/08/03 22:29:30 | 000,011,615 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ati1mdxx.sys
[2004/08/03 22:29:30 | 000,012,047 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ati1pdxx.sys
[2004/08/03 22:29:32 | 000,030,671 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ati1raxx.sys
[2004/08/03 22:29:32 | 000,063,663 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ati1rvxx.sys
[2004/08/03 22:29:32 | 000,026,367 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ati1snxx.sys
[2004/08/03 22:29:32 | 000,021,343 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ati1ttxx.sys
[2004/08/03 22:29:32 | 000,036,463 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ati1tuxx.sys
[2004/08/03 22:29:32 | 000,029,455 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ati1xbxx.sys
[2004/08/03 22:29:32 | 000,034,735 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ati1xsxx.sys
[2004/08/03 22:29:28 | 000,327,040 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ati2mtaa.sys
[2004/08/03 22:29:28 | 000,701,440 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ati2mtag.sys
[2004/08/03 22:29:28 | 000,057,856 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atinbtxx.sys
[2004/08/03 22:29:30 | 000,013,824 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atinmdxx.sys
[2004/08/03 22:29:30 | 000,014,336 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atinpdxx.sys
[2004/08/03 22:29:30 | 000,052,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atinraxx.sys
[2004/08/03 22:29:32 | 000,104,960 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atinrvxx.sys
[2004/08/03 22:29:32 | 000,028,672 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atinsnxx.sys
[2004/08/03 22:29:32 | 000,013,824 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atinttxx.sys
[2004/08/03 22:29:32 | 000,073,216 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atintuxx.sys
[2004/08/03 22:29:32 | 000,031,744 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atinxbxx.sys
[2004/08/03 22:29:32 | 000,063,488 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atinxsxx.sys
[2008/04/13 13:51:25 | 000,059,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atmarpc.sys
[2004/08/09 16:00:00 | 000,031,360 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atmepvc.sys
[2008/04/13 13:51:30 | 000,055,808 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atmlane.sys
[2004/08/09 16:00:00 | 000,352,256 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atmuni.sys
[2001/08/17 00:59:44 | 000,003,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\audstub.sys
[2004/08/09 16:00:00 | 000,004,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\beep.sys
[2008/04/13 13:53:23 | 000,071,552 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bridge.sys
[2008/04/13 13:46:33 | 000,017,024 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bthenum.sys
[2008/04/13 13:46:33 | 000,037,888 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bthmodem.sys
[2008/04/13 13:51:34 | 000,101,120 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bthpan.sys
[2008/06/13 06:05:51 | 000,272,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bthport.sys
[2008/04/13 13:46:31 | 000,036,480 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bthprint.sys
[2008/04/13 13:46:29 | 000,018,944 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bthusb.sys
[2004/08/09 16:00:00 | 000,013,952 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\cbidf2k.sys
[2008/04/13 13:46:23 | 000,017,024 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ccdecode.sys
[2004/08/09 23:00:00 | 000,018,688 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\cdaudio.sys
[2008/04/13 14:14:21 | 000,063,744 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\cdfs.sys
[2008/04/13 13:40:46 | 000,062,976 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004/08/09 23:00:00 | 000,262,528 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\cinemst2.sys
[2008/04/13 14:16:22 | 000,049,536 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\classpnp.sys
[2004/08/09 23:00:00 | 000,011,776 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\cpqdap01.sys
[2008/04/13 13:31:32 | 000,036,736 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\crusoe.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 13:40:44 | 000,014,208 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\diskdump.sys
[2008/04/13 13:44:48 | 000,799,744 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\dmboot.sys
[2008/04/13 13:44:46 | 000,153,344 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\dmio.sys
[2004/08/09 16:00:00 | 000,005,888 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\dmload.sys
[2008/04/13 13:45:01 | 000,052,864 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\dmusic.sys
[2008/04/13 13:45:14 | 000,060,160 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\drmk.sys
[2008/04/13 13:45:13 | 000,002,944 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2004/08/09 16:00:00 | 000,010,496 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\dxapi.sys
[2008/04/13 13:38:29 | 000,071,168 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\dxg.sys
[2004/08/09 16:00:00 | 000,003,328 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\dxgthk.sys
[2001/08/17 00:46:40 | 000,006,400 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\enum1394.sys
[2008/04/13 14:14:29 | 000,143,744 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\fastfat.sys
[2008/04/13 13:40:25 | 000,027,392 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\fdc.sys
[2008/04/13 13:33:28 | 000,044,544 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\fips.sys
[2008/04/13 13:40:25 | 000,020,480 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\flpydisk.sys
[2008/04/13 13:32:59 | 000,129,792 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\fltmgr.sys
[2004/08/09 23:00:00 | 000,012,160 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\fsvga.sys
[2004/08/09 16:00:00 | 000,007,936 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\fs_rec.sys
[2004/08/09 16:00:00 | 000,125,056 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ftdisk.sys
[2008/04/13 13:36:40 | 000,046,464 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\gagp30kx.sys
[2009/05/18 14:17:00 | 000,026,600 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
[2006/04/13 11:47:38 | 000,168,064 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\hcwPP2.sys
[2008/04/13 11:36:05 | 000,144,384 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\hdaudbus.sys
[2005/01/07 19:07:16 | 000,145,920 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\Hdaudio.sys
[2008/04/13 13:46:30 | 000,025,600 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\hidbth.sys
[2008/04/13 13:45:26 | 000,036,864 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\hidclass.sys
[2008/04/13 13:45:26 | 000,019,200 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\hidir.sys
[2008/04/13 13:45:22 | 000,024,960 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\hidparse.sys
[2004/08/03 22:41:48 | 000,220,032 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
[2004/08/03 22:41:50 | 000,685,056 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\hsfcxts2.sys
[2004/08/03 22:41:56 | 001,041,536 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
[2005/12/06 06:20:50 | 000,241,664 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys
[2005/12/06 06:20:42 | 000,670,208 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys
[2005/12/06 06:20:40 | 000,936,448 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\HSX_DP.sys
[2009/10/20 11:20:16 | 000,265,728 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\http.sys
[2008/04/13 14:18:00 | 000,052,480 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2008/04/13 13:40:58 | 000,042,112 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\imapi.sys
[2008/04/13 13:40:29 | 000,005,504 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\intelide.sys
[2008/04/13 13:31:32 | 000,036,352 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\intelppm.sys
[2008/04/13 13:53:34 | 000,036,608 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ip6fw.sys
[2004/08/09 16:00:00 | 000,032,896 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ipfltdrv.sys
[2008/04/13 13:57:07 | 000,020,864 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ipinip.sys
[2008/04/13 13:57:15 | 000,152,832 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ipnat.sys
[2008/04/13 14:19:42 | 000,075,264 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2008/04/13 13:45:34 | 000,046,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\irbus.sys
[2008/04/13 13:54:28 | 000,011,264 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\irenum.sys
[2008/04/13 13:36:41 | 000,037,248 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008/04/13 13:39:47 | 000,024,576 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2008/04/13 13:45:09 | 000,172,416 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kmixer.sys
[2008/04/13 14:16:36 | 000,141,056 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ks.sys
[2009/06/24 06:18:41 | 000,092,928 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2004/08/09 16:00:00 | 000,007,680 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mcd.sys
[2005/10/05 10:57:08 | 000,012,544 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mdmxsdk.sys
[2008/04/13 13:36:41 | 000,063,744 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mf.sys
[2004/08/09 21:45:04 | 000,011,008 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mhndrv.sys
[2004/08/09 16:00:00 | 000,004,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mnmdd.sys
[2008/04/13 14:00:19 | 000,030,080 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\modem.sys
[2008/04/13 13:39:47 | 000,023,040 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mouclass.sys
[2008/04/13 13:39:46 | 000,042,368 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mountmgr.sys
[2008/04/13 13:39:44 | 000,092,544 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mqac.sys
[2008/04/13 13:32:44 | 000,180,608 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2011/07/15 08:29:31 | 000,456,320 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2008/04/13 13:32:39 | 000,019,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\msfs.sys
[2008/04/13 13:56:32 | 000,035,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\msgpc.sys
[2008/04/13 13:39:52 | 000,007,552 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mskssrv.sys
[2008/04/13 13:39:50 | 000,005,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mspclock.sys
[2008/04/13 13:39:51 | 000,004,992 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mspqm.sys
[2008/04/13 13:36:46 | 000,015,488 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mssmbios.sys
[2008/04/13 13:39:50 | 000,005,504 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mstee.sys
[2004/08/03 22:41:40 | 000,126,686 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mtlmnt5.sys
[2004/08/03 22:41:38 | 001,309,184 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mtlstrm.sys
[2004/08/03 22:29:38 | 000,452,736 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mtxparhm.sys
[2011/04/21 08:37:43 | 000,105,472 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mup.sys
[2008/04/13 13:43:55 | 000,012,672 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mutohpen.sys
[2008/04/13 13:46:25 | 000,085,248 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nabtsfec.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndis.sys
[2008/04/13 13:46:22 | 000,010,880 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndisip.sys
[2011/07/08 09:02:00 | 000,010,496 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndistapi.sys
[2008/04/13 13:55:58 | 000,014,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndisuio.sys
[2008/04/13 14:20:42 | 000,091,520 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndiswan.sys
[2010/11/02 10:17:02 | 000,040,960 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndproxy.sys
[2008/04/13 13:56:02 | 000,034,688 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\netbios.sys
[2008/04/13 14:21:00 | 000,162,816 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\netbt.sys
[2008/04/13 13:51:25 | 000,061,824 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nic1394.sys
[2004/08/09 23:00:00 | 000,012,032 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nikedrv.sys
[2008/04/13 13:53:09 | 000,040,320 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nmnt.sys
[2008/04/13 13:32:39 | 000,030,848 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\npfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 22:41:40 | 000,180,360 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ntmtlfax.sys
[2004/08/09 16:00:00 | 000,002,944 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\null.sys
[2006/05/09 10:50:00 | 003,535,680 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2006/03/03 10:31:02 | 000,034,176 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\NVENETFD.sys
[2006/03/03 10:31:04 | 000,013,056 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvnetbus.sys
[2006/03/03 10:30:46 | 000,305,024 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvnrm.sys
[2006/03/03 10:30:32 | 000,222,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvsnpu.sys
[2006/03/03 10:30:54 | 000,101,888 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvtcp.sys
[2004/08/09 16:00:00 | 000,012,416 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwlnkflt.sys
[2004/08/09 16:00:00 | 000,032,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
[2008/04/13 13:56:06 | 000,088,320 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwlnkipx.sys
[2004/08/09 16:00:00 | 000,063,232 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwlnknb.sys
[2004/08/09 16:00:00 | 000,055,936 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwlnkspx.sys
[2008/04/13 13:34:12 | 000,163,584 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwrdr.sys
[2008/04/13 13:46:18 | 000,061,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ohci1394.sys
[2004/08/09 16:00:00 | 000,003,456 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\oprghdlr.sys
[2008/04/13 13:31:31 | 000,042,752 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\p3.sys
[2008/04/13 13:40:10 | 000,080,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\parport.sys
[2008/04/13 13:40:49 | 000,019,712 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\partmgr.sys
[2004/08/09 16:00:00 | 000,006,784 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\parvdm.sys
[2008/04/13 13:36:44 | 000,068,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pci.sys
[2001/08/17 15:51:52 | 000,003,328 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pciide.sys
[2008/04/13 13:40:29 | 000,024,960 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pciidex.sys
[2008/04/13 13:36:43 | 000,120,192 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pcmcia.sys
[2010/07/09 19:27:19 | 000,047,360 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pcouffin.sys
[2008/04/13 14:19:41 | 000,146,048 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\portcls.sys
[2008/04/13 13:31:30 | 000,035,840 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\processr.sys
[2005/12/12 12:27:00 | 000,019,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\PS2.sys
[2008/04/13 13:56:38 | 000,069,120 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\psched.sys
[2004/08/09 16:00:00 | 000,017,792 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ptilink.sys
[2010/03/30 20:58:04 | 000,044,944 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pxhelp20.sys
[2004/08/09 16:00:00 | 000,008,832 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rasacd.sys
[2008/04/13 14:19:43 | 000,051,328 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rasl2tp.sys
[2008/04/13 13:57:32 | 000,041,472 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\raspppoe.sys
[2008/04/13 14:19:48 | 000,048,384 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\raspptp.sys
[2004/08/09 16:00:00 | 000,016,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\raspti.sys
[2004/08/09 16:00:00 | 000,034,432 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rawwan.sys
[2008/04/13 14:28:39 | 000,175,744 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rdbss.sys
[2004/08/09 16:00:00 | 000,004,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rdpcdd.sys
[2008/04/13 13:32:51 | 000,196,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rdpdr.sys
[2012/01/09 11:20:25 | 000,139,784 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2004/08/03 22:41:40 | 000,013,776 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\recagent.sys
[2008/04/13 13:40:27 | 000,057,600 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\redbook.sys
[2008/04/13 13:46:32 | 000,059,136 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rfcomm.sys
[2004/08/09 23:00:00 | 000,012,032 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rio8drv.sys
[2004/08/09 23:00:00 | 000,012,032 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\riodrv.sys
[2008/05/08 09:02:52 | 000,203,136 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rmcast.sys
[2008/04/13 13:56:49 | 000,030,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rndismp.sys
[2008/04/13 13:56:49 | 000,030,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rndismpx.sys
[2004/08/09 16:00:00 | 000,005,888 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rootmdm.sys
[2006/06/14 06:04:12 | 004,299,264 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\RtkHDAud.sys
[2004/08/03 09:31:34 | 000,020,992 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\RTL8139.sys
[2004/08/03 22:29:52 | 000,166,912 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\s3gnbm.sys
[2008/04/13 13:40:30 | 000,096,384 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\scsiport.sys
[2008/04/13 13:36:44 | 000,079,232 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sdbus.sys
[2007/11/13 05:25:53 | 000,020,480 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\secdrv.sys
[2008/04/13 13:40:12 | 000,015,744 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\serenum.sys
[2008/04/13 14:15:45 | 000,064,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\serial.sys
[2008/04/13 13:40:47 | 000,011,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sffdisk.sys
[2008/04/13 13:40:48 | 000,010,240 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sffp_mmc.sys
[2008/04/13 13:40:47 | 000,011,008 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sffp_sd.sys
[2008/04/13 13:40:48 | 000,011,392 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sfloppy.sys
[2008/04/13 13:36:39 | 000,040,960 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sisagp.sys
[2008/04/13 13:46:23 | 000,011,136 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\slip.sys
[2004/08/03 22:41:42 | 000,129,535 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\slnt7554.sys
[2004/08/03 22:41:44 | 000,404,990 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\slntamr.sys
[2004/08/03 22:41:46 | 000,095,424 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\slnthal.sys
[2004/08/03 22:41:46 | 000,013,240 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\slwdmsup.sys
[2008/04/13 13:36:34 | 000,005,888 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\smbali.sys
[2004/08/09 16:00:00 | 000,014,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\smclib.sys
[2008/04/13 13:46:07 | 000,025,344 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sonydcam.sys
[2008/04/13 13:45:07 | 000,006,272 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\splitter.sys
[2008/04/13 13:36:52 | 000,073,472 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sr.sys
[2011/02/17 08:18:03 | 000,357,888 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\srv.sys
[2008/04/13 13:45:15 | 000,049,408 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\stream.sys
[2008/04/13 13:46:21 | 000,015,232 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\streamip.sys
[2008/04/13 13:39:53 | 000,004,352 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\swenum.sys
[2008/04/13 13:45:09 | 000,056,576 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\swmidi.sys
[2008/04/13 14:15:55 | 000,060,800 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2008/04/13 13:40:50 | 000,014,976 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tape.sys
[2008/06/20 06:51:12 | 000,361,600 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2010/02/11 07:02:15 | 000,226,880 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2008/04/13 14:00:05 | 000,019,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tdi.sys
[2008/04/13 19:13:20 | 000,012,040 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tdpipe.sys
[2008/04/13 19:13:21 | 000,021,896 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2008/04/13 19:13:20 | 000,040,840 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\termdd.sys
[2004/08/09 23:00:00 | 000,051,712 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tosdvd.sys
[2004/08/09 23:00:00 | 000,021,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tsbvcap.sys
[2008/04/13 13:56:01 | 000,012,288 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tunmp.sys
[2008/04/13 13:36:40 | 000,044,672 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\uagp35.sys
[2008/04/13 13:32:36 | 000,066,048 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\udfs.sys
[2008/04/13 13:39:46 | 000,384,768 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\update.sys
[2008/04/13 13:56:49 | 000,012,800 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usb8023.sys
[2008/04/13 13:56:49 | 000,012,800 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usb8023x.sys
[2012/02/15 11:01:50 | 000,043,520 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbaapl.sys
[2008/04/13 13:45:40 | 000,025,600 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbcamd.sys
[2008/04/13 13:45:41 | 000,025,728 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbcamd2.sys
[2004/08/09 16:00:00 | 000,004,736 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbd.sys
[2008/04/13 13:45:35 | 000,030,208 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbehci.sys
[2008/04/13 13:45:37 | 000,059,520 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbhub.sys
[2008/04/13 13:45:43 | 000,015,872 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbintel.sys
[2006/05/10 17:27:00 | 000,028,848 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\USBkey.sys
[2008/04/13 13:45:35 | 000,017,152 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbohci.sys
[2008/04/13 13:45:36 | 000,143,872 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbport.sys
[2008/04/13 13:47:37 | 000,025,856 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbprint.sys
[2008/04/13 13:45:34 | 000,015,104 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbscan.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/13 13:45:35 | 000,020,608 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbuhci.sys
[2008/04/13 13:46:20 | 000,121,984 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbvideo.sys
[2004/08/09 23:00:00 | 000,058,112 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\vdmindvd.sys
[2008/04/13 13:44:40 | 000,020,992 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\vga.sys
[2008/04/13 13:36:40 | 000,042,240 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\viaagp.sys
[2008/04/13 13:40:31 | 000,005,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\viaide.sys
[2008/04/13 13:44:40 | 000,081,664 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\videoprt.sys
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2008/04/13 13:43:55 | 000,014,208 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wacompen.sys
[2004/08/03 22:29:40 | 000,011,807 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wadv07nt.sys
[2004/08/03 22:29:40 | 000,011,295 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wadv08nt.sys
[2004/08/03 22:29:42 | 000,011,871 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wadv09nt.sys
[2004/08/03 22:29:42 | 000,011,935 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wadv11nt.sys
[2008/04/13 13:57:21 | 000,034,560 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wanarp.sys
[2004/08/03 22:29:46 | 000,022,271 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\watv06nt.sys
[2004/08/03 22:29:46 | 000,025,471 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\watv10nt.sys
[2008/04/13 14:17:18 | 000,083,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2004/08/09 16:00:00 | 000,004,352 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wmilib.sys
[2004/08/09 16:00:00 | 000,012,032 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
[2008/04/13 13:46:24 | 000,019,200 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wstcodec.sys
[2006/09/28 18:55:50 | 000,077,568 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WudfPf.sys
[2006/09/28 19:00:34 | 000,082,944 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WudfRd.sys

< %systemroot%\System32\config\*.sav >
[2005/08/30 08:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/08/30 08:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/08/30 08:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/03/21 12:27:08 | 000,046,264 | ---- | M] () -- C:\WINDOWS\system32\drivers\a9e045434411ae3.sys
[2012/01/09 11:20:25 | 000,139,784 | ---- | M] () -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2012/02/15 11:01:50 | 000,043,520 | ---- | M] () -- C:\WINDOWS\system32\drivers\usbaapl.sys

< %SYSTEMDRIVE%\*.exe >
[2005/10/31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< MD5 for: ATAPI.SYS >
[2004/08/09 23:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/14 19:06:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/09 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/08/14 19:06:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/09 16:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2004/08/09 16:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/09 16:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/19 08:42:51 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/19 08:42:51 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/19 08:42:51 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/19 08:42:55 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/19 08:42:55 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/19 08:42:55 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/12/16 06:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/19 08:42:51 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/19 08:42:51 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/19 08:42:51 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/19 08:42:55 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/19 08:42:55 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/19 08:42:55 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/12/16 06:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\2.1.72.22__540d4816ead86321] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_2.1.72.22_x-ww_a742e49 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\2.1.72.22__540d4816ead86321] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_2.1.72.22_x-ww_c5eae641 -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C1F4198F

< End of report >


Extras

OTL Extras logfile created on: 3/23/2012 9:33:45 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.44 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 82.34% Memory free
5.27 Gb Paging File | 4.87 Gb Available in Paging File | 92.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.23 Gb Total Space | 107.08 Gb Free Space | 37.02% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.61 Gb Free Space | 6.86% Space Free | Partition Type: FAT32
Drive J: | 55.86 Gb Total Space | 23.78 Gb Free Space | 42.57% Space Free | Partition Type: FAT32
Drive K: | 931.28 Gb Total Space | 295.81 Gb Free Space | 31.76% Space Free | Partition Type: FAT32
Drive L: | 298.02 Gb Total Space | 128.48 Gb Free Space | 43.11% Space Free | Partition Type: FAT32

Computer Name: OFFICE | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1038680167-2875633903-2897363583-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"8424:TCP" = 8424:TCP:*:Enabled:Services
"8425:TCP" = 8425:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"8424:TCP" = 8424:TCP:*:Enabled:Services
"8425:TCP" = 8425:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1B17E0F9-8872-4F6D-8429-7CC9ECC27529}" = calibre
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4BF9EA-847E-44FB-A728-C456116E6CEF}" = InstantShareDevicesMFC
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{25F6C900-C138-4888-A56C-91D3D063023A}" = HP Update
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 29
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{452622B2-CFF1-4373-B773-141FC10A2AB6}" = hpicamDrvQFolder
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA057FD9-0CFC-47e4-8AB4-E0F7EC85631D}" = HP Photosmart Cameras 9.0
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD961214-93C9-44FE-9A38-BBE647E98AE9}" = CameraReadme
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DEF9CA03-7317-4a01-8111-06996235128E}" = CameraDrivers
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FB4740B3-2530-452D-A825-F7AB246CA7DF}" = muvee autoProducer 5.0
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"AwayMode160" = Microsoft Away Mode
"BitTorrent" = BitTorrent
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab 8 Qt_is1" = DVDFab 8.1.3.2 (31/10/2011) Qt
"eMule" = eMule
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"IrfanView" = IrfanView (remove only)
"LHTTSSPE" = L&H TTS3000 Español
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKVtoolnix" = MKVtoolnix 2.9.8
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"SC Audio Converter_is1" = SC Audio Converter 7.2.0.0
"Silent Package Run-Time Sample" = EPSON ESPR220 Reference Guide
"TurboTax 2008" = TurboTax 2008
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"UnityWebPlayer" = Unity Web Player
"VobSub" = VobSub v2.23 (Remove Only)
"WildTangent CDA" = WildTangent Web Driver
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD" = XviD MPEG-4 Codec
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1038680167-2875633903-2897363583-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/23/2012 10:12:07 AM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12547

Error - 3/23/2012 10:12:09 AM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/23/2012 10:12:09 AM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14500

Error - 3/23/2012 10:12:09 AM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14500

Error - 3/23/2012 10:12:11 AM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/23/2012 10:12:11 AM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16453

Error - 3/23/2012 10:12:11 AM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16453

Error - 3/23/2012 10:12:13 AM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/23/2012 10:12:13 AM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18406

Error - 3/23/2012 10:12:13 AM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18406

[ System Events ]
Error - 3/22/2012 10:44:01 PM | Computer Name = OFFICE | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 3/22/2012 10:44:02 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 3/22/2012 10:44:02 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7024
Description = The Media Center Extender Service service terminated with service-specific
error 2147500037 (0x80004005).

Error - 3/22/2012 10:44:54 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 3/22/2012 10:56:42 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The MBAMSwissArmy service failed to start due to the following error:
%%31

Error - 3/22/2012 10:57:20 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The MBAMSwissArmy service failed to start due to the following error:
%%31

Error - 3/22/2012 11:38:30 PM | Computer Name = OFFICE | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 3/22/2012 11:38:31 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 3/22/2012 11:38:31 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7024
Description = The Media Center Extender Service service terminated with service-specific
error 2147500037 (0x80004005).

Error - 3/22/2012 11:39:29 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2


< End of report >



4. An update on how your computer is currently running.

Computer seems to be running fine, no issues so far today.
UPDATE, I've lost my sound drivers again. Previously I could get them back by restarting, didn't work this time.

Edited by woodman77382, 23 March 2012 - 05:44 PM.


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:28 PM

Posted 24 March 2012 - 07:53 AM

Hi woodman77382!

Not a problem! I'm glad to be of assistance!

Also I had a Google re-direct a couple days ago which I fixed with TDSKiller. May or may not be related to this issue.

Thanks for that information.

Questions:

Can you look in your C:\ drive and see if a TDSSKiller log file is located there, if so, please provide me with the contents of that log file in your next reply.

Did you open these ports?

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"8424:TCP" = 8424:TCP:*:Enabled:Services
"8425:TCP" = 8425:TCP:*:Enabled:Services


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"8424:TCP" = 8424:TCP:*:Enabled:Services
"8425:TCP" = 8425:TCP:*:Enabled:Services


OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\nbvtiwwbduyfqrju.sys -- (nbvtiwwbduyfqrju)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys -- (mbr)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
    IE - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
    O3 - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [combofix] C:\lexplorer\CF21582.cfxxe /c C:\lexplorer\Combobatch.bat File not found
    O4 - HKLM..\Run: [Hferekanugazi] rundll32.exe "C:\WINDOWS\eyixasuxomodoruv.dll",Startup File not found
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKU\S-1-5-21-1038680167-2875633903-2897363583-1007..\Run: [7z8qaj0txd] C:\Documents and Settings\HP_Administrator\7z8qaj0txd.exe ()
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2012/03/21 12:27:08 | 000,046,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\a9e045434411ae3.sys
    [2012/03/20 14:18:58 | 000,020,424 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\7z8qaj0txd.exe
    [2012/03/21 12:27:08 | 000,046,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\a9e045434411ae3.sys
    [2012/03/20 14:19:32 | 000,020,424 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\7z8qaj0txd.exe
    [2011/08/13 15:05:25 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\inst.exe
    [2011/05/08 10:56:26 | 000,006,548 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\h4ax20e50joalc518bqq507fr2q73w5r646pt4q8ck
    [2011/05/08 10:56:26 | 000,006,548 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h4ax20e50joalc518bqq507fr2q73w5r646pt4q8ck
    [2010/11/28 14:40:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Smovuyevi.dat
    [2010/11/28 14:40:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hzakaco.bin
    
    :Reg
    
    :Files
    type "C:\ComboFix.txt" /c
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log (if it can be located in your C:\ drive)
3. OTL Fix log.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 woodman77382

woodman77382
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 24 March 2012 - 02:25 PM

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.

No I don't recall specifically opening the ports you mentioned above.

2. TDSSKiller log (if it can be located in your C:\ drive)

12:43:09.0156 3052 TDSS rootkit removing tool 2.7.21.0 Mar 21 2012 09:06:51
12:43:09.0609 3052 ============================================================
12:43:09.0609 3052 Current date / time: 2012/03/21 12:43:09.0609
12:43:09.0609 3052 SystemInfo:
12:43:09.0609 3052
12:43:09.0609 3052 OS Version: 5.1.2600 ServicePack: 3.0
12:43:09.0609 3052 Product type: Workstation
12:43:09.0609 3052 ComputerName: OFFICE
12:43:09.0609 3052 UserName: HP_Administrator
12:43:09.0609 3052 Windows directory: C:\WINDOWS
12:43:09.0609 3052 System windows directory: C:\WINDOWS
12:43:09.0609 3052 Processor architecture: Intel x86
12:43:09.0609 3052 Number of processors: 2
12:43:09.0609 3052 Page size: 0x1000
12:43:09.0609 3052 Boot type: Normal boot
12:43:09.0609 3052 ============================================================
12:43:12.0718 3052 !crdlk
12:43:12.0718 3052 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'A'
12:43:12.0734 3052 Drive \Device\Harddisk1\DR3 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:43:12.0734 3052 Drive \Device\Harddisk2\DR4 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:43:12.0734 3052 Drive \Device\Harddisk3\DR5 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:43:13.0203 3052 \Device\Harddisk0\DR0:
12:43:13.0203 3052 MBR used
12:43:13.0203 3052 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x24278211
12:43:13.0203 3052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x2427BD60, BlocksNum 0x11B15B0
12:43:13.0203 3052 \Device\Harddisk1\DR3:
12:43:13.0203 3052 MBR used
12:43:13.0203 3052 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x6FBFEBF
12:43:13.0203 3052 \Device\Harddisk2\DR4:
12:43:13.0203 3052 MBR used
12:43:13.0203 3052 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x2542D682
12:43:13.0203 3052 \Device\Harddisk3\DR5:
12:43:13.0203 3052 MBR used
12:43:13.0203 3052 \Device\Harddisk3\DR5\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
12:43:13.0250 3052 Initialize success
12:43:13.0250 3052 ============================================================
12:43:18.0062 3108 ============================================================
12:43:18.0062 3108 Scan started
12:43:18.0062 3108 Mode: Manual;
12:43:18.0062 3108 ============================================================
12:43:18.0375 3108 Suspicious service (NoAccess): a9e045434411ae3
12:43:18.0546 3108 a9e045434411ae3 (8c55911cde8dd5c45e6be123f6ceaca1) C:\WINDOWS\System32\Drivers\a9e045434411ae3.sys
12:43:18.0546 3108 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\a9e045434411ae3.sys. md5: 8c55911cde8dd5c45e6be123f6ceaca1
12:43:18.0578 3108 a9e045434411ae3 ( LockedService.Multi.Generic ) - warning
12:43:18.0578 3108 a9e045434411ae3 - detected LockedService.Multi.Generic (1)
12:43:18.0609 3108 Abiosdsk - ok
12:43:18.0656 3108 abp480n5 - ok
12:43:18.0812 3108 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:43:18.0812 3108 ACPI - ok
12:43:18.0859 3108 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:43:18.0859 3108 ACPIEC - ok
12:43:18.0906 3108 adpu160m - ok
12:43:18.0984 3108 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:43:18.0984 3108 aec - ok
12:43:19.0187 3108 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:43:19.0187 3108 AFD - ok
12:43:19.0218 3108 Aha154x - ok
12:43:19.0250 3108 aic78u2 - ok
12:43:19.0281 3108 aic78xx - ok
12:43:19.0343 3108 AliIde - ok
12:43:19.0390 3108 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:43:19.0390 3108 AmdK8 - ok
12:43:19.0484 3108 amsint - ok
12:43:19.0625 3108 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
12:43:19.0625 3108 aracpi - ok
12:43:19.0687 3108 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
12:43:19.0687 3108 arhidfltr - ok
12:43:19.0750 3108 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
12:43:19.0750 3108 arkbcfltr - ok
12:43:19.0781 3108 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
12:43:19.0781 3108 armoucfltr - ok
12:43:19.0921 3108 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:43:19.0937 3108 Arp1394 - ok
12:43:20.0031 3108 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
12:43:20.0031 3108 ARPolicy - ok
12:43:20.0125 3108 asc - ok
12:43:20.0187 3108 asc3350p - ok
12:43:20.0218 3108 asc3550 - ok
12:43:20.0375 3108 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
12:43:20.0375 3108 ASPI32 - ok
12:43:20.0437 3108 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:43:20.0437 3108 AsyncMac - ok
12:43:20.0515 3108 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:43:20.0515 3108 atapi - ok
12:43:20.0546 3108 Atdisk - ok
12:43:20.0593 3108 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:43:20.0593 3108 Atmarpc - ok
12:43:20.0750 3108 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:43:20.0750 3108 audstub - ok
12:43:20.0875 3108 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:43:20.0875 3108 Beep - ok
12:43:21.0000 3108 catchme - ok
12:43:21.0093 3108 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:43:21.0093 3108 cbidf2k - ok
12:43:21.0156 3108 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:43:21.0156 3108 CCDECODE - ok
12:43:21.0171 3108 cd20xrnt - ok
12:43:21.0265 3108 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:43:21.0265 3108 Cdaudio - ok
12:43:21.0375 3108 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:43:21.0375 3108 Cdfs - ok
12:43:21.0531 3108 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:43:21.0531 3108 Cdrom - ok
12:43:21.0546 3108 Changer - ok
12:43:21.0687 3108 CmdIde - ok
12:43:21.0765 3108 Cpqarray - ok
12:43:21.0796 3108 dac2w2k - ok
12:43:21.0828 3108 dac960nt - ok
12:43:22.0140 3108 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:43:22.0140 3108 Disk - ok
12:43:22.0234 3108 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:43:22.0250 3108 dmboot - ok
12:43:22.0296 3108 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:43:22.0296 3108 dmio - ok
12:43:22.0328 3108 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:43:22.0328 3108 dmload - ok
12:43:22.0515 3108 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:43:22.0515 3108 DMusic - ok
12:43:22.0734 3108 dpti2o - ok
12:43:22.0796 3108 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:43:22.0796 3108 drmkaud - ok
12:43:23.0140 3108 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:43:23.0140 3108 Fastfat - ok
12:43:23.0328 3108 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:43:23.0328 3108 Fdc - ok
12:43:23.0484 3108 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:43:23.0484 3108 Fips - ok
12:43:23.0640 3108 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:43:23.0640 3108 Flpydisk - ok
12:43:23.0703 3108 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:43:23.0718 3108 FltMgr - ok
12:43:23.0921 3108 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:43:23.0921 3108 Fs_Rec - ok
12:43:23.0953 3108 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:43:23.0953 3108 Ftdisk - ok
12:43:24.0015 3108 ftsata2 - ok
12:43:24.0093 3108 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
12:43:24.0093 3108 GEARAspiWDM - ok
12:43:24.0328 3108 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:43:24.0328 3108 Gpc - ok
12:43:24.0406 3108 hcwPP2 (55e4da7c8cbba1f2d71720fca7a5c086) C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
12:43:24.0406 3108 hcwPP2 - ok
12:43:24.0515 3108 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:43:24.0515 3108 HDAudBus - ok
12:43:24.0640 3108 hpn - ok
12:43:24.0765 3108 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
12:43:24.0781 3108 HSXHWBS2 - ok
12:43:24.0906 3108 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
12:43:24.0921 3108 HSX_DP - ok
12:43:25.0125 3108 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:43:25.0125 3108 HTTP - ok
12:43:25.0312 3108 i2omgmt - ok
12:43:25.0343 3108 i2omp - ok
12:43:25.0500 3108 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:43:25.0500 3108 i8042prt - ok
12:43:25.0718 3108 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:43:25.0718 3108 Imapi - ok
12:43:25.0859 3108 ini910u - ok
12:43:26.0156 3108 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:43:26.0218 3108 IntcAzAudAddService - ok
12:43:26.0328 3108 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:43:26.0343 3108 IntelIde - ok
12:43:26.0390 3108 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:43:26.0390 3108 intelppm - ok
12:43:26.0562 3108 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:43:26.0562 3108 Ip6Fw - ok
12:43:26.0687 3108 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:43:26.0687 3108 IpFilterDriver - ok
12:43:26.0750 3108 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:43:26.0750 3108 IpInIp - ok
12:43:26.0875 3108 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:43:26.0875 3108 IpNat - ok
12:43:27.0109 3108 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:43:27.0109 3108 IPSec - ok
12:43:27.0156 3108 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:43:27.0156 3108 IRENUM - ok
12:43:27.0296 3108 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:43:27.0296 3108 isapnp - ok
12:43:27.0515 3108 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:43:27.0515 3108 Kbdclass - ok
12:43:27.0578 3108 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:43:27.0578 3108 kmixer - ok
12:43:27.0640 3108 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:43:27.0656 3108 KSecDD - ok
12:43:27.0828 3108 lbrtfdc - ok
12:43:28.0093 3108 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:43:28.0093 3108 mdmxsdk - ok
12:43:28.0218 3108 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:43:28.0218 3108 MHNDRV - ok
12:43:28.0265 3108 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:43:28.0265 3108 mnmdd - ok
12:43:28.0406 3108 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:43:28.0406 3108 Modem - ok
12:43:28.0500 3108 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:43:28.0500 3108 Mouclass - ok
12:43:28.0640 3108 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:43:28.0640 3108 MountMgr - ok
12:43:28.0687 3108 mraid35x - ok
12:43:28.0843 3108 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:43:28.0843 3108 MRxDAV - ok
12:43:29.0031 3108 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:43:29.0031 3108 MRxSmb - ok
12:43:29.0234 3108 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:43:29.0234 3108 Msfs - ok
12:43:29.0343 3108 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:43:29.0343 3108 MSKSSRV - ok
12:43:29.0453 3108 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:43:29.0453 3108 MSPCLOCK - ok
12:43:29.0640 3108 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:43:29.0640 3108 MSPQM - ok
12:43:29.0750 3108 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:43:29.0750 3108 mssmbios - ok
12:43:29.0796 3108 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:43:29.0796 3108 MSTEE - ok
12:43:29.0968 3108 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:43:29.0968 3108 Mup - ok
12:43:30.0015 3108 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:43:30.0015 3108 NABTSFEC - ok
12:43:30.0125 3108 nbvtiwwbduyfqrju - ok
12:43:30.0203 3108 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:43:30.0203 3108 NDIS - ok
12:43:30.0281 3108 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:43:30.0281 3108 NdisIP - ok
12:43:30.0375 3108 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:43:30.0375 3108 NdisTapi - ok
12:43:30.0453 3108 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:43:30.0468 3108 Ndisuio - ok
12:43:30.0484 3108 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:43:30.0500 3108 NdisWan - ok
12:43:30.0625 3108 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:43:30.0625 3108 NDProxy - ok
12:43:30.0703 3108 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:43:30.0703 3108 NetBIOS - ok
12:43:30.0843 3108 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:43:30.0843 3108 NetBT - ok
12:43:31.0156 3108 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:43:31.0156 3108 NIC1394 - ok
12:43:31.0296 3108 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:43:31.0296 3108 Npfs - ok
12:43:31.0390 3108 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:43:31.0406 3108 Ntfs - ok
12:43:31.0562 3108 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:43:31.0562 3108 Null - ok
12:43:31.0750 3108 nv (642a87877f83313eb5302749cd479024) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:43:31.0796 3108 nv - ok
12:43:31.0937 3108 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
12:43:31.0937 3108 NVENETFD - ok
12:43:31.0984 3108 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
12:43:31.0984 3108 nvnetbus - ok
12:43:32.0093 3108 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:43:32.0093 3108 NwlnkFlt - ok
12:43:32.0156 3108 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:43:32.0156 3108 NwlnkFwd - ok
12:43:32.0234 3108 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:43:32.0234 3108 ohci1394 - ok
12:43:32.0437 3108 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:43:32.0437 3108 Parport - ok
12:43:32.0484 3108 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:43:32.0484 3108 PartMgr - ok
12:43:32.0609 3108 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:43:32.0609 3108 ParVdm - ok
12:43:32.0703 3108 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:43:32.0703 3108 PCI - ok
12:43:32.0812 3108 PCIDump - ok
12:43:32.0890 3108 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:43:32.0890 3108 PCIIde - ok
12:43:32.0968 3108 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:43:32.0968 3108 Pcmcia - ok
12:43:33.0156 3108 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
12:43:33.0171 3108 pcouffin - ok
12:43:33.0203 3108 PDCOMP - ok
12:43:33.0250 3108 PDFRAME - ok
12:43:33.0343 3108 PDRELI - ok
12:43:33.0390 3108 PDRFRAME - ok
12:43:33.0453 3108 perc2 - ok
12:43:33.0500 3108 perc2hib - ok
12:43:33.0687 3108 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:43:33.0687 3108 PptpMiniport - ok
12:43:33.0859 3108 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:43:33.0859 3108 Processor - ok
12:43:34.0062 3108 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
12:43:34.0062 3108 Ps2 - ok
12:43:34.0218 3108 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:43:34.0218 3108 PSched - ok
12:43:34.0296 3108 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:43:34.0312 3108 Ptilink - ok
12:43:34.0453 3108 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:43:34.0453 3108 PxHelp20 - ok
12:43:34.0531 3108 ql1080 - ok
12:43:34.0578 3108 Ql10wnt - ok
12:43:34.0656 3108 ql12160 - ok
12:43:34.0734 3108 ql1240 - ok
12:43:34.0781 3108 ql1280 - ok
12:43:34.0843 3108 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:43:34.0843 3108 RasAcd - ok
12:43:34.0953 3108 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:43:34.0953 3108 Rasl2tp - ok
12:43:35.0140 3108 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:43:35.0140 3108 RasPppoe - ok
12:43:35.0359 3108 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:43:35.0359 3108 Raspti - ok
12:43:35.0453 3108 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:43:35.0453 3108 Rdbss - ok
12:43:35.0546 3108 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:43:35.0546 3108 RDPCDD - ok
12:43:35.0687 3108 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:43:35.0687 3108 rdpdr - ok
12:43:35.0812 3108 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:43:35.0812 3108 RDPWD - ok
12:43:36.0031 3108 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:43:36.0031 3108 redbook - ok
12:43:36.0296 3108 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
12:43:36.0296 3108 rtl8139 - ok
12:43:36.0515 3108 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:43:36.0515 3108 SASDIFSV - ok
12:43:36.0640 3108 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
12:43:36.0640 3108 SASENUM - ok
12:43:36.0687 3108 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
12:43:36.0687 3108 SASKUTIL - ok
12:43:36.0937 3108 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:43:36.0937 3108 Secdrv - ok
12:43:37.0140 3108 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
12:43:37.0140 3108 Serial - ok
12:43:37.0296 3108 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:43:37.0312 3108 Sfloppy - ok
12:43:37.0437 3108 Simbad - ok
12:43:37.0546 3108 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:43:37.0546 3108 SLIP - ok
12:43:37.0609 3108 Sparrow - ok
12:43:37.0671 3108 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:43:37.0671 3108 splitter - ok
12:43:37.0734 3108 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:43:37.0734 3108 sr - ok
12:43:37.0968 3108 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:43:37.0968 3108 Srv - ok
12:43:38.0218 3108 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:43:38.0218 3108 streamip - ok
12:43:38.0390 3108 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:43:38.0390 3108 swenum - ok
12:43:38.0484 3108 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:43:38.0484 3108 swmidi - ok
12:43:38.0593 3108 symc810 - ok
12:43:38.0656 3108 symc8xx - ok
12:43:38.0687 3108 sym_hi - ok
12:43:38.0718 3108 sym_u3 - ok
12:43:38.0765 3108 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:43:38.0765 3108 sysaudio - ok
12:43:38.0937 3108 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:43:38.0937 3108 Tcpip - ok
12:43:39.0078 3108 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:43:39.0078 3108 TDPIPE - ok
12:43:39.0125 3108 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:43:39.0125 3108 TDTCP - ok
12:43:39.0187 3108 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:43:39.0187 3108 TermDD - ok
12:43:39.0406 3108 TosIde - ok
12:43:39.0593 3108 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:43:39.0593 3108 Udfs - ok
12:43:39.0656 3108 ultra - ok
12:43:39.0765 3108 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:43:39.0765 3108 Update - ok
12:43:39.0984 3108 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:43:39.0984 3108 USBAAPL - ok
12:43:40.0125 3108 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:43:40.0125 3108 usbehci - ok
12:43:40.0187 3108 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:43:40.0187 3108 usbhub - ok
12:43:40.0250 3108 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:43:40.0250 3108 usbohci - ok
12:43:40.0296 3108 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:43:40.0296 3108 usbprint - ok
12:43:40.0359 3108 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:43:40.0359 3108 usbscan - ok
12:43:40.0468 3108 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:43:40.0468 3108 usbstor - ok
12:43:40.0578 3108 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:43:40.0578 3108 usbuhci - ok
12:43:40.0687 3108 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:43:40.0687 3108 VgaSave - ok
12:43:40.0765 3108 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:43:40.0765 3108 ViaIde - ok
12:43:40.0859 3108 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:43:40.0859 3108 VolSnap - ok
12:43:41.0031 3108 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:43:41.0031 3108 Wanarp - ok
12:43:41.0109 3108 WDICA - ok
12:43:41.0171 3108 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:43:41.0171 3108 wdmaud - ok
12:43:41.0390 3108 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
12:43:41.0406 3108 winachsx - ok
12:43:41.0750 3108 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:43:41.0750 3108 WSTCODEC - ok
12:43:42.0000 3108 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:43:42.0000 3108 WudfPf - ok
12:43:42.0046 3108 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:43:42.0046 3108 WudfRd - ok
12:43:42.0218 3108 MBR (0x1B8) (ed18b096bc416bfb306882a7c2eba877) \Device\Harddisk0\DR0
12:43:42.0250 3108 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
12:43:42.0250 3108 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
12:43:42.0250 3108 MBR (0x1B8) (0cf8af38bcedb0bc19a1c4485c4c9e66) \Device\Harddisk1\DR3
12:43:42.0656 3108 \Device\Harddisk1\DR3 ( Backdoor.Win32.Sinowal.knf ) - infected
12:43:42.0656 3108 \Device\Harddisk1\DR3 - detected Backdoor.Win32.Sinowal.knf (0)
12:43:42.0656 3108 MBR (0x1B8) (8464d19686910a2e5d0e5c28c70a95ab) \Device\Harddisk2\DR4
12:43:42.0671 3108 \Device\Harddisk2\DR4 - ok
12:43:43.0140 3108 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk3\DR5
12:43:43.0156 3108 \Device\Harddisk3\DR5 - ok
12:43:43.0156 3108 Boot (0x1200) (24155a6b8d7e76c2a2648ec0a675b700) \Device\Harddisk0\DR0\Partition0
12:43:43.0156 3108 \Device\Harddisk0\DR0\Partition0 - ok
12:43:43.0187 3108 Boot (0x1200) (f1c87b4c95dc1b10f95fd2aa04a332f1) \Device\Harddisk0\DR0\Partition1
12:43:43.0187 3108 \Device\Harddisk0\DR0\Partition1 - ok
12:43:43.0203 3108 Boot (0x1200) (02836429d6516a617e2c11e1620390af) \Device\Harddisk1\DR3\Partition0
12:43:43.0203 3108 \Device\Harddisk1\DR3\Partition0 - ok
12:43:43.0203 3108 Boot (0x1200) (735da7584a7071fa306261af5a961c38) \Device\Harddisk2\DR4\Partition0
12:43:43.0218 3108 \Device\Harddisk2\DR4\Partition0 - ok
12:43:43.0218 3108 Boot (0x1200) (0fbd3cda711f7fef956bee0f115141a3) \Device\Harddisk3\DR5\Partition0
12:43:43.0250 3108 \Device\Harddisk3\DR5\Partition0 - ok
12:43:43.0250 3108 ============================================================
12:43:43.0250 3108 Scan finished
12:43:43.0250 3108 ============================================================
12:43:43.0265 3100 Detected object count: 3
12:43:43.0265 3100 Actual detected object count: 3
12:43:58.0187 3100 a9e045434411ae3 ( LockedService.Multi.Generic ) - skipped by user
12:43:58.0187 3100 a9e045434411ae3 ( LockedService.Multi.Generic ) - User select action: Skip
12:43:58.0234 3100 \Device\Harddisk0\DR0\# - copied to quarantine
12:43:58.0234 3100 \Device\Harddisk0\DR0 - copied to quarantine
12:43:58.0234 3100 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
12:43:58.0265 3100 \Device\Harddisk0\DR0 - ok
12:43:58.0265 3100 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
12:44:12.0203 3100 \Device\Harddisk1\DR3\# - copied to quarantine
12:44:12.0203 3100 \Device\Harddisk1\DR3 - copied to quarantine
12:44:12.0578 3100 \Device\Harddisk1\DR3 ( Backdoor.Win32.Sinowal.knf ) - cured
12:44:12.0593 3100 \Device\Harddisk1\DR3 - ok
12:44:12.0593 3100 \Device\Harddisk1\DR3 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
12:44:14.0453 3048 Deinitialize success


3. OTL Fix log.

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Error: No service named nbvtiwwbduyfqrju was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nbvtiwwbduyfqrju deleted successfully.
File C:\WINDOWS\system32\drivers\nbvtiwwbduyfqrju.sys not found.
Error: No service named mbr was found to stop!
Service\Driver key mbr not found.
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1038680167-2875633903-2897363583-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 removed from extensions.enabledItems
Registry value HKEY_USERS\S-1-5-21-1038680167-2875633903-2897363583-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-1038680167-2875633903-2897363583-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\combofix deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Hferekanugazi deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry value HKEY_USERS\S-1-5-21-1038680167-2875633903-2897363583-1007\Software\Microsoft\Windows\CurrentVersion\Run\\7z8qaj0txd deleted successfully.
File move failed. C:\Documents and Settings\HP_Administrator\7z8qaj0txd.exe scheduled to be moved on reboot.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
C:\WINDOWS\Downloaded Program Files\popcaploader.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File move failed. C:\WINDOWS\system32\drivers\a9e045434411ae3.sys scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\HP_Administrator\7z8qaj0txd.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\a9e045434411ae3.sys scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\HP_Administrator\7z8qaj0txd.exe scheduled to be moved on reboot.
C:\Documents and Settings\HP_Administrator\Application Data\inst.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\h4ax20e50joalc518bqq507fr2q73w5r646pt4q8ck moved successfully.
C:\Documents and Settings\All Users\Application Data\h4ax20e50joalc518bqq507fr2q73w5r646pt4q8ck moved successfully.
C:\WINDOWS\Smovuyevi.dat moved successfully.
C:\WINDOWS\Hzakaco.bin moved successfully.
========== REGISTRY ==========
========== FILES ==========
< type "C:\ComboFix.txt" /c >
ComboFix 11-05-09.04 - HP_Administrator 05/11/2011 19:36:04.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3518.3120 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\combofix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-04-12 to 2011-05-12 )))))))))))))))))))))))))))))))
.
.
2011-05-08 19:12 . 2011-05-08 19:12 -------- d-----w- c:\program files\ERUNT
2011-05-08 18:56 . 2011-05-08 18:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-05-08 16:00 . 2011-05-08 16:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-04-23 00:37 . 2011-04-23 00:37 -------- d-----w- c:\program files\iPod
2011-04-23 00:37 . 2011-04-23 00:38 -------- d-----w- c:\program files\iTunes
2011-04-23 00:34 . 2011-04-23 00:34 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33 . 2004-08-09 21:00 692736 ------w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2004-08-09 21:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-09 21:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-18 21:36 . 2010-04-04 15:07 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 21:36 . 2010-04-04 15:07 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 19:00 . 2004-08-09 21:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00 . 2004-08-09 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 19:00 . 2004-08-09 21:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00 . 2004-08-09 21:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2004-08-09 21:00 455936 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-09 21:00 357888 ------w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-17 00:29 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2004-08-09 21:00 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56 . 2004-08-09 21:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2006-08-18 13:21 229888 ----a-w- c:\windows\system32\fxscover.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-05 2424192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-18 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-18 27136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"8424:TCP"= 8424:TCP:Services
"8425:TCP"= 8425:TCP:Services
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [8/18/2008 5:44 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/18/2008 5:44 PM 67656]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/18/2008 5:44 PM 12872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mWindow Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
uInternet Settings,ProxyOverride = <local>;*.local
Trusted Zone: turbotax.com
DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} - hxxp://l.yimg.com/jh/games/web_games/playtime/mysterysolitaire/SpinTopGamesLauncher.cab
DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} - hxxp://l.yimg.com/jh/games/web_games/sony/bewitched/main.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\two8lgn6.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\HP_Administrator\Application Data\Move Networks
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-11 19:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components]
@Denied: (Full) (Everyone)
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"DontAsk"=dword:00000002
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"="c:\\WINDOWS\\system32\\ieudinit.exe"
"Version"="7,0,5730,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"DontAsk"=dword:00000002
"Version"="11,0,5721,5145"
"IsInstalled"=dword:00000000
"Stubpath"="c:\\WINDOWS\\inf\\unregmp2.exe /ShowWMP"
@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"ComponentID"="IEACCESS"
"Dontask"=dword:00000002
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"="c:\\WINDOWS\\system32\\ie4uinit.exe -UserIconConfig"
"Version"="6,0,5730,13"
"LocalizedName"="@c:\\WINDOWS\\system32\\ie4uinit.exe,-21"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"IsInstalled"=dword:00000001
"Locale"="*"
"LocalizedName"="@c:\\WINDOWS\\system32\\iedkcs32.dll,-3052"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
"Version"="6,0,5730,13"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"Dontask"=dword:00000002
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"=expand:"%systemroot%\\system32\\shmgrate.exe OCInstallUserConfigOE"
"Version"="2,0,0,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\KB910393]
@="KB910393"
"ComponentID"="KB910393"
"DontAsk"=dword:00000002
"Locale"="*"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\EasyCDBlock.inf,PerUserInstall"
"IsInstalled"=dword:00000001
"Version"="1,0,0,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Java (Sun)"
"ComponentID"="JAVAVM"
"IsInstalled"=dword:00000001
"KeyFileName"="c:\\Program Files\\Java\\jre6\\bin\\regutils.dll"
"Version"="5,0,5000,0"
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
@="Vector Graphics Rendering (VML)"
"ComponentID"="MSVML"
"Version"="6,0,2462,0001"
"IsInstalled"=hex:01,00,00,00
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{1BC46932-21B2-4130-86E0-B4EB4F7A7A7B}]
@="Microsoft .NET Framework 1.0 Hotfix (KB887998)"
"IsInstalled"=dword:00000001
"ComponentID"="NDPKB887998"
"Version"="1,0,3705"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
@=""
"ComponentID"="NetShow"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Locale"="EN"
"StubPath"=""
"Version"="11,0,5721,5145"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"ComponentID"="Microsoft Windows Media Player"
"DontAsk"=dword:00000002
"Locale"="ENU"
"StubPath"=""
"IsInstalled"=dword:00000001
@="Microsoft Windows Media Player 6.4"
"Version"="11,0,5721,5145"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
"ComponentID"="Director"
"IsInstalled"=hex:01,00,00,00
"Version"="10,4,0,25"
"Locale"="EN"
@="Adobe Shockwave Director 10.4"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
@="DirectAnimation"
"IsInstalled"=dword:00000001
"Version"="6,0,3,531"
"Locale"="EN"
"ComponentID"="DirectAnimation"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6}]
@="Microsoft .NET Framework 1.0 Hotfix (KB979904)"
"IsInstalled"=dword:00000001
"ComponentID"="NDPKB979904"
"Version"="1,0,3705"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
"IsInstalled"=hex:01,00,00,00
"Version"="10,4,0,25"
"Locale"="EN"
@="Adobe Shockwave Director 10.4"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2A3320D6-C805-4280-B423-B665BDE33D8F}]
"ComponentID"="M979906"
@="Microsoft .NET Framework 1.1 Security Update (KB979906)"
"Version"="1,1,4322"
"Locale"="*"
"IsInstalled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"Version"="1,1,1,7"
@="Themes Setup"
"ComponentID"="Theme Component"
"IsInstalled"=dword:00000001
"Locale"="EN"
"StubPath"=expand:"%SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}]
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="1,1,4322"
"ComponentID"="M2416447"
@="Microsoft .NET Framework 1.1 Security Update (KB2416447)"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
@="Dynamic HTML Data Binding for Java"
"ComponentID"="TridataJava"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,7,0,0320"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"Version"="7,0,5730,13"
@="Offline Browsing Pack"
"ComponentID"="MobilePk"
"IsInstalled"=dword:00000001
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
@="Uniscribe"
"ComponentID"="USP10"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="1,397,2406,1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]
@SACL=
@="Media Center"
"ComponentID"="Media Center Shortcut"
"IsInstalled"=dword:00000001
"StubPath"=expand:"%SystemRoot%\\System32\\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\\inf\\mcdftreg.inf"
"Version"="1,0,0,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="1,1,4322"
"ComponentID"="S867460"
@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
@="Advanced Authoring"
"ComponentID"="AdvAuth"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,0,2900,2180"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"Version"="6,0,2900,5512"
@="Microsoft Outlook Express 6"
"IsInstalled"=dword:00000001
"Locale"="EN"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"IsInstalled"=hex:01,00,00,00
"Version"="4,4,0,3400"
"Locale"="EN"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msnetmtg.inf,NetMtg.Install.PerUser.NT"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
@="DirectShow"
"ComponentID"="activemovie"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Locale"="EN"
"Version"="11,0,5721,5145"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,71,1113,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Internet Explorer Help"
"ComponentID"="HelpCont"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="7,0,5730,13"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
@="DirectAnimation Java Classes"
"ComponentID"="DAJava"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,00,01,0223"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.7"
"ComponentID"="MSVBScript"
"IsInstalled"=dword:00000001
"Locale"="EN"
"Version"="5,7,6002,22589"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msmsgs.inf,BLC.QuietInstall.PerUser"
"Locale"="EN"
"Version"="4,7,0,3000"
"IsInstalled"=dword:00000001
"KeyFileName"="c:\\Program Files\\Messenger\\msmsgs.exe"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="5,00,2918,1900"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="7,0,5730,13"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"Version"="7,0,5730,13"
@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"IsInstalled"=dword:00000001
"Locale"="*"
"KeyFileName"="c:\\WINDOWS\\system32\\msieftp.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"DontAsk"=dword:00000002
"Locale"="ENU"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\wmp11.inf,PerUserStub"
"IsInstalled"=dword:00000001
"Version"="11,0,5721,5145"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="MSN Site Access"
"ComponentID"="MSN_Auth"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,9,9,2"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
@=".NET Framework"
"Locale"=""
"Version"="2,0,50727,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"Version"="6,0,2900,5512"
@="Address Book 6"
"IsInstalled"=dword:00000001
"Locale"="EN"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"Version"="6,0,2900,2180"
@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"IsInstalled"=dword:00000001
"Locale"="en"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"Version"="7,0,5730,13"
@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"IsInstalled"=dword:00000001
"Locale"="en"
"StubPath"="c:\\WINDOWS\\system32\\ie4uinit.exe -BaseSettings"
"LocalizedName"="@c:\\WINDOWS\\system32\\ie4uinit.exe,-20"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"IsInstalled"=dword:00000001
"StubPath"="c:\\WINDOWS\\system32\\Rundll32.exe c:\\WINDOWS\\system32\\mscories.dll,Install"
"Version"="1,1,0,5000"
"DontAsk"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
@SACL=
@="Fax"
"ComponentID"="Fax"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Version"="5.1"
"Locale"="EN"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\fxsocm.inf,Fax.Install.PerUser"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="7,0,5730,13"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
@SACL=
@="Fax Provider"
"ComponentID"="Fax Provider"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Version"="5.1"
"Locale"="EN"
"StubPath"=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
"Locale"=""
"Version"="2,0,50727,0"
"ComponentID"=".NETFramework"
@=".NET Framework"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}]
@="Microsoft .NET Framework 1.0 Hotfix (KB930494)"
"IsInstalled"=dword:00000001
"ComponentID"="NDPKB930494"
"Version"="1,0,3705"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
"Locale"=""
"Version"="2,0,50727,0"
"ComponentID"=".NETFramework"
@=".NET Framework"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,0,5730,13"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"Locale"=""
"Version"="1,0,4322,1"
"ComponentID"=".NETFramework"
@=".NET Framework"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
@="Task Scheduler"
"ComponentID"="MSTASK"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,71,1968,1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
"IsInstalled"=hex:01,00,00,00
"Version"="2,1,4026,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@="Adobe Flash Player"
"ComponentID"="Flash"
"IsInstalled"=hex:01,00,00,00
"Version"="10.0.42.34"
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="HTML Help"
"ComponentID"="HTMLHelp"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,0,5730,13"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{E8EA5BD6-D931-4001-ABF6-81BAA500360A}]
@="Microsoft .NET Framework 1.0 Hotfix (KB953295)"
"IsInstalled"=dword:00000001
"ComponentID"="NDPKB953295"
"Version"="1,0,3705"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"
"IsInstalled"=hex:01,00,00,00
"Locale"="EN"
"Version"="5,0,00,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{EA29D410-CE41-4953-A862-2DE706A1DAD7}]
@="Microsoft .NET Framework 1.0 Service Pack 3"
"IsInstalled"=dword:00000001
"ComponentID"="NDP10SP3"
"version"="1,0,3705"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}]
@=".NET Framework"
"ComponentID"=".NETFramework"
"Version"="1,0,3705,3"
"Locale"=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@DACL=(02 0000)
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@DACL=(02 0000)
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3051"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3014"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
@DACL=(02 0000)
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=expand:"WgaLogon.dll"
"Event"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(652)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2011-05-11 19:51:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-12 00:51
ComboFix2.txt 2011-05-11 01:20
.
Pre-Run: 135,032,623,104 bytes free
Post-Run: 135,016,894,464 bytes free
.
- - End Of File - - F6EE01AB238EBEAB30FA45CEC674E824
C:\Documents and Settings\HP_Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\cmd.txt deleted successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\Hosts
C:\Documents and Settings\HP_Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\HP_Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Temp folder emptied: 2044048 bytes
->Temporary Internet Files folder emptied: 45328010 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43932584 bytes
->Flash cache emptied: 10203 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 620265 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Old Movies

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3879 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 88.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Old Movies

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: HP_Administrator
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

User: Old Movies

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 03242012_140646

Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\HP_Administrator\7z8qaj0txd.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\a9e045434411ae3.sys scheduled to be moved on reboot.

Registry entries deleted on Reboot...


4. An update on how your computer is currently running.

Computer is running fine - sound is back again!

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:28 PM

Posted 25 March 2012 - 02:26 AM

Hi woodman77382!

Thanks for the information regarding those ports, I'll go ahead and close those ports up shortly then.

Your TDSSKiller indicates that you have/had a backdoor infection on your computer.

Please yield this warning:

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:


Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now


NEXT:


Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. ComboFix.txt log file.
3. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Edited by SweetTech, 25 March 2012 - 02:26 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 woodman77382

woodman77382
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 25 March 2012 - 04:48 PM

Thanks for your help. I have changed critical passwords from another PC as suggested. I'm not comfortable reformatting the hard-drive on my own so I will talk to a local PC expert to see what my options are regarding this. I will respond back tomorrow on how I proceed. Thanks again.

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:28 PM

Posted 26 March 2012 - 02:25 AM

Okay, thanks for letting me know that. Please keep me updated, and if you needed assistance reformatting your P.C. the techs in the Windows forum, could be of assistance to you doing this.

Warmest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:28 PM

Posted 03 April 2012 - 01:08 AM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users