Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser redirecting ie8 and firefox


  • This topic is locked This topic is locked
40 replies to this topic

#1 dasnow

dasnow

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 23 March 2012 - 06:39 PM

have run rkill,mbab,dds, gmer keep shutting down the machine,have the logs need some help

BC AdBot (Login to Remove)

 


#2 dasnow

dasnow
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 23 March 2012 - 11:32 PM

here ts the DDS log


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by David Snow at 17:49:37 on 2012-03-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2181 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intuit\QuickBooks 2008\qbw32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\notepad.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - blank
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - Yontoo Layers
TB: I.R.I.S. Desktop Search: {577ebca9-8ed3-45fc-a514-55b3817d4bcf} - c:\program files\iris desktop search\IRISDesktopSearchIntegration910.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: I.R.I.S. Desktop Search: {577ebca9-8ed3-45fc-a514-55b3817d4bcf} - c:\program files\iris desktop search\IRISDesktopSearchIntegration910.dll
EB: I.R.I.S. Desktop Search: {d5045198-55c2-46ed-87f4-17e31be72a33} - c:\program files\iris desktop search\IRISDesktopSearchIntegration910.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SurfSecret]
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10a.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2008\QBW32.EXE
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - blank
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: chase.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{03DAD1DC-F36A-4264-B504-A152C232B35E} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\david snow\application data\mozilla\firefox\profiles\t5wz5943.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {5B8C6AF0-9ADB-4F75-8267-585B0961DE26} - c:\documents and settings\david snow\local settings\application data\{5B8C6AF0-9ADB-4F75-8267-585B0961DE26}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
.
============= SERVICES / DRIVERS ===============
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 36880]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-21 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-21 337880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-21 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-21 44768]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-1-29 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-1-29 712048]
R2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\microsoft.net\framework\v1.1.4322\netfxupdate.exe [2007-1-15 73728]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-11-10 793048]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
S2 gupdate1c98722992da2f4;Google Update Service (gupdate1c98722992da2f4);c:\program files\google\update\GoogleUpdate.exe [2009-2-4 133104]
S3 cpuz135;cpuz135;\??\c:\docume~1\davids~1\locals~1\temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\davids~1\locals~1\temp\cpuz135\cpuz135_x32.sys [?]
S3 DualCoreCenter;DualCoreCenter;\??\c:\program files\msi\dualcorecenter\ntglm7x.sys --> c:\program files\msi\dualcorecenter\NTGLM7X.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-4 133104]
S3 PROCEXP150;PROCEXP150;\??\c:\windows\system32\drivers\procexp150.sys --> c:\windows\system32\drivers\PROCEXP150.SYS [?]
S3 RushTopDevice2;RushTopDevice2;\??\c:\program files\msi\dualcorecenter\rushtop.sys --> c:\program files\msi\dualcorecenter\RushTop.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
=============== File Associations ===============
.
.scr=CabinetMakerScriptFile
.
=============== Created Last 30 ================
.
2012-03-21 22:41:26 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-21 22:41:02 41184 ----a-w- c:\windows\avastSS.scr
2012-03-21 22:40:49 -------- d-----w- c:\program files\AVAST Software
2012-03-21 22:40:49 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-03-21 22:20:42 -------- dc-h--w- c:\windows\ie8
2012-03-21 21:45:30 -------- d-----w- c:\program files\Hold
2012-03-21 21:11:16 -------- d-----r- c:\documents and settings\david snow\Copy of Favorites
2012-03-21 20:49:49 -------- d-----w- C:\Files&Exes
2012-03-18 23:20:30 -------- d-----w- c:\documents and settings\david snow\application data\Curiolab
2012-03-11 23:16:09 -------- d-----w- c:\documents and settings\david snow\application data\Malwarebytes
2012-03-11 23:16:02 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-03-11 23:16:01 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-11 23:16:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-11 16:03:46 -------- d-----w- c:\documents and settings\david snow\application data\SUPERAntiSpyware.com
2012-03-11 16:01:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-11 16:01:57 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-03-06 12:23:47 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
.
============= FINISH: 17:50:34.78 ===============

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 23 March 2012 - 11:46 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 dasnow

dasnow
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 24 March 2012 - 12:52 AM

ran combofix computer rebooted seems ok but i didn't get a log that i can see...where would it be ???

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 24 March 2012 - 12:55 AM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\ComboFix.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 dasnow

dasnow
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 24 March 2012 - 01:08 AM

copied text into run no combofix log ??????

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 24 March 2012 - 01:11 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 dasnow

dasnow
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 24 March 2012 - 02:01 AM

can't get into safe mode

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 24 March 2012 - 02:08 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 dasnow

dasnow
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 24 March 2012 - 06:51 AM

here is the aswMer log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-24 03:24:50
-----------------------------
03:24:50.859 OS Version: Windows 5.1.2600 Service Pack 3
03:24:50.859 Number of processors: 4 586 0x1707
03:24:50.859 ComputerName: AMKIT UserName:
03:24:52.046 Initialize success
03:24:52.109 AVAST engine defs: 12032302
03:25:04.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-7
03:25:04.578 Disk 0 Vendor: WDC_WD3201ABYS-01B9A0 13.01C02 Size: 305245MB BusType: 3
03:25:04.578 Disk 0 MBR read successfully
03:25:04.578 Disk 0 MBR scan
03:25:04.578 Disk 0 Windows XP default MBR code
03:25:04.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
03:25:04.593 Disk 0 scanning sectors +625121280
03:25:04.656 Disk 0 scanning C:\WINDOWS\system32\drivers
03:25:14.390 Service scanning
03:25:17.375 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
03:25:20.812 Service NTACCESS D:\NTACCESS.sys **LOCKED** 21
03:25:22.343 Service SetupNTGLM7X D:\NTGLM7X.sys **LOCKED** 21
03:25:24.765 Modules scanning
03:25:52.750 Disk 0 trace - called modules:
03:25:52.781 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
03:25:52.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b21aab8]
03:25:52.781 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000007a[0x8b21e9e8]
03:25:52.781 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-7[0x8b1edd98]
03:25:54.328 AVAST engine scan C:\WINDOWS
03:26:05.250 AVAST engine scan C:\WINDOWS\system32
03:29:31.109 AVAST engine scan C:\WINDOWS\system32\drivers
03:29:39.515 AVAST engine scan C:\Documents and Settings\David Snow
03:37:59.359 AVAST engine scan C:\Documents and Settings\All Users
03:41:47.328 Scan finished successfully
07:33:51.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\David Snow\Desktop\MBR.dat"
07:33:51.984 The log file has been saved successfully to "C:\Documents and Settings\David Snow\Desktop\aswMBR.txt"

#11 dasnow

dasnow
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 24 March 2012 - 06:56 AM

TDSSkiller log

07:49:41.0156 5424 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
07:49:41.0390 5424 ============================================================
07:49:41.0390 5424 Current date / time: 2012/03/24 07:49:41.0390
07:49:41.0390 5424 SystemInfo:
07:49:41.0390 5424
07:49:41.0390 5424 OS Version: 5.1.2600 ServicePack: 3.0
07:49:41.0390 5424 Product type: Workstation
07:49:41.0390 5424 ComputerName: AMKIT
07:49:41.0390 5424 UserName: David Snow
07:49:41.0390 5424 Windows directory: C:\WINDOWS
07:49:41.0390 5424 System windows directory: C:\WINDOWS
07:49:41.0390 5424 Processor architecture: Intel x86
07:49:41.0390 5424 Number of processors: 4
07:49:41.0390 5424 Page size: 0x1000
07:49:41.0390 5424 Boot type: Normal boot
07:49:41.0390 5424 ============================================================
07:49:42.0843 5424 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:49:42.0843 5424 \Device\Harddisk0\DR0:
07:49:42.0843 5424 MBR used
07:49:42.0843 5424 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
07:49:42.0875 5424 Initialize success
07:49:42.0875 5424 ============================================================
07:49:55.0718 4628 ============================================================
07:49:55.0718 4628 Scan started
07:49:55.0718 4628 Mode: Manual;
07:49:55.0718 4628 ============================================================
07:49:56.0546 4628 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
07:49:56.0562 4628 !SASCORE - ok
07:49:56.0640 4628 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
07:49:56.0640 4628 Aavmker4 - ok
07:49:56.0656 4628 Abiosdsk - ok
07:49:56.0656 4628 abp480n5 - ok
07:49:56.0687 4628 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:49:56.0687 4628 ACPI - ok
07:49:56.0734 4628 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:49:56.0734 4628 ACPIEC - ok
07:49:56.0734 4628 adpu160m - ok
07:49:56.0765 4628 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:49:56.0765 4628 aec - ok
07:49:56.0796 4628 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
07:49:56.0796 4628 AFD - ok
07:49:56.0828 4628 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
07:49:56.0828 4628 AFS2K - ok
07:49:56.0828 4628 Aha154x - ok
07:49:56.0843 4628 aic78u2 - ok
07:49:56.0843 4628 aic78xx - ok
07:49:56.0890 4628 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
07:49:56.0890 4628 Alerter - ok
07:49:56.0906 4628 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
07:49:56.0906 4628 ALG - ok
07:49:56.0921 4628 AliIde - ok
07:49:56.0921 4628 amsint - ok
07:49:56.0984 4628 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:49:56.0984 4628 Apple Mobile Device - ok
07:49:57.0000 4628 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
07:49:57.0000 4628 AppMgmt - ok
07:49:57.0031 4628 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
07:49:57.0046 4628 Arp1394 - ok
07:49:57.0046 4628 asc - ok
07:49:57.0046 4628 asc3350p - ok
07:49:57.0062 4628 asc3550 - ok
07:49:57.0140 4628 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:49:57.0140 4628 aspnet_state - ok
07:49:57.0156 4628 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
07:49:57.0156 4628 aswFsBlk - ok
07:49:57.0187 4628 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
07:49:57.0187 4628 aswMon2 - ok
07:49:57.0218 4628 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
07:49:57.0218 4628 AswRdr - ok
07:49:57.0250 4628 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
07:49:57.0250 4628 aswSnx - ok
07:49:57.0296 4628 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
07:49:57.0296 4628 aswSP - ok
07:49:57.0312 4628 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
07:49:57.0312 4628 aswTdi - ok
07:49:57.0312 4628 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:49:57.0328 4628 AsyncMac - ok
07:49:57.0328 4628 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:49:57.0328 4628 atapi - ok
07:49:57.0328 4628 Atdisk - ok
07:49:57.0375 4628 Ati HotKey Poller (465874ca7ce49a2154104509a5a42936) C:\WINDOWS\system32\Ati2evxx.exe
07:49:57.0375 4628 Ati HotKey Poller - ok
07:49:57.0421 4628 ATI Smart (3483e6d18b811229a337ff1d105270d9) C:\WINDOWS\system32\ati2sgag.exe
07:49:57.0421 4628 ATI Smart - ok
07:49:57.0500 4628 ati2mtag (7790f8d1000fce5cfd33ccf4f861928f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
07:49:57.0515 4628 ati2mtag - ok
07:49:57.0546 4628 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:49:57.0546 4628 Atmarpc - ok
07:49:57.0578 4628 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
07:49:57.0578 4628 AudioSrv - ok
07:49:57.0625 4628 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:49:57.0625 4628 audstub - ok
07:49:57.0656 4628 Autodesk Licensing Service (9b4aa74515e7212a854a343d613904f3) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
07:49:57.0656 4628 Autodesk Licensing Service - ok
07:49:57.0703 4628 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:49:57.0703 4628 avast! Antivirus - ok
07:49:57.0765 4628 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
07:49:57.0765 4628 BcmSqlStartupSvc - ok
07:49:57.0796 4628 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:49:57.0796 4628 Beep - ok
07:49:57.0843 4628 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
07:49:57.0859 4628 BITS - ok
07:49:57.0890 4628 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
07:49:57.0890 4628 Bonjour Service - ok
07:49:57.0921 4628 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
07:49:57.0921 4628 Browser - ok
07:49:58.0015 4628 catchme - ok
07:49:58.0046 4628 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:49:58.0046 4628 cbidf2k - ok
07:49:58.0046 4628 cd20xrnt - ok
07:49:58.0062 4628 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:49:58.0062 4628 Cdaudio - ok
07:49:58.0093 4628 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:49:58.0093 4628 Cdfs - ok
07:49:58.0109 4628 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:49:58.0109 4628 Cdrom - ok
07:49:58.0125 4628 Changer - ok
07:49:58.0140 4628 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
07:49:58.0140 4628 CiSvc - ok
07:49:58.0156 4628 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
07:49:58.0156 4628 ClipSrv - ok
07:49:58.0203 4628 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:49:58.0203 4628 clr_optimization_v2.0.50727_32 - ok
07:49:58.0218 4628 CmdIde - ok
07:49:58.0218 4628 COMSysApp - ok
07:49:58.0265 4628 CO_Mon (ca8eb7b73ac3bab1f8760a7583122a00) C:\WINDOWS\system32\Drivers\CO_Mon.sys
07:49:58.0265 4628 CO_Mon - ok
07:49:58.0265 4628 Cpqarray - ok
07:49:58.0281 4628 cpuz135 - ok
07:49:58.0281 4628 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
07:49:58.0281 4628 CryptSvc - ok
07:49:58.0296 4628 dac2w2k - ok
07:49:58.0312 4628 dac960nt - ok
07:49:58.0359 4628 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
07:49:58.0359 4628 DcomLaunch - ok
07:49:58.0390 4628 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
07:49:58.0406 4628 Dhcp - ok
07:49:58.0421 4628 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:49:58.0421 4628 Disk - ok
07:49:58.0421 4628 dmadmin - ok
07:49:58.0468 4628 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:49:58.0468 4628 dmboot - ok
07:49:58.0484 4628 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:49:58.0484 4628 dmio - ok
07:49:58.0484 4628 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:49:58.0500 4628 dmload - ok
07:49:58.0515 4628 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
07:49:58.0515 4628 dmserver - ok
07:49:58.0531 4628 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:49:58.0531 4628 DMusic - ok
07:49:58.0562 4628 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
07:49:58.0562 4628 Dnscache - ok
07:49:58.0609 4628 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
07:49:58.0609 4628 Dot3svc - ok
07:49:58.0625 4628 dpti2o - ok
07:49:58.0625 4628 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:49:58.0625 4628 drmkaud - ok
07:49:58.0656 4628 DTSRVC (b9997aeb24135477963366d4240c4819) C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
07:49:58.0656 4628 DTSRVC - ok
07:49:58.0656 4628 DualCoreCenter - ok
07:49:58.0703 4628 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
07:49:58.0703 4628 EapHost - ok
07:49:58.0718 4628 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
07:49:58.0718 4628 ERSvc - ok
07:49:58.0750 4628 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
07:49:58.0750 4628 Eventlog - ok
07:49:58.0796 4628 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
07:49:58.0796 4628 EventSystem - ok
07:49:58.0812 4628 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:49:58.0812 4628 Fastfat - ok
07:49:58.0843 4628 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:49:58.0843 4628 FastUserSwitchingCompatibility - ok
07:49:58.0859 4628 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
07:49:58.0859 4628 Fdc - ok
07:49:58.0890 4628 FileDisk (0694585d54bf46379ce41aee2b6864aa) C:\WINDOWS\system32\drivers\FileDisk.sys
07:49:58.0890 4628 FileDisk - ok
07:49:58.0906 4628 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:49:58.0906 4628 Fips - ok
07:49:58.0968 4628 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
07:49:58.0968 4628 FLEXnet Licensing Service - ok
07:49:58.0984 4628 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:49:58.0984 4628 Flpydisk - ok
07:49:59.0015 4628 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:49:59.0015 4628 FltMgr - ok
07:49:59.0078 4628 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:49:59.0078 4628 FontCache3.0.0.0 - ok
07:49:59.0109 4628 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:49:59.0109 4628 Fs_Rec - ok
07:49:59.0125 4628 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:49:59.0125 4628 Ftdisk - ok
07:49:59.0140 4628 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
07:49:59.0140 4628 GEARAspiWDM - ok
07:49:59.0140 4628 GMSIPCI - ok
07:49:59.0171 4628 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:49:59.0171 4628 Gpc - ok
07:49:59.0203 4628 gupdate1c98722992da2f4 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
07:49:59.0203 4628 gupdate1c98722992da2f4 - ok
07:49:59.0218 4628 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
07:49:59.0218 4628 gupdatem - ok
07:49:59.0250 4628 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:49:59.0250 4628 gusvc - ok
07:49:59.0281 4628 HdAudAddService (56bf27d7a539f9e6bbc1de201aba0edf) C:\WINDOWS\system32\drivers\AtiHdAud.sys
07:49:59.0281 4628 HdAudAddService - ok
07:49:59.0312 4628 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:49:59.0312 4628 HDAudBus - ok
07:49:59.0359 4628 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:49:59.0359 4628 helpsvc - ok
07:49:59.0390 4628 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
07:49:59.0390 4628 HidServ - ok
07:49:59.0390 4628 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:49:59.0390 4628 hidusb - ok
07:49:59.0421 4628 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
07:49:59.0421 4628 hkmsvc - ok
07:49:59.0437 4628 hpn - ok
07:49:59.0531 4628 hpqcxs08 (af81f7ba6a09119006fe041a2f2f3ece) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
07:49:59.0531 4628 hpqcxs08 - ok
07:49:59.0562 4628 hpqddsvc (7244f63db8ea883b3dc8e730c645d073) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
07:49:59.0562 4628 hpqddsvc - ok
07:49:59.0593 4628 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
07:49:59.0593 4628 HPZid412 - ok
07:49:59.0609 4628 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
07:49:59.0625 4628 HPZipr12 - ok
07:49:59.0640 4628 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
07:49:59.0640 4628 HPZius12 - ok
07:49:59.0687 4628 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:49:59.0687 4628 HTTP - ok
07:49:59.0703 4628 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
07:49:59.0703 4628 HTTPFilter - ok
07:49:59.0718 4628 i2omgmt - ok
07:49:59.0718 4628 i2omp - ok
07:49:59.0734 4628 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:49:59.0734 4628 i8042prt - ok
07:49:59.0796 4628 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
07:49:59.0796 4628 IDriverT - ok
07:49:59.0953 4628 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:49:59.0953 4628 idsvc - ok
07:49:59.0984 4628 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:49:59.0984 4628 Imapi - ok
07:50:00.0015 4628 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
07:50:00.0015 4628 ImapiService - ok
07:50:00.0062 4628 InCDfs (580a81790cd0a48d85da322267da7ac4) C:\WINDOWS\system32\drivers\InCDFs.sys
07:50:00.0062 4628 InCDfs - ok
07:50:00.0062 4628 InCDPass (aaa2789d2ce21b31be9406ba1ceb7285) C:\WINDOWS\system32\drivers\InCDPass.sys
07:50:00.0062 4628 InCDPass - ok
07:50:00.0078 4628 InCDrec (4d022577e9072b5d22e0a383a7806bbb) C:\WINDOWS\system32\drivers\InCDrec.sys
07:50:00.0078 4628 InCDrec - ok
07:50:00.0078 4628 incdrm (c258e57321a3c3737f4fa815fa69ee0b) C:\WINDOWS\system32\drivers\InCDRm.sys
07:50:00.0078 4628 incdrm - ok
07:50:00.0156 4628 InCDsrv (9792b85e32e058cd6a43db274ba47d57) C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
07:50:00.0171 4628 InCDsrv - ok
07:50:00.0187 4628 ini910u - ok
07:50:00.0296 4628 IntcAzAudAddService (b1a809e7fe19becd5aca61f0e7088c8c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
07:50:00.0328 4628 IntcAzAudAddService - ok
07:50:00.0328 4628 IntelIde - ok
07:50:00.0359 4628 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:50:00.0359 4628 intelppm - ok
07:50:00.0437 4628 ioloFileInfoList (603ca03eda3f4642163ce6cb255d8fdb) C:\Program Files\iolo\common\lib\ioloServiceManager.exe
07:50:00.0437 4628 ioloFileInfoList - ok
07:50:00.0453 4628 ioloSystemService (603ca03eda3f4642163ce6cb255d8fdb) C:\Program Files\iolo\common\lib\ioloServiceManager.exe
07:50:00.0468 4628 ioloSystemService - ok
07:50:00.0500 4628 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
07:50:00.0500 4628 Ip6Fw - ok
07:50:00.0531 4628 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:50:00.0531 4628 IpFilterDriver - ok
07:50:00.0546 4628 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:50:00.0546 4628 IpInIp - ok
07:50:00.0578 4628 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:50:00.0578 4628 IpNat - ok
07:50:00.0625 4628 iPod Service (8e5e5a8cc84da3f683e3bbc045138d52) C:\Program Files\iPod\bin\iPodService.exe
07:50:00.0625 4628 iPod Service - ok
07:50:00.0640 4628 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:50:00.0640 4628 IPSec - ok
07:50:00.0656 4628 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:50:00.0656 4628 IRENUM - ok
07:50:00.0671 4628 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:50:00.0671 4628 isapnp - ok
07:50:00.0734 4628 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program Files\Java\jre6\bin\jqs.exe
07:50:00.0734 4628 JavaQuickStarterService - ok
07:50:00.0750 4628 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:50:00.0750 4628 Kbdclass - ok
07:50:00.0765 4628 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:50:00.0765 4628 kbdhid - ok
07:50:00.0781 4628 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
07:50:00.0781 4628 kl1 - ok
07:50:00.0796 4628 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys
07:50:00.0796 4628 klbg - ok
07:50:00.0828 4628 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
07:50:00.0828 4628 klim5 - ok
07:50:00.0843 4628 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:50:00.0843 4628 kmixer - ok
07:50:00.0859 4628 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:50:00.0859 4628 KSecDD - ok
07:50:00.0890 4628 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
07:50:00.0906 4628 lanmanserver - ok
07:50:00.0937 4628 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
07:50:00.0937 4628 lanmanworkstation - ok
07:50:00.0953 4628 lbrtfdc - ok
07:50:01.0000 4628 LightScribeService (53710476495886d9961be46983a6a33f) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
07:50:01.0000 4628 LightScribeService - ok
07:50:01.0031 4628 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
07:50:01.0031 4628 LmHosts - ok
07:50:01.0046 4628 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
07:50:01.0062 4628 Messenger - ok
07:50:01.0078 4628 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
07:50:01.0078 4628 mf - ok
07:50:01.0140 4628 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
07:50:01.0140 4628 Microsoft Office Groove Audit Service - ok
07:50:01.0156 4628 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:50:01.0156 4628 mnmdd - ok
07:50:01.0187 4628 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
07:50:01.0187 4628 mnmsrvc - ok
07:50:01.0203 4628 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:50:01.0203 4628 Modem - ok
07:50:01.0218 4628 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:50:01.0218 4628 Mouclass - ok
07:50:01.0234 4628 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:50:01.0234 4628 mouhid - ok
07:50:01.0250 4628 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:50:01.0250 4628 MountMgr - ok
07:50:01.0250 4628 mraid35x - ok
07:50:01.0265 4628 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:50:01.0265 4628 MRxDAV - ok
07:50:01.0296 4628 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:50:01.0296 4628 MRxSmb - ok
07:50:01.0312 4628 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
07:50:01.0312 4628 MSDTC - ok
07:50:01.0328 4628 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:50:01.0328 4628 Msfs - ok
07:50:01.0343 4628 MSIServer - ok
07:50:01.0359 4628 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:50:01.0359 4628 MSKSSRV - ok
07:50:01.0390 4628 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:50:01.0390 4628 MSPCLOCK - ok
07:50:01.0406 4628 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:50:01.0406 4628 MSPQM - ok
07:50:01.0406 4628 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:50:01.0406 4628 mssmbios - ok
07:50:01.0484 4628 MSSQL$MSSMLBIZ - ok
07:50:01.0515 4628 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
07:50:01.0515 4628 MSSQLServerADHelper - ok
07:50:01.0546 4628 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
07:50:01.0546 4628 Mup - ok
07:50:01.0578 4628 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
07:50:01.0593 4628 napagent - ok
07:50:01.0687 4628 NBService (b498a14133bd09ad0817590ace4470ad) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
07:50:01.0687 4628 NBService - ok
07:50:01.0718 4628 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:50:01.0734 4628 NDIS - ok
07:50:01.0750 4628 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:50:01.0750 4628 NdisTapi - ok
07:50:01.0750 4628 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:50:01.0750 4628 Ndisuio - ok
07:50:01.0765 4628 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:50:01.0765 4628 NdisWan - ok
07:50:01.0796 4628 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
07:50:01.0796 4628 NDProxy - ok
07:50:01.0843 4628 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
07:50:01.0843 4628 Net Driver HPZ12 - ok
07:50:01.0859 4628 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:50:01.0859 4628 NetBIOS - ok
07:50:01.0890 4628 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:50:01.0890 4628 NetBT - ok
07:50:01.0921 4628 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
07:50:01.0937 4628 NetDDE - ok
07:50:01.0937 4628 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
07:50:01.0937 4628 NetDDEdsdm - ok
07:50:02.0015 4628 NetFxUpdate_v1.1.4322 (4d3581a2f8006074f470ce471a2c59d7) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
07:50:02.0015 4628 NetFxUpdate_v1.1.4322 - ok
07:50:02.0046 4628 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:50:02.0046 4628 Netlogon - ok
07:50:02.0078 4628 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
07:50:02.0093 4628 Netman - ok
07:50:02.0171 4628 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:50:02.0171 4628 NetTcpPortSharing - ok
07:50:02.0187 4628 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
07:50:02.0187 4628 NIC1394 - ok
07:50:02.0234 4628 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
07:50:02.0250 4628 Nla - ok
07:50:02.0359 4628 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
07:50:02.0359 4628 NMIndexingService - ok
07:50:02.0375 4628 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:50:02.0375 4628 Npfs - ok
07:50:02.0375 4628 NTACCESS - ok
07:50:02.0421 4628 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:50:02.0421 4628 Ntfs - ok
07:50:02.0421 4628 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:50:02.0437 4628 NtLmSsp - ok
07:50:02.0468 4628 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
07:50:02.0468 4628 NtmsSvc - ok
07:50:02.0515 4628 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:50:02.0515 4628 Null - ok
07:50:02.0531 4628 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:50:02.0546 4628 NwlnkFlt - ok
07:50:02.0546 4628 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:50:02.0546 4628 NwlnkFwd - ok
07:50:02.0656 4628 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:50:02.0656 4628 odserv - ok
07:50:02.0687 4628 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
07:50:02.0687 4628 ohci1394 - ok
07:50:02.0703 4628 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:50:02.0703 4628 ose - ok
07:50:02.0734 4628 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
07:50:02.0734 4628 Parport - ok
07:50:02.0734 4628 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:50:02.0734 4628 PartMgr - ok
07:50:02.0765 4628 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:50:02.0765 4628 ParVdm - ok
07:50:02.0781 4628 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:50:02.0781 4628 PCI - ok
07:50:02.0796 4628 PCIDump - ok
07:50:02.0812 4628 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:50:02.0812 4628 PCIIde - ok
07:50:02.0828 4628 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:50:02.0828 4628 Pcmcia - ok
07:50:02.0875 4628 PCToolsSSDMonitorSvc (82ec1531bc74adc34e0342c12958c55a) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
07:50:02.0890 4628 PCToolsSSDMonitorSvc - ok
07:50:02.0968 4628 PDCOMP - ok
07:50:03.0046 4628 PDFRAME - ok
07:50:03.0171 4628 pdiddcci (a893b05b457f2e7eca0e5ea867e2249d) C:\WINDOWS\system32\DRIVERS\pdiddcci.sys
07:50:03.0171 4628 pdiddcci - ok
07:50:03.0312 4628 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\WINDOWS\system32\Drivers\PdiPorts.sys
07:50:03.0312 4628 PdiPorts - ok
07:50:03.0359 4628 PDRELI - ok
07:50:03.0437 4628 PDRFRAME - ok
07:50:03.0453 4628 perc2 - ok
07:50:03.0468 4628 perc2hib - ok
07:50:03.0515 4628 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
07:50:03.0515 4628 PlugPlay - ok
07:50:03.0562 4628 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
07:50:03.0562 4628 Pml Driver HPZ12 - ok
07:50:03.0562 4628 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:50:03.0562 4628 PolicyAgent - ok
07:50:03.0609 4628 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:50:03.0609 4628 PptpMiniport - ok
07:50:03.0609 4628 PROCEXP150 - ok
07:50:03.0625 4628 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:50:03.0625 4628 ProtectedStorage - ok
07:50:03.0625 4628 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:50:03.0625 4628 PSched - ok
07:50:03.0656 4628 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:50:03.0656 4628 Ptilink - ok
07:50:03.0703 4628 QBCFMonitorService (91195091f449699b176fe1305dad40da) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
07:50:03.0703 4628 QBCFMonitorService - ok
07:50:03.0765 4628 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
07:50:03.0765 4628 QBFCService - ok
07:50:03.0812 4628 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
07:50:03.0828 4628 QBVSS - ok
07:50:03.0828 4628 ql1080 - ok
07:50:03.0843 4628 Ql10wnt - ok
07:50:03.0843 4628 ql12160 - ok
07:50:03.0859 4628 ql1240 - ok
07:50:03.0859 4628 ql1280 - ok
07:50:03.0875 4628 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:50:03.0890 4628 RasAcd - ok
07:50:03.0921 4628 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
07:50:03.0921 4628 RasAuto - ok
07:50:03.0937 4628 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:50:03.0937 4628 Rasl2tp - ok
07:50:03.0984 4628 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
07:50:03.0984 4628 RasMan - ok
07:50:04.0000 4628 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:50:04.0000 4628 RasPppoe - ok
07:50:04.0000 4628 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:50:04.0000 4628 Raspti - ok
07:50:04.0031 4628 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:50:04.0031 4628 Rdbss - ok
07:50:04.0031 4628 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:50:04.0031 4628 RDPCDD - ok
07:50:04.0046 4628 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:50:04.0046 4628 rdpdr - ok
07:50:04.0078 4628 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
07:50:04.0078 4628 RDPWD - ok
07:50:04.0109 4628 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
07:50:04.0125 4628 RDSessMgr - ok
07:50:04.0156 4628 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:50:04.0156 4628 redbook - ok
07:50:04.0171 4628 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
07:50:04.0171 4628 RemoteAccess - ok
07:50:04.0218 4628 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
07:50:04.0218 4628 RemoteRegistry - ok
07:50:04.0218 4628 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
07:50:04.0234 4628 RpcLocator - ok
07:50:04.0250 4628 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
07:50:04.0250 4628 RpcSs - ok
07:50:04.0281 4628 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
07:50:04.0281 4628 RSVP - ok
07:50:04.0312 4628 RTLE8023xp (e6e5af7d6920824b066832d3e1665506) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
07:50:04.0312 4628 RTLE8023xp - ok
07:50:04.0312 4628 RushTopDevice2 - ok
07:50:04.0328 4628 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:50:04.0328 4628 SamSs - ok
07:50:04.0375 4628 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
07:50:04.0375 4628 SASDIFSV - ok
07:50:04.0375 4628 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
07:50:04.0375 4628 SASKUTIL - ok
07:50:04.0390 4628 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
07:50:04.0390 4628 SCardSvr - ok
07:50:04.0437 4628 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
07:50:04.0437 4628 Schedule - ok
07:50:04.0484 4628 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:50:04.0484 4628 Secdrv - ok
07:50:04.0500 4628 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
07:50:04.0500 4628 seclogon - ok
07:50:04.0515 4628 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
07:50:04.0515 4628 SENS - ok
07:50:04.0531 4628 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
07:50:04.0531 4628 serenum - ok
07:50:04.0546 4628 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
07:50:04.0546 4628 Serial - ok
07:50:04.0562 4628 SetupNTGLM7X - ok
07:50:04.0578 4628 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:50:04.0593 4628 Sfloppy - ok
07:50:04.0593 4628 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
07:50:04.0609 4628 SharedAccess - ok
07:50:04.0640 4628 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:50:04.0640 4628 ShellHWDetection - ok
07:50:04.0656 4628 Simbad - ok
07:50:04.0687 4628 snapman (79555b34913cb5d1ea429d295c5a17ac) C:\WINDOWS\system32\DRIVERS\snapman.sys
07:50:04.0703 4628 snapman - ok
07:50:04.0734 4628 SNTNLUSB (8d4a96868ae13c3cf8425b383b59d802) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
07:50:04.0734 4628 SNTNLUSB - ok
07:50:04.0734 4628 Sparrow - ok
07:50:04.0750 4628 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:50:04.0750 4628 splitter - ok
07:50:04.0781 4628 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
07:50:04.0781 4628 Spooler - ok
07:50:04.0828 4628 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
07:50:04.0828 4628 SQLBrowser - ok
07:50:04.0828 4628 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
07:50:04.0828 4628 SQLWriter - ok
07:50:04.0843 4628 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:50:04.0843 4628 sr - ok
07:50:04.0875 4628 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
07:50:04.0875 4628 srservice - ok
07:50:04.0906 4628 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
07:50:04.0906 4628 Srv - ok
07:50:04.0921 4628 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
07:50:04.0937 4628 SSDPSRV - ok
07:50:04.0953 4628 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
07:50:04.0968 4628 stisvc - ok
07:50:04.0984 4628 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:50:04.0984 4628 swenum - ok
07:50:05.0000 4628 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:50:05.0015 4628 swmidi - ok
07:50:05.0015 4628 SwPrv - ok
07:50:05.0031 4628 symc810 - ok
07:50:05.0031 4628 symc8xx - ok
07:50:05.0046 4628 sym_hi - ok
07:50:05.0062 4628 sym_u3 - ok
07:50:05.0078 4628 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:50:05.0078 4628 sysaudio - ok
07:50:05.0078 4628 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
07:50:05.0093 4628 SysmonLog - ok
07:50:05.0093 4628 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
07:50:05.0109 4628 TapiSrv - ok
07:50:05.0140 4628 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:50:05.0140 4628 Tcpip - ok
07:50:05.0171 4628 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:50:05.0171 4628 TDPIPE - ok
07:50:05.0187 4628 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:50:05.0187 4628 TDTCP - ok
07:50:05.0218 4628 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:50:05.0218 4628 TermDD - ok
07:50:05.0234 4628 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
07:50:05.0250 4628 TermService - ok
07:50:05.0281 4628 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:50:05.0281 4628 Themes - ok
07:50:05.0312 4628 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
07:50:05.0328 4628 TlntSvr - ok
07:50:05.0328 4628 TosIde - ok
07:50:05.0359 4628 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
07:50:05.0359 4628 TrkWks - ok
07:50:05.0390 4628 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:50:05.0390 4628 Udfs - ok
07:50:05.0390 4628 ultra - ok
07:50:05.0421 4628 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:50:05.0437 4628 Update - ok
07:50:05.0453 4628 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
07:50:05.0468 4628 upnphost - ok
07:50:05.0468 4628 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
07:50:05.0484 4628 UPS - ok
07:50:05.0531 4628 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
07:50:05.0531 4628 usbaudio - ok
07:50:05.0546 4628 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:50:05.0546 4628 usbccgp - ok
07:50:05.0562 4628 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:50:05.0562 4628 usbehci - ok
07:50:05.0578 4628 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:50:05.0578 4628 usbhub - ok
07:50:05.0593 4628 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:50:05.0593 4628 usbprint - ok
07:50:05.0593 4628 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:50:05.0593 4628 usbscan - ok
07:50:05.0609 4628 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:50:05.0609 4628 USBSTOR - ok
07:50:05.0609 4628 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:50:05.0609 4628 usbuhci - ok
07:50:05.0625 4628 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:50:05.0640 4628 VgaSave - ok
07:50:05.0640 4628 ViaIde - ok
07:50:05.0656 4628 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:50:05.0656 4628 VolSnap - ok
07:50:05.0671 4628 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
07:50:05.0687 4628 VSS - ok
07:50:05.0703 4628 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
07:50:05.0718 4628 W32Time - ok
07:50:05.0718 4628 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:50:05.0718 4628 Wanarp - ok
07:50:05.0734 4628 WDICA - ok
07:50:05.0750 4628 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:50:05.0750 4628 wdmaud - ok
07:50:05.0765 4628 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
07:50:05.0765 4628 WebClient - ok
07:50:05.0828 4628 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
07:50:05.0828 4628 winmgmt - ok
07:50:05.0859 4628 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
07:50:05.0859 4628 WmdmPmSN - ok
07:50:05.0890 4628 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
07:50:05.0890 4628 Wmi - ok
07:50:05.0921 4628 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:50:05.0921 4628 WmiApSrv - ok
07:50:05.0937 4628 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
07:50:05.0953 4628 WS2IFSL - ok
07:50:05.0984 4628 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
07:50:05.0984 4628 wscsvc - ok
07:50:06.0000 4628 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
07:50:06.0015 4628 wuauserv - ok
07:50:06.0031 4628 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:50:06.0031 4628 WudfPf - ok
07:50:06.0062 4628 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:50:06.0062 4628 WudfRd - ok
07:50:06.0093 4628 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
07:50:06.0093 4628 WudfSvc - ok
07:50:06.0140 4628 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
07:50:06.0156 4628 WZCSVC - ok
07:50:06.0171 4628 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
07:50:06.0187 4628 xmlprov - ok
07:50:06.0203 4628 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
07:50:06.0343 4628 \Device\Harddisk0\DR0 - ok
07:50:06.0343 4628 Boot (0x1200) (c65cdd49c279f2a39cf9e76cbec99589) \Device\Harddisk0\DR0\Partition0
07:50:06.0343 4628 \Device\Harddisk0\DR0\Partition0 - ok
07:50:06.0343 4628 ============================================================
07:50:06.0343 4628 Scan finished
07:50:06.0343 4628 ============================================================
07:50:06.0359 4992 Detected object count: 0
07:50:06.0359 4992 Actual detected object count: 0
07:51:33.0796 5592 Deinitialize success

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 24 March 2012 - 10:10 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 dasnow

dasnow
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 24 March 2012 - 12:26 PM

olt txt follows:


OTL logfile created on: 3/24/2012 1:19:52 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\David Snow\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 71.49% Memory free
5.09 Gb Paging File | 4.31 Gb Available in Paging File | 84.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 195.53 Gb Free Space | 65.60% Space Free | Partition Type: NTFS

Computer Name: AMKIT | User Name: David Snow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\David Snow\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Intuit\QuickBooks 2008\QBW32.EXE (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\12032400\algo.dll ()
MOD - C:\Program Files\Mozilla Firefox\js3250.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2008\QBMAPILibrary.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2008\QBCompressor.DLL ()
MOD - C:\Program Files\Intuit\QuickBooks 2008\mbpopup.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2008\boost_regex-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2008\boost_serialization-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2008\BackupLib.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2861.39845__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2861.40025__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2861.40046__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2861.39803__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2861.39858__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2861.40038__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2861.40004__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2861.39837__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2861.39955__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2861.39824__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2861.40070__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2861.40012__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2861.40076__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Dashboard\2.0.2861.40095__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2861.39852__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2861.40018__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2861.39817__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2861.40011__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2861.39851__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.2861.40095__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.2861.40094__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.2861.40094__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2861.39963__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.2861.40093__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2861.40030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2861.39865__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2861.39977__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2861.40093__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2861.39963__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2861.40040__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2861.40005__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2861.39872__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2861.39956__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2861.39825__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2861.39949__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2861.39955__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2861.39878__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2861.39962__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2861.39977__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2861.39996__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2820.26371__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2820.26371__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2820.26385__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2820.26376__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2820.26386__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2820.26372__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2820.26382__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2820.26370__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2820.26387__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2820.26396__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2820.26369__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2820.26409__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2820.26370__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2820.26382__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2820.26375__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2820.26374__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2820.26371__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2820.26383__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2820.26375__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2820.26381__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2820.26382__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2820.26374__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2820.26383__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2820.26382__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2820.26388__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2820.26385__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2820.26385__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2820.26385__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2820.26387__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2820.26375__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2820.26383__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2820.26382__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2820.26386__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2820.26377__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2820.26370__90ba9c70f846762e\AEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2820.26383__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2820.26375__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2820.26372__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2861.40086__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2820.26371__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2861.40096__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2861.39795__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2861.39832__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2861.40053__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2861.40061__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2861.39795__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2861.40060__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2820.26371__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2820.26374__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2820.26371__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2820.26394__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2820.26376__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2820.26376__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2861.39811__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2861.39795__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2861.39793__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2861.39794__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2820.26374__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2861.40061__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2820.26388__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2008\zlib1.dll ()


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (QBVSS) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (DTSRVC) -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (SetupNTGLM7X) -- D:\NTGLM7X.sys File not found
DRV - (RushTopDevice2) -- C:\Program Files\MSI\DualCoreCenter\RushTop.sys File not found
DRV - (PROCEXP150) -- C:\WINDOWS\system32\Drivers\PROCEXP150.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (NTACCESS) -- D:\NTACCESS.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
DRV - (DualCoreCenter) -- C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys File not found
DRV - (cpuz135) -- C:\DOCUME~1\DAVIDS~1\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\DAVIDS~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys ()
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo BrantÚn))
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (pdiddcci) -- C:\WINDOWS\system32\drivers\pdiddcci.sys (Portrait Displays, Inc.)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDrec) -- C:\WINDOWS\System32\drivers\InCDrec.sys (Nero AG)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (SNTNLUSB) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS (SafeNet, Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\AtiHdAud.sys (ATI Research Inc.)
DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {DA6C307B-DD44-453E-9F0C-02024A142140}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {DA6C307B-DD44-453E-9F0C-02024A142140}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-117609710-162531612-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-117609710-162531612-839522115-1003\..\SearchScopes,DefaultScope = {40C4D192-9164-4772-8181-3B587702034C}
IE - HKU\S-1-5-21-117609710-162531612-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-117609710-162531612-839522115-1003\..\SearchScopes\{40C4D192-9164-4772-8181-3B587702034C}: "URL" = http://home.speedbit.com/search.aspx?aff=206&q={searchTerms}
IE - HKU\S-1-5-21-117609710-162531612-839522115-1003\..\SearchScopes\{DA6C307B-DD44-453E-9F0C-02024A142140}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFB_enUS461
IE - HKU\S-1-5-21-117609710-162531612-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-117609710-162531612-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: {5B8C6AF0-9ADB-4F75-8267-585B0961DE26}:1.9.1
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1426
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{5B8C6AF0-9ADB-4F75-8267-585B0961DE26}: C:\Documents and Settings\David Snow\Local Settings\Application Data\{5B8C6AF0-9ADB-4F75-8267-585B0961DE26} [2011/09/02 19:29:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/21 18:41:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/22 11:00:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/22 11:00:42 | 000,000,000 | ---D | M]

[2011/05/02 17:45:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Snow\Application Data\Mozilla\Extensions
[2012/03/23 17:26:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Snow\Application Data\Mozilla\Firefox\Profiles\t5wz5943.default\extensions
[2011/05/02 17:46:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David Snow\Application Data\Mozilla\Firefox\Profiles\t5wz5943.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/23 18:14:58 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\David Snow\Application Data\Mozilla\Firefox\Profiles\t5wz5943.default\extensions\plugin@yontoo.com
[2012/03/23 17:26:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/03 09:05:06 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011/09/02 19:29:20 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\DAVID SNOW\LOCAL SETTINGS\APPLICATION DATA\{5B8C6AF0-9ADB-4F75-8267-585B0961DE26}
[2012/03/21 18:41:13 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2008/12/19 09:00:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\David Snow\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\David Snow\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\David Snow\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Documents and Settings\David Snow\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/03/22 13:11:52 | 000,441,467 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15172 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - blank File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (I.R.I.S. Desktop Search) - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - C:\Program Files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll (Copernic Technologies Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-117609710-162531612-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-117609710-162531612-839522115-1003\..\Toolbar\WebBrowser: (I.R.I.S. Desktop Search) - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - C:\Program Files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SurfSecret] File not found
O4 - HKU\S-1-5-21-117609710-162531612-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2008\QBW32.EXE (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-117609710-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-117609710-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - blank File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - blank File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-117609710-162531612-839522115-1003\..Trusted Domains: chase.com ([]https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} Reg Error: Value error. (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03DAD1DC-F36A-4264-B504-A152C232B35E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - blank File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\David Snow\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David Snow\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/06 19:21:20 | 000,000,000 | ---D | M] - C:\autocad civil 3d -- [ NTFS ]
O32 - AutoRun File - [2008/09/06 15:55:34 | 000,000,000 | ---D | M] - C:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/05/11 03:41:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{76078612-45d9-11dd-8dd4-0019dbf71cd5}\Shell - "" = AutoRun
O33 - MountPoints2\{76078612-45d9-11dd-8dd4-0019dbf71cd5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76078612-45d9-11dd-8dd4-0019dbf71cd5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/24 07:36:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\David Snow\Recent
[2012/03/24 06:43:52 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/03/24 06:42:53 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/03/24 03:05:37 | 000,000,000 | ---D | C] -- C:\b23b70d14c09faff905c3f
[2012/03/24 02:29:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/24 01:21:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/24 01:19:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/24 01:19:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/24 01:19:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/24 01:19:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/24 01:19:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/24 01:19:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/22 18:28:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/03/21 18:41:30 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/21 18:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/03/21 18:41:29 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/21 18:41:27 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/21 18:41:27 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/21 18:41:26 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/21 18:41:25 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/21 18:41:25 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/21 18:41:25 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/21 18:41:02 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/21 18:41:01 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/21 18:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/21 18:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/21 18:20:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/03/21 17:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Hold
[2012/03/21 17:11:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David Snow\Copy of Favorites
[2012/03/21 16:49:49 | 000,000,000 | ---D | C] -- C:\Files&Exes
[2012/03/18 19:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Snow\Application Data\Curiolab
[2012/03/14 08:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Snow\Desktop\virus software
[2012/03/11 19:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Snow\Application Data\Malwarebytes
[2012/03/11 19:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/11 19:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/11 19:16:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/11 19:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/11 12:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Snow\Application Data\SUPERAntiSpyware.com
[2012/03/11 12:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Snow\Start Menu\Programs\SUPERAntiSpyware
[2012/03/11 12:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/03/11 12:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/06 08:23:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/24 13:10:51 | 000,013,700 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/24 13:09:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/24 13:09:25 | 001,276,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/24 08:58:35 | 000,494,226 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/24 08:58:35 | 000,091,866 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/24 08:53:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/24 08:26:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/24 08:26:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/24 07:34:41 | 000,000,102 | ---- | M] () -- C:\Documents and Settings\David Snow\default.pls
[2012/03/24 07:34:36 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/24 06:00:05 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2012/03/24 01:21:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/23 18:00:02 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2012/03/23 13:37:47 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/03/22 17:17:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\David Snow\defogger_reenable
[2012/03/22 13:49:36 | 000,147,155 | ---- | M] () -- C:\Documents and Settings\David Snow\My Documents\photo1.jpg
[2012/03/22 13:47:10 | 000,140,606 | ---- | M] () -- C:\Documents and Settings\David Snow\My Documents\photo.jpg
[2012/03/22 13:45:12 | 000,118,301 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\456.jpg
[2012/03/22 13:43:34 | 000,140,606 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\463.jpg
[2012/03/22 13:43:22 | 000,140,606 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\461.jpg
[2012/03/22 13:43:15 | 000,147,155 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\460.jpg
[2012/03/22 13:43:03 | 000,147,155 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\photo460.jpg
[2012/03/22 13:42:45 | 000,104,174 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\459.jpg
[2012/03/22 13:42:37 | 000,087,956 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\458.jpg
[2012/03/22 13:42:31 | 000,095,999 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\457.jpg
[2012/03/22 13:11:52 | 000,441,467 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/21 18:53:48 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\Tor Browser.lnk
[2012/03/21 18:46:26 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/21 18:41:30 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/21 18:25:02 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\David Snow\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/21 17:59:16 | 000,003,422 | ---- | M] () -- C:\Documents and Settings\David Snow\My Documents\cc_20120321_175913.reg
[2012/03/21 16:15:13 | 000,011,160 | ---- | M] () -- C:\Documents and Settings\David Snow\My Documents\cc_20120321_161509.reg
[2012/03/20 18:03:14 | 000,549,402 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\Texas_Inking_Machine_model_144_003.jpg
[2012/03/20 13:52:32 | 000,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier
[2012/03/19 18:24:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/19 18:09:06 | 000,164,178 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\REVISED PROFORMA AMERICAN LEATHER DESIGN.pdf
[2012/03/19 16:33:34 | 000,119,374 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\photo2.jpg
[2012/03/19 12:43:01 | 000,164,149 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\PROFORMA AMERICAN LEATHER DESIGN.pdf
[2012/03/16 11:23:29 | 000,045,163 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\c420L-2.jpg
[2012/03/16 11:23:06 | 000,060,196 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\Camoga_C420L_(9).jpg
[2012/03/16 11:22:57 | 000,059,544 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\Camoga_C420L_(6).jpg
[2012/03/16 10:43:30 | 001,434,510 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\Immagine 001.jpg
[2012/03/16 10:43:21 | 001,387,404 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\Immagine 003.jpg
[2012/03/16 10:43:20 | 001,330,327 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\Immagine 002.jpg
[2012/03/15 15:49:13 | 000,151,165 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\996.jpg
[2012/03/15 11:26:02 | 000,021,458 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\c520.jpg
[2012/03/15 11:23:39 | 000,151,165 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\photo777.jpg
[2012/03/15 11:08:17 | 000,098,367 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\photo.jpg
[2012/03/14 13:49:57 | 000,210,243 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\Comelz SS 20.jpg
[2012/03/11 13:08:42 | 000,148,903 | ---- | M] () -- C:\WINDOWS\hpwins05.dat
[2012/03/09 16:26:18 | 000,313,754 | ---- | M] () -- C:\Documents and Settings\David Snow\Desktop\product_1398_full.jpg
[2012/03/09 12:54:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/06 19:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/06 19:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/06 18:14:36 | 000,441,533 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120322-131152.backup
[2012/03/05 20:55:10 | 000,000,882 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120306-171436.backup
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/24 13:09:25 | 001,276,336 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/24 08:18:18 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/03/24 06:43:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/24 06:43:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/03/24 01:21:50 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/24 01:21:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/24 01:19:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/24 01:19:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/24 01:19:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/24 01:19:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/24 01:19:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/22 17:17:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\David Snow\defogger_reenable
[2012/03/22 13:49:42 | 000,147,155 | ---- | C] () -- C:\Documents and Settings\David Snow\My Documents\photo1.jpg
[2012/03/22 13:47:26 | 000,140,606 | ---- | C] () -- C:\Documents and Settings\David Snow\My Documents\photo.jpg
[2012/03/22 13:43:44 | 000,140,606 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\463.jpg
[2012/03/22 13:43:24 | 000,140,606 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\461.jpg
[2012/03/22 13:43:16 | 000,147,155 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\460.jpg
[2012/03/22 13:43:10 | 000,147,155 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\photo460.jpg
[2012/03/22 13:42:52 | 000,104,174 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\459.jpg
[2012/03/22 13:42:39 | 000,087,956 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\458.jpg
[2012/03/22 13:42:28 | 000,095,999 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\457.jpg
[2012/03/22 13:42:17 | 000,118,301 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\456.jpg
[2012/03/21 18:53:48 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\Tor Browser.lnk
[2012/03/21 18:41:30 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/21 17:59:14 | 000,003,422 | ---- | C] () -- C:\Documents and Settings\David Snow\My Documents\cc_20120321_175913.reg
[2012/03/21 16:15:10 | 000,011,160 | ---- | C] () -- C:\Documents and Settings\David Snow\My Documents\cc_20120321_161509.reg
[2012/03/20 18:03:20 | 000,549,402 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\Texas_Inking_Machine_model_144_003.jpg
[2012/03/20 13:52:32 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Zone.Identifier
[2012/03/19 18:08:57 | 000,164,178 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\REVISED PROFORMA AMERICAN LEATHER DESIGN.pdf
[2012/03/19 16:33:43 | 000,119,374 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\photo2.jpg
[2012/03/19 12:42:53 | 000,164,149 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\PROFORMA AMERICAN LEATHER DESIGN.pdf
[2012/03/16 11:23:35 | 000,045,163 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\c420L-2.jpg
[2012/03/16 11:23:08 | 000,060,196 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\Camoga_C420L_(9).jpg
[2012/03/16 11:23:00 | 000,059,544 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\Camoga_C420L_(6).jpg
[2012/03/16 10:41:30 | 001,434,510 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\Immagine 001.jpg
[2012/03/16 10:41:30 | 001,387,404 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\Immagine 003.jpg
[2012/03/16 10:41:30 | 001,330,327 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\Immagine 002.jpg
[2012/03/15 15:49:19 | 000,151,165 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\996.jpg
[2012/03/15 11:27:35 | 000,021,458 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\c520.jpg
[2012/03/15 11:23:47 | 000,151,165 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\photo777.jpg
[2012/03/15 11:08:22 | 000,098,367 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\photo.jpg
[2012/03/14 13:49:47 | 000,210,243 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\Comelz SS 20.jpg
[2012/03/09 16:26:59 | 000,313,754 | ---- | C] () -- C:\Documents and Settings\David Snow\Desktop\product_1398_full.jpg
[2011/12/01 17:18:31 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6QJBMm8.dat
[2011/12/01 17:04:49 | 000,013,154 | -HS- | C] () -- C:\Documents and Settings\David Snow\Local Settings\Application Data\400741w6k882c553r402d6vsh0q1
[2011/12/01 17:04:49 | 000,013,154 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\400741w6k882c553r402d6vsh0q1
[2011/11/10 16:00:29 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2011/09/02 19:29:22 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lholope.dat
[2011/09/02 19:29:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Syoxu.bin
[2011/06/17 18:53:30 | 000,001,084 | -HS- | C] () -- C:\Documents and Settings\David Snow\Local Settings\Application Data\xk6w73tjlt3iy412yho7vcnf1o2of588hexc88k4w
[2011/06/17 18:53:30 | 000,001,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xk6w73tjlt3iy412yho7vcnf1o2of588hexc88k4w
[2011/05/09 12:17:05 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/05/02 17:45:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/27 11:52:29 | 002,576,800 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/15 10:20:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/04/09 18:54:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:010ADD2C

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 24 March 2012 - 12:35 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - blank File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-117609710-162531612-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [SurfSecret] File not found
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - blank File not found
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - blank File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - blank File not found
    33 - MountPoints2\{76078612-45d9-11dd-8dd4-0019dbf71cd5}\Shell - "" = AutoRun
    O33 - MountPoints2\{76078612-45d9-11dd-8dd4-0019dbf71cd5}\Shell\AutoRun - "" = Auto&Play  
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:010ADD2C
    FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
    FF - prefs.js..extensions.enabledItems: {5B8C6AF0-9ADB-4F75-8267-585B0961DE26}:1.9.1
    [2011/08/23 18:14:58 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\David Snow\Application Data\Mozilla\Firefox\Profiles\t5wz5943.default\extensions\plugin@yontoo.com
    [2011/09/02 19:29:20 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\DAVID SNOW\LOCAL SETTINGS\APPLICATION DATA\{5B8C6AF0-9ADB-4F75-8267-585B0961DE26}
    [2011/12/01 17:04:49 | 000,013,154 | -HS- | C] () -- C:\Documents and Settings\David Snow\Local Settings\Application Data\400741w6k882c553r402d6vsh0q1
    [2011/12/01 17:04:49 | 000,013,154 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\400741w6k882c553r402d6vsh0q1
    [2011/09/02 19:29:22 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lholope.dat
    [2011/09/02 19:29:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Syoxu.bin
    [2011/06/17 18:53:30 | 000,001,084 | -HS- | C] () -- C:\Documents and Settings\David Snow\Local Settings\Application Data\xk6w73tjlt3iy412yho7vcnf1o2of588hexc88k4w
    [2011/06/17 18:53:30 | 000,001,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xk6w73tjlt3iy412yho7vcnf1o2of588hexc88k4w
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 dasnow

dasnow
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 24 March 2012 - 12:41 PM

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-117609710-162531612-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SurfSecret deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ deleted successfully.
File {91774881-D725-4E58-B298-07617B9B86A8} - blank File not found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76078612-45d9-11dd-8dd4-0019dbf71cd5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76078612-45d9-11dd-8dd4-0019dbf71cd5}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:63238B95 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:010ADD2C deleted successfully.
Prefs.js: plugin@yontoo.com:1.20.00 removed from extensions.enabledItems
Prefs.js: {5B8C6AF0-9ADB-4F75-8267-585B0961DE26}:1.9.1 removed from extensions.enabledItems
C:\Documents and Settings\David Snow\Application Data\Mozilla\Firefox\Profiles\t5wz5943.default\extensions\plugin@yontoo.com\skin folder moved successfully.
C:\Documents and Settings\David Snow\Application Data\Mozilla\Firefox\Profiles\t5wz5943.default\extensions\plugin@yontoo.com\locale\en-US folder moved successfully.
C:\Documents and Settings\David Snow\Application Data\Mozilla\Firefox\Profiles\t5wz5943.default\extensions\plugin@yontoo.com\locale folder moved successfully.
C:\Documents and Settings\David Snow\Application Data\Mozilla\Firefox\Profiles\t5wz5943.default\extensions\plugin@yontoo.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\David Snow\Application Data\Mozilla\Firefox\Profiles\t5wz5943.default\extensions\plugin@yontoo.com\defaults folder moved successfully.
C:\Documents and Settings\David Snow\Application Data\Mozilla\Firefox\Profiles\t5wz5943.default\extensions\plugin@yontoo.com\content folder moved successfully.
C:\Documents and Settings\David Snow\Application Data\Mozilla\Firefox\Profiles\t5wz5943.default\extensions\plugin@yontoo.com folder moved successfully.
C:\DOCUMENTS AND SETTINGS\DAVID SNOW\LOCAL SETTINGS\APPLICATION DATA\{5B8C6AF0-9ADB-4F75-8267-585B0961DE26}\chrome\content folder moved successfully.
C:\DOCUMENTS AND SETTINGS\DAVID SNOW\LOCAL SETTINGS\APPLICATION DATA\{5B8C6AF0-9ADB-4F75-8267-585B0961DE26}\chrome folder moved successfully.
C:\DOCUMENTS AND SETTINGS\DAVID SNOW\LOCAL SETTINGS\APPLICATION DATA\{5B8C6AF0-9ADB-4F75-8267-585B0961DE26} folder moved successfully.
C:\Documents and Settings\David Snow\Local Settings\Application Data\400741w6k882c553r402d6vsh0q1 moved successfully.
C:\Documents and Settings\All Users\Application Data\400741w6k882c553r402d6vsh0q1 moved successfully.
C:\WINDOWS\Lholope.dat moved successfully.
C:\WINDOWS\Syoxu.bin moved successfully.
C:\Documents and Settings\David Snow\Local Settings\Application Data\xk6w73tjlt3iy412yho7vcnf1o2of588hexc88k4w moved successfully.
C:\Documents and Settings\All Users\Application Data\xk6w73tjlt3iy412yho7vcnf1o2of588hexc88k4w moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\David Snow\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\David Snow\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: David Snow
->Java cache emptied: 1001830 bytes

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 570 bytes

User: All Users

User: David Snow
->Flash cache emptied: 3796700 bytes

User: Default User
->Flash cache emptied: 41 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 17239 bytes

Total Flash Files Cleaned = 4.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 03242012_134013




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users