Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Services not running


  • This topic is locked This topic is locked
18 replies to this topic

#1 adrayton

adrayton

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 18 April 2012 - 03:46 AM

Hi,

I've been requested to post a new topic here with my logs by narenxp after my previous post here...

http://www.bleepingcomputer.com/forums/topic450411.html/page__gopid__2669519#entry2669519

Unfortunately as you can see from my previous topic I cannot copy on the infected machine so I am unable to run DDS from the desktop, only from my flash drive, is that a problem? What definitely is a problem is that the attach file dos not seem to generate. I run DDS, then the box comes up to say it complete, the the DDS text file opens, which I save and then nothing!

It won't let me post the DDS log here as it says my post is too long, I'll try a reply.

Thanks in advance for any help, I really appreciate it!!

Andy

BC AdBot (Login to Remove)

 


#2 adrayton

adrayton
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 18 April 2012 - 03:54 AM

Won't let me post it again or attach it as it's too big. Looking through the log it seem to have these two lines...

FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p=

Literally about a million times in the Firefox section. I'm going to delete the repetition and try again.

Andy

#3 adrayton

adrayton
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 18 April 2012 - 03:58 AM

Ok here is the DDS log with only two instances of the firefox lines instead of hundreds!


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by Janey at 9:38:02 on 2012-04-18
.
============== Running Processes ===============
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdqcoms.exe
C:\Program Files\T-Mobile\Mobile Broadband Manager\AssistantServices.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\T-Mobile\Mobile Broadband Manager\UIExec.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
D:\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.tattoodle.com?tid={4534CDC7-9D4D-41ce-8F62-D3E45BD1809F}
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UIExec] "c:\program files\t-mobile\mobile broadband manager\UIExec.exe"
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4A5E20D9-F47E-43A7-A9CA-5216081D060A} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\janey\application data\mozilla\firefox\profiles\dowc0q4v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={315495B7-5C9E-79BA-24C7-9AC88B696592}&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p=
FF - prefs.js: network.proxy.ftp - sgproxy1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - sgproxy1
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.socks - sgproxy1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - sgproxy1
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Personal Menu: CompactMenuCE@Merci.chao - %profile%\extensions\CompactMenuCE@Merci.chao
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R? ActivHidSerMini;Promethean Serial Board Driver
R? bowkionk;bowkionk
R? dpxycqao;dpxycqao
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? lxdqCATSCustConnectService;lxdqCATSCustConnectService
R? massfilter;ZTE Mass Storage Filter Driver
R? prmvmouse;Promethean HID Mouse Service
R? qadlrumf;qadlrumf
R? qirgvzzo;qirgvzzo
R? rimagzoj;rimagzoj
S? AESTAud;AE Audio Service
S? lxdq_device;lxdq_device
S? MpFilter;Microsoft Malware Protection Driver
S? SmartDefragDriver;SmartDefragDriver
S? UI Assistant Service;UI Assistant Service
S? waclient;WatchGuard Access Client Driver
.
=============== Created Last 30 ================
.
2012-04-17 18:25:40 -------- d-s---w- C:\ComboFix
2012-04-17 12:28:15 98816 ----a-w- c:\windows\sed.exe
2012-04-17 12:28:15 518144 ----a-w- c:\windows\SWREG.exe
2012-04-17 12:28:15 256000 ----a-w- c:\windows\PEV.exe
2012-04-17 12:28:15 208896 ----a-w- c:\windows\MBR.exe
2012-04-17 10:33:58 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-04-17 10:33:58 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-04-17 10:33:58 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-04-17 10:33:58 598528 ----a-w- c:\windows\system32\ztv7z.dll
2012-04-17 10:33:58 178176 ----a-w- c:\windows\system32\ztvunrar39.dll
2012-04-17 10:33:58 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-04-17 10:33:58 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2012-04-17 10:33:56 -------- d-----w- c:\program files\Trojan Remover
2012-04-17 10:33:56 -------- d-----w- c:\documents and settings\janey\application data\Simply Super Software
2012-04-17 10:33:56 -------- d-----w- c:\documents and settings\all users\application data\Simply Super Software
2012-04-16 19:07:01 -------- d-----w- C:\found.001
2012-04-16 18:50:48 388096 ----a-r- c:\documents and settings\janey\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-04-16 18:50:44 -------- d-----w- c:\program files\Trend Micro
2012-04-16 17:20:53 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9590df58-8399-44dd-8ccf-a1f6494da6e8}\mpengine.dll
2012-04-16 17:19:27 -------- d-----w- C:\found.000
2012-04-15 19:20:29 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ea379cf5-f101-478e-b359-33fda2fe8be1}\mpengine.dll
.
==================== Find3M ====================
.
2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-07 10:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-05 11:21:37 55536 ----a-w- c:\windows\system32\drivers\waclient.sys
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 9:38:26.43 ===============

#4 adrayton

adrayton
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 18 April 2012 - 05:34 AM

And finally attached is the log from GMER

Andy

Attached Files

  • Attached File  ark.txt   2.67KB   2 downloads


#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:19 PM

Posted 19 April 2012 - 05:25 PM

Hi adrayton,

Welcome to the forum.

In case the issue is not resolved yet please post a fresh FSS log.

#6 adrayton

adrayton
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 20 April 2012 - 03:18 AM

Hi Just Curious,

Thanks for your reply. Here is the new FSS log...

Farbar Service Scanner Version: 16-04-2012
Ran by Janey (administrator) on 20-04-2012 at 09:15:03
Running from "D:\rkill\New folder"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

netman Service is not running. Checking service configuration:
The start type of netman service is OK.
The ImagePath of netman service is OK.
The ServiceDll of netman service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".

cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.


Windows Autoupdate Disabled Policy:
============================

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs: "%SystemRoot%\system32\svchost.exe -k rpcss".
The ServiceDll of RpcSs service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe
[2012-04-18 09:12] - [2012-04-18 09:12] - 0007278 ____A () 115CAD555F7D81DE53015F018875FA4D

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(6) PSched(7) Tcpip(3) waclient(8)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Thank you,

Andy

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:19 PM

Posted 20 April 2012 - 05:08 AM

We are going to fix the issue.

Please download Attached File  fix.bat   394bytes   19 downloads
Save it to your flash drive.
Insert flash drive to the problem computer.
Run it the same way you ran FSS.
A command window opens and after that a log file will open.
If the last line of the log file reads: "1 file(s) copied", it means it is good. The log file (log.txt) will automatically be saved on the flash drive but we don't need it now.
If you see "1 file(s) copied" close the log, restart the computer and tell me if the services are running.

#8 adrayton

adrayton
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 20 April 2012 - 05:25 AM

IT WORKED!!!

Thank you, you're a genius.

What should I do now? Is the computer safe to keep using after some scans (MBAM, security essentials etc.) or should I do a system restore back to a safer point?

Again, thank you SO much.

Andy

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:19 PM

Posted 20 April 2012 - 05:54 AM

Great. :thumbup2:

Since an important file like svchost.exe doesn't disappears without a reason, and I see something on the logs that we need to take a look at, we need to do some work to make sure.

  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • Download aswMBR.exe ( 511KB ) to your desktop.
    • Double click the aswMBR.exe to run it.
    • Click the "Scan" button.
    • On completion of the scan click Save log, save it to your desktop and post in your next reply.
    Also the utility makes a file on your desktop named MBR.dat. We don't need it now.
  • Please download TDSSKiller.zip and and extract it.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed and tell me if the tool needed a reboot.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


#10 adrayton

adrayton
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 20 April 2012 - 06:33 AM

Thank you. Neither MBAM or TDSSKiller reported any objects.

Here's the MBAM log...


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.20.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Janey :: JANEYSNETBOOK [administrator]

20/04/2012 12:00:32
mbam-log-2012-04-20 (12-00-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197930
Time elapsed: 20 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by adrayton, 20 April 2012 - 06:38 AM.


#11 adrayton

adrayton
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 20 April 2012 - 06:35 AM

And the aswMBR...


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-20 12:24:05
-----------------------------
12:24:05.962 OS Version: Windows 5.1.2600 Service Pack 3
12:24:05.962 Number of processors: 2 586 0x1C02
12:24:05.962 ComputerName: JANEYSNETBOOK UserName: Janey
12:24:09.665 Initialize success
12:24:37.962 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:24:37.977 Disk 0 Vendor: SAMSUNG_HS06THB NN100-04 Size: 57241MB BusType: 3
12:24:38.009 Disk 0 MBR read successfully
12:24:38.024 Disk 0 MBR scan
12:24:38.040 Disk 0 Windows XP default MBR code
12:24:38.056 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63
12:24:38.102 Disk 0 scanning sectors +117210240
12:24:38.243 Disk 0 scanning C:\WINDOWS\system32\drivers
12:25:02.134 Service scanning
12:25:27.978 Service MpKsle45f0332 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{23947F17-C864-4432-A0BE-396557ECB0A0}\MpKsle45f0332.sys **LOCKED** 32
12:25:46.603 Modules scanning
12:26:15.728 Disk 0 trace - called modules:
12:26:15.791 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
12:26:15.806 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87106ab8]
12:26:15.822 3 CLASSPNP.SYS[f74e8fd7] -> nt!IofCallDriver -> \Device\00000066[0x871089e8]
12:26:15.853 5 ACPI.sys[f735f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87156940]
12:26:15.869 Scan finished successfully
12:26:30.650 Disk 0 MBR has been saved successfully to "D:\!!!\Fix\MBR.dat"
12:26:30.713 The log file has been saved successfully to "D:\!!!\Fix\aswMBR.txt"

#12 adrayton

adrayton
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 20 April 2012 - 06:36 AM

And the TDSSKiller log...


12:26:54.0728 3228 TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31
12:26:55.0150 3228 ============================================================
12:26:55.0150 3228 Current date / time: 2012/04/20 12:26:55.0150
12:26:55.0150 3228 SystemInfo:
12:26:55.0150 3228
12:26:55.0150 3228 OS Version: 5.1.2600 ServicePack: 3.0
12:26:55.0150 3228 Product type: Workstation
12:26:55.0150 3228 ComputerName: JANEYSNETBOOK
12:26:55.0150 3228 UserName: Janey
12:26:55.0150 3228 Windows directory: C:\WINDOWS
12:26:55.0150 3228 System windows directory: C:\WINDOWS
12:26:55.0150 3228 Processor architecture: Intel x86
12:26:55.0150 3228 Number of processors: 2
12:26:55.0150 3228 Page size: 0x1000
12:26:55.0150 3228 Boot type: Normal boot
12:26:55.0150 3228 ============================================================
12:26:59.0244 3228 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:26:59.0244 3228 Drive \Device\Harddisk1\DR2 - Size: 0x1E1FFFE00 (7.53 Gb), SectorSize: 0x200, Cylinders: 0x3D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:26:59.0244 3228 \Device\Harddisk0\DR0:
12:26:59.0244 3228 MBR partitions:
12:26:59.0244 3228 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
12:26:59.0244 3228 \Device\Harddisk1\DR2:
12:26:59.0244 3228 MBR partitions:
12:26:59.0244 3228 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
12:26:59.0291 3228 C: <-> \Device\Harddisk0\DR0\Partition0
12:26:59.0291 3228 Initialize success
12:26:59.0291 3228 ============================================================
12:27:07.0244 2760 ============================================================
12:27:07.0244 2760 Scan started
12:27:07.0244 2760 Mode: Manual;
12:27:07.0244 2760 ============================================================
12:27:08.0135 2760 Abiosdsk - ok
12:27:08.0588 2760 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:27:08.0588 2760 abp480n5 - ok
12:27:09.0088 2760 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:27:09.0166 2760 ACPI - ok
12:27:09.0525 2760 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:27:09.0525 2760 ACPIEC - ok
12:27:09.0963 2760 ActivHidSerMini (092542818ccd17b659e17e4dcb427bad) C:\WINDOWS\system32\DRIVERS\activhidsermini.sys
12:27:09.0978 2760 ActivHidSerMini - ok
12:27:10.0400 2760 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:27:10.0432 2760 adpu160m - ok
12:27:10.0900 2760 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:27:10.0932 2760 aec - ok
12:27:11.0432 2760 AESTAud (20f078136f3bdc4c0405c0527b769303) C:\WINDOWS\system32\drivers\AESTAud.sys
12:27:11.0447 2760 AESTAud - ok
12:27:11.0947 2760 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:27:11.0994 2760 AFD - ok
12:27:12.0416 2760 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:27:12.0416 2760 agp440 - ok
12:27:12.0791 2760 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:27:12.0807 2760 agpCPQ - ok
12:27:13.0197 2760 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:27:13.0197 2760 Aha154x - ok
12:27:13.0603 2760 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:27:13.0619 2760 aic78u2 - ok
12:27:14.0010 2760 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:27:14.0010 2760 aic78xx - ok
12:27:14.0385 2760 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:27:14.0400 2760 Alerter - ok
12:27:14.0775 2760 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:27:14.0791 2760 ALG - ok
12:27:15.0197 2760 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
12:27:15.0197 2760 AliIde - ok
12:27:15.0588 2760 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:27:15.0588 2760 alim1541 - ok
12:27:15.0963 2760 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:27:15.0963 2760 amdagp - ok
12:27:16.0353 2760 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
12:27:16.0353 2760 amsint - ok
12:27:16.0666 2760 AppMgmt - ok
12:27:17.0088 2760 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:27:17.0088 2760 Arp1394 - ok
12:27:17.0463 2760 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
12:27:17.0463 2760 asc - ok
12:27:17.0838 2760 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:27:17.0838 2760 asc3350p - ok
12:27:18.0228 2760 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:27:18.0228 2760 asc3550 - ok
12:27:18.0494 2760 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:27:18.0510 2760 aspnet_state - ok
12:27:18.0916 2760 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:27:18.0916 2760 AsyncMac - ok
12:27:19.0353 2760 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:27:19.0353 2760 atapi - ok
12:27:19.0713 2760 Atdisk - ok
12:27:20.0135 2760 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:27:20.0135 2760 Atmarpc - ok
12:27:20.0557 2760 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:27:20.0588 2760 AudioSrv - ok
12:27:20.0994 2760 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:27:20.0994 2760 audstub - ok
12:27:22.0072 2760 BCM43XX (c89327377d4b62dc792e8930ea55f571) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
12:27:22.0760 2760 BCM43XX - ok
12:27:23.0135 2760 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:27:23.0135 2760 Beep - ok
12:27:23.0744 2760 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:27:23.0994 2760 BITS - ok
12:27:24.0338 2760 bowkionk - ok
12:27:24.0744 2760 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:27:24.0791 2760 Browser - ok
12:27:25.0479 2760 btaudio (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys
12:27:25.0744 2760 btaudio - ok
12:27:26.0166 2760 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
12:27:26.0166 2760 BTDriver - ok
12:27:27.0150 2760 BTKRNL (b4355289cb2ebcc91ae995f916d271b7) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
12:27:27.0729 2760 BTKRNL - ok
12:27:28.0150 2760 btwdins (31b026add54cbd695709e56d7677a07b) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
12:27:28.0354 2760 btwdins - ok
12:27:28.0822 2760 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
12:27:28.0869 2760 BTWDNDIS - ok
12:27:29.0322 2760 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
12:27:29.0322 2760 btwhid - ok
12:27:29.0744 2760 BTWUSB (fac7e5965162c70d184dfe92b4bcbd1b) C:\WINDOWS\system32\Drivers\btwusb.sys
12:27:29.0744 2760 BTWUSB - ok
12:27:29.0916 2760 catchme - ok
12:27:30.0338 2760 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:27:30.0338 2760 cbidf - ok
12:27:30.0744 2760 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:27:30.0744 2760 cbidf2k - ok
12:27:31.0166 2760 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:27:31.0166 2760 CCDECODE - ok
12:27:31.0557 2760 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:27:31.0557 2760 cd20xrnt - ok
12:27:31.0947 2760 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:27:31.0947 2760 Cdaudio - ok
12:27:32.0369 2760 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:27:32.0369 2760 Cdfs - ok
12:27:32.0807 2760 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:27:32.0807 2760 Cdrom - ok
12:27:33.0150 2760 Changer - ok
12:27:33.0510 2760 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:27:33.0510 2760 CiSvc - ok
12:27:33.0885 2760 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:27:33.0916 2760 ClipSrv - ok
12:27:34.0150 2760 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:27:34.0213 2760 clr_optimization_v2.0.50727_32 - ok
12:27:34.0650 2760 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:27:34.0650 2760 CmBatt - ok
12:27:35.0025 2760 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:27:35.0025 2760 CmdIde - ok
12:27:35.0416 2760 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:27:35.0416 2760 Compbatt - ok
12:27:35.0760 2760 COMSysApp - ok
12:27:36.0166 2760 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:27:36.0166 2760 Cpqarray - ok
12:27:36.0557 2760 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:27:36.0588 2760 CryptSvc - ok
12:27:37.0072 2760 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:27:37.0135 2760 dac2w2k - ok
12:27:37.0510 2760 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:27:37.0525 2760 dac960nt - ok
12:27:38.0104 2760 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:27:38.0307 2760 DcomLaunch - ok
12:27:38.0729 2760 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:27:38.0807 2760 Dhcp - ok
12:27:39.0182 2760 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:27:39.0182 2760 Disk - ok
12:27:39.0526 2760 dmadmin - ok
12:27:40.0369 2760 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:27:40.0791 2760 dmboot - ok
12:27:41.0244 2760 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:27:41.0291 2760 dmio - ok
12:27:41.0666 2760 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:27:41.0666 2760 dmload - ok
12:27:42.0057 2760 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:27:42.0057 2760 dmserver - ok
12:27:42.0479 2760 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:27:42.0479 2760 DMusic - ok
12:27:42.0901 2760 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:27:42.0916 2760 Dnscache - ok
12:27:43.0338 2760 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:27:43.0416 2760 Dot3svc - ok
12:27:43.0807 2760 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:27:43.0807 2760 dpti2o - ok
12:27:44.0166 2760 dpxycqao - ok
12:27:44.0557 2760 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:27:44.0572 2760 drmkaud - ok
12:27:44.0932 2760 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:27:44.0947 2760 EapHost - ok
12:27:45.0322 2760 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:27:45.0338 2760 ERSvc - ok
12:27:45.0791 2760 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:27:45.0854 2760 Eventlog - ok
12:27:46.0369 2760 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:27:46.0510 2760 EventSystem - ok
12:27:46.0994 2760 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:27:47.0041 2760 Fastfat - ok
12:27:47.0494 2760 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:27:47.0572 2760 FastUserSwitchingCompatibility - ok
12:27:47.0963 2760 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:27:47.0963 2760 Fdc - ok
12:27:48.0385 2760 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:27:48.0385 2760 Fips - ok
12:27:48.0760 2760 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:27:48.0760 2760 Flpydisk - ok
12:27:49.0229 2760 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:27:49.0276 2760 FltMgr - ok
12:27:49.0479 2760 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:27:49.0510 2760 FontCache3.0.0.0 - ok
12:27:49.0932 2760 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:27:49.0932 2760 Fs_Rec - ok
12:27:50.0369 2760 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:27:50.0401 2760 Ftdisk - ok
12:27:50.0807 2760 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:27:50.0807 2760 Gpc - ok
12:27:51.0057 2760 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:27:51.0135 2760 gupdate - ok
12:27:51.0229 2760 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:27:51.0229 2760 gupdatem - ok
12:27:51.0682 2760 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:27:51.0729 2760 HDAudBus - ok
12:27:51.0901 2760 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:27:51.0901 2760 helpsvc - ok
12:27:52.0276 2760 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:27:52.0291 2760 HidServ - ok
12:27:52.0697 2760 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:27:52.0697 2760 HidUsb - ok
12:27:53.0104 2760 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:27:53.0151 2760 hkmsvc - ok
12:27:53.0541 2760 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
12:27:53.0541 2760 hpn - ok
12:27:53.0791 2760 hpqwmiex (1665c7121a026df10c903db9bc5e9d43) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
12:27:53.0885 2760 hpqwmiex - ok
12:27:54.0447 2760 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:27:54.0588 2760 HTTP - ok
12:27:54.0963 2760 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:27:54.0979 2760 HTTPFilter - ok
12:27:55.0401 2760 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
12:27:55.0401 2760 i2omgmt - ok
12:27:56.0041 2760 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:27:56.0041 2760 i2omp - ok
12:27:56.0447 2760 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:27:56.0463 2760 i8042prt - ok
12:28:00.0151 2760 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:28:03.0573 2760 ialm - ok
12:28:03.0791 2760 IDriverT (6f95324909b502e2651442c1548ab12f) c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:28:03.0823 2760 IDriverT - ok
12:28:04.0619 2760 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:28:05.0135 2760 idsvc - ok
12:28:05.0635 2760 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:28:05.0635 2760 Imapi - ok
12:28:06.0119 2760 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:28:06.0213 2760 ImapiService - ok
12:28:06.0635 2760 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:28:06.0635 2760 ini910u - ok
12:28:07.0041 2760 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:28:07.0041 2760 IntelIde - ok
12:28:07.0432 2760 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:28:07.0448 2760 intelppm - ok
12:28:07.0838 2760 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:28:07.0838 2760 Ip6Fw - ok
12:28:08.0229 2760 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:28:08.0229 2760 IpFilterDriver - ok
12:28:08.0604 2760 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:28:08.0604 2760 IpInIp - ok
12:28:09.0073 2760 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:28:09.0135 2760 IpNat - ok
12:28:09.0541 2760 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:28:09.0541 2760 IPSec - ok
12:28:09.0932 2760 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:28:09.0932 2760 IRENUM - ok
12:28:10.0338 2760 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:28:10.0338 2760 isapnp - ok
12:28:10.0573 2760 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
12:28:10.0666 2760 JavaQuickStarterService - ok
12:28:11.0057 2760 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:28:11.0057 2760 Kbdclass - ok
12:28:11.0479 2760 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:28:11.0479 2760 kbdhid - ok
12:28:11.0963 2760 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:28:11.0963 2760 kmixer - ok
12:28:12.0385 2760 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:28:12.0401 2760 KSecDD - ok
12:28:12.0823 2760 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:28:12.0885 2760 LanmanServer - ok
12:28:13.0338 2760 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:28:13.0432 2760 lanmanworkstation - ok
12:28:13.0776 2760 lbrtfdc - ok
12:28:14.0182 2760 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:28:14.0198 2760 LmHosts - ok
12:28:14.0682 2760 lxdqCATSCustConnectService (0b0c4db8a3886a7eaee403d4674c5820) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe
12:28:14.0760 2760 lxdqCATSCustConnectService - ok
12:28:15.0104 2760 lxdq_device - ok
12:28:15.0541 2760 massfilter (567d3cbc0ba3332887d091a237d4fd3c) C:\WINDOWS\system32\drivers\massfilter.sys
12:28:15.0541 2760 massfilter - ok
12:28:15.0916 2760 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:28:15.0948 2760 Messenger - ok
12:28:16.0213 2760 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:28:16.0244 2760 Microsoft Office Groove Audit Service - ok
12:28:16.0666 2760 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:28:16.0682 2760 mnmdd - ok
12:28:17.0041 2760 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:28:17.0073 2760 mnmsrvc - ok
12:28:17.0479 2760 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:28:17.0479 2760 Modem - ok
12:28:17.0901 2760 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:28:17.0901 2760 Mouclass - ok
12:28:18.0338 2760 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:28:18.0338 2760 mouhid - ok
12:28:18.0729 2760 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:28:18.0729 2760 MountMgr - ok
12:28:19.0198 2760 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:28:19.0245 2760 MpFilter - ok
12:28:19.0557 2760 MpKsle45f0332 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{23947F17-C864-4432-A0BE-396557ECB0A0}\MpKsle45f0332.sys
12:28:19.0557 2760 MpKsle45f0332 - ok
12:28:19.0948 2760 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:28:19.0948 2760 mraid35x - ok
12:28:20.0432 2760 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:28:20.0495 2760 MRxDAV - ok
12:28:21.0135 2760 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:28:21.0354 2760 MRxSmb - ok
12:28:21.0729 2760 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:28:21.0729 2760 MSDTC - ok
12:28:22.0104 2760 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:28:22.0104 2760 Msfs - ok
12:28:22.0432 2760 MSIServer - ok
12:28:22.0854 2760 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:28:22.0854 2760 MSKSSRV - ok
12:28:22.0995 2760 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
12:28:22.0995 2760 MsMpSvc - ok
12:28:23.0401 2760 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:28:23.0401 2760 MSPCLOCK - ok
12:28:23.0776 2760 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:28:23.0776 2760 MSPQM - ok
12:28:24.0182 2760 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:28:24.0182 2760 mssmbios - ok
12:28:24.0573 2760 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:28:24.0573 2760 MSTEE - ok
12:28:25.0010 2760 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:28:25.0041 2760 Mup - ok
12:28:25.0495 2760 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:28:25.0510 2760 NABTSFEC - ok
12:28:26.0041 2760 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:28:26.0213 2760 napagent - ok
12:28:26.0698 2760 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:28:26.0776 2760 NDIS - ok
12:28:27.0166 2760 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:28:27.0166 2760 NdisIP - ok
12:28:27.0573 2760 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:28:27.0573 2760 NdisTapi - ok
12:28:27.0963 2760 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:28:27.0963 2760 Ndisuio - ok
12:28:28.0385 2760 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:28:28.0401 2760 NdisWan - ok
12:28:28.0854 2760 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:28:28.0854 2760 NDProxy - ok
12:28:29.0229 2760 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:28:29.0229 2760 NetBIOS - ok
12:28:29.0713 2760 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:28:29.0776 2760 NetBT - ok
12:28:30.0198 2760 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:28:30.0260 2760 NetDDE - ok
12:28:30.0338 2760 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:28:30.0354 2760 NetDDEdsdm - ok
12:28:30.0760 2760 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:28:30.0776 2760 Netlogon - ok
12:28:31.0245 2760 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:28:31.0354 2760 Netman - ok
12:28:31.0620 2760 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:28:31.0698 2760 NetTcpPortSharing - ok
12:28:32.0104 2760 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:28:32.0104 2760 NIC1394 - ok
12:28:32.0651 2760 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:28:32.0776 2760 Nla - ok
12:28:33.0182 2760 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:28:33.0182 2760 Npfs - ok
12:28:33.0932 2760 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:28:34.0213 2760 Ntfs - ok
12:28:34.0604 2760 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:28:34.0604 2760 NtLmSsp - ok
12:28:35.0229 2760 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:28:35.0495 2760 NtmsSvc - ok
12:28:35.0885 2760 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:28:35.0885 2760 Null - ok
12:28:36.0276 2760 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:28:36.0276 2760 NwlnkFlt - ok
12:28:36.0666 2760 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:28:36.0666 2760 NwlnkFwd - ok
12:28:37.0135 2760 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:28:37.0401 2760 odserv - ok
12:28:37.0854 2760 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:28:37.0854 2760 ohci1394 - ok
12:28:38.0026 2760 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:28:38.0104 2760 ose - ok
12:28:38.0542 2760 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
12:28:38.0542 2760 Parport - ok
12:28:38.0917 2760 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:28:38.0917 2760 PartMgr - ok
12:28:39.0307 2760 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:28:39.0307 2760 ParVdm - ok
12:28:39.0745 2760 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:28:39.0745 2760 PCI - ok
12:28:40.0104 2760 PCIDump - ok
12:28:40.0510 2760 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:28:40.0510 2760 PCIIde - ok
12:28:40.0948 2760 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:28:41.0010 2760 Pcmcia - ok
12:28:41.0354 2760 PDCOMP - ok
12:28:41.0713 2760 PDFRAME - ok
12:28:42.0073 2760 PDRELI - ok
12:28:42.0432 2760 PDRFRAME - ok
12:28:42.0823 2760 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
12:28:42.0823 2760 perc2 - ok
12:28:43.0198 2760 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:28:43.0198 2760 perc2hib - ok
12:28:43.0667 2760 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:28:43.0667 2760 PlugPlay - ok
12:28:44.0026 2760 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:28:44.0026 2760 PolicyAgent - ok
12:28:44.0448 2760 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:28:44.0448 2760 PptpMiniport - ok
12:28:44.0807 2760 prmvmouse - ok
12:28:45.0151 2760 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:28:45.0151 2760 ProtectedStorage - ok
12:28:45.0573 2760 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:28:45.0573 2760 PSched - ok
12:28:45.0948 2760 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:28:45.0948 2760 Ptilink - ok
12:28:46.0307 2760 qadlrumf - ok
12:28:46.0667 2760 qirgvzzo - ok
12:28:47.0073 2760 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:28:47.0073 2760 ql1080 - ok
12:28:47.0463 2760 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:28:47.0463 2760 Ql10wnt - ok
12:28:47.0854 2760 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:28:47.0854 2760 ql12160 - ok
12:28:48.0245 2760 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:28:48.0245 2760 ql1240 - ok
12:28:48.0635 2760 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:28:48.0635 2760 ql1280 - ok
12:28:49.0042 2760 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:28:49.0042 2760 RasAcd - ok
12:28:49.0448 2760 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:28:49.0510 2760 RasAuto - ok
12:28:49.0932 2760 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:28:49.0932 2760 Rasl2tp - ok
12:28:50.0417 2760 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:28:50.0526 2760 RasMan - ok
12:28:50.0932 2760 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:28:50.0932 2760 RasPppoe - ok
12:28:51.0307 2760 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:28:51.0307 2760 Raspti - ok
12:28:51.0792 2760 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:28:51.0854 2760 Rdbss - ok
12:28:52.0213 2760 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:28:52.0213 2760 RDPCDD - ok
12:28:52.0729 2760 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:28:52.0792 2760 rdpdr - ok
12:28:53.0292 2760 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:28:53.0338 2760 RDPWD - ok
12:28:53.0776 2760 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:28:53.0854 2760 RDSessMgr - ok
12:28:54.0276 2760 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:28:54.0276 2760 redbook - ok
12:28:54.0682 2760 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:28:54.0729 2760 RemoteAccess - ok
12:28:55.0088 2760 rimagzoj - ok
12:28:55.0479 2760 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:28:55.0542 2760 RpcLocator - ok
12:28:56.0151 2760 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
12:28:56.0151 2760 RpcSs - ok
12:28:56.0573 2760 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:28:56.0651 2760 RSVP - ok
12:28:57.0073 2760 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:28:57.0073 2760 SamSs - ok
12:28:57.0495 2760 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:28:57.0557 2760 SCardSvr - ok
12:28:58.0026 2760 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:28:58.0135 2760 Schedule - ok
12:28:58.0573 2760 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:28:58.0589 2760 sdbus - ok
12:28:58.0979 2760 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:28:58.0979 2760 Secdrv - ok
12:28:59.0354 2760 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:28:59.0370 2760 seclogon - ok
12:28:59.0729 2760 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:28:59.0745 2760 SENS - ok
12:29:00.0182 2760 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
12:29:00.0182 2760 Serial - ok
12:29:00.0651 2760 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:29:00.0651 2760 Sfloppy - ok
12:29:01.0214 2760 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:29:01.0401 2760 SharedAccess - ok
12:29:01.0870 2760 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:29:01.0870 2760 ShellHWDetection - ok
12:29:02.0229 2760 Simbad - ok
12:29:02.0620 2760 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:29:02.0620 2760 sisagp - ok
12:29:03.0042 2760 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:29:03.0042 2760 SLIP - ok
12:29:03.0448 2760 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
12:29:03.0448 2760 SmartDefragDriver - ok
12:29:03.0854 2760 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:29:03.0854 2760 Sparrow - ok
12:29:04.0276 2760 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:29:04.0276 2760 splitter - ok
12:29:04.0682 2760 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:29:04.0714 2760 Spooler - ok
12:29:05.0120 2760 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:29:05.0120 2760 sr - ok
12:29:05.0604 2760 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:29:05.0729 2760 srservice - ok
12:29:06.0307 2760 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:29:06.0464 2760 Srv - ok
12:29:06.0854 2760 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:29:06.0901 2760 SSDPSRV - ok
12:29:06.0979 2760 STacSV - ok
12:29:08.0120 2760 STHDA (32c6df3f7d1241fd8348498b31152131) C:\WINDOWS\system32\drivers\sthda.sys
12:29:08.0854 2760 STHDA - ok
12:29:09.0448 2760 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:29:09.0651 2760 stisvc - ok
12:29:10.0057 2760 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:29:10.0073 2760 streamip - ok
12:29:10.0510 2760 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:29:10.0510 2760 swenum - ok
12:29:10.0948 2760 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:29:10.0948 2760 swmidi - ok
12:29:11.0276 2760 SwPrv - ok
12:29:11.0667 2760 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
12:29:11.0667 2760 symc810 - ok
12:29:12.0073 2760 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:29:12.0073 2760 symc8xx - ok
12:29:12.0464 2760 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:29:12.0464 2760 sym_hi - ok
12:29:12.0839 2760 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:29:12.0839 2760 sym_u3 - ok
12:29:13.0385 2760 SynTP (c8cc806f0506e9f168750371d37eee18) C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:29:13.0479 2760 SynTP - ok
12:29:13.0932 2760 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:29:13.0932 2760 sysaudio - ok
12:29:14.0354 2760 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:29:14.0417 2760 SysmonLog - ok
12:29:14.0932 2760 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:29:15.0073 2760 TapiSrv - ok
12:29:15.0682 2760 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:29:15.0854 2760 Tcpip - ok
12:29:16.0260 2760 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:29:16.0260 2760 TDPIPE - ok
12:29:16.0667 2760 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:29:16.0667 2760 TDTCP - ok
12:29:17.0089 2760 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:29:17.0120 2760 TermDD - ok
12:29:17.0651 2760 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:29:17.0667 2760 TermService - ok
12:29:18.0151 2760 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:29:18.0167 2760 Themes - ok
12:29:18.0542 2760 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
12:29:18.0542 2760 TosIde - ok
12:29:18.0948 2760 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:29:19.0011 2760 TrkWks - ok
12:29:19.0432 2760 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:29:19.0479 2760 Udfs - ok
12:29:19.0698 2760 UI Assistant Service (19bd0daed395358d941bdc33fb322dee) C:\Program Files\T-Mobile\Mobile Broadband Manager\AssistantServices.exe
12:29:19.0839 2760 UI Assistant Service - ok
12:29:20.0229 2760 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
12:29:20.0245 2760 ultra - ok
12:29:20.0854 2760 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:29:21.0089 2760 Update - ok
12:29:21.0542 2760 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:29:21.0651 2760 upnphost - ok
12:29:22.0011 2760 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:29:22.0026 2760 UPS - ok
12:29:22.0479 2760 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:29:22.0495 2760 usbccgp - ok
12:29:22.0886 2760 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:29:22.0901 2760 usbehci - ok
12:29:23.0307 2760 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:29:23.0339 2760 usbhub - ok
12:29:23.0761 2760 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:29:23.0776 2760 usbprint - ok
12:29:24.0245 2760 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:29:24.0245 2760 USBSTOR - ok
12:29:24.0667 2760 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:29:24.0667 2760 usbuhci - ok
12:29:25.0104 2760 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
12:29:25.0182 2760 usbvideo - ok
12:29:25.0589 2760 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:29:25.0604 2760 VgaSave - ok
12:29:26.0042 2760 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:29:26.0057 2760 viaagp - ok
12:29:26.0448 2760 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:29:26.0448 2760 ViaIde - ok
12:29:26.0839 2760 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:29:26.0870 2760 VolSnap - ok
12:29:27.0401 2760 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:29:27.0557 2760 VSS - ok
12:29:28.0026 2760 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:29:28.0120 2760 W32Time - ok
12:29:28.0557 2760 waclient (d87fd3fac4d99a3d471e101c3d7d30ba) C:\WINDOWS\system32\drivers\waclient.sys
12:29:28.0589 2760 waclient - ok
12:29:28.0979 2760 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:29:29.0011 2760 Wanarp - ok
12:29:29.0370 2760 WDICA - ok
12:29:29.0839 2760 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:29:29.0886 2760 wdmaud - ok
12:29:30.0276 2760 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:29:30.0307 2760 WebClient - ok
12:29:30.0807 2760 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:29:30.0823 2760 winmgmt - ok
12:29:31.0261 2760 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:29:31.0276 2760 WmdmPmSN - ok
12:29:31.0667 2760 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:29:31.0682 2760 WmiAcpi - ok
12:29:32.0120 2760 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:29:32.0182 2760 WmiApSrv - ok
12:29:32.0823 2760 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:29:33.0339 2760 WMPNetworkSvc - ok
12:29:33.0745 2760 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:29:33.0761 2760 WpdUsb - ok
12:29:34.0151 2760 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:29:34.0151 2760 WS2IFSL - ok
12:29:34.0573 2760 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
12:29:34.0636 2760 wscsvc - ok
12:29:35.0042 2760 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:29:35.0057 2760 WSTCODEC - ok
12:29:35.0432 2760 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:29:35.0432 2760 wuauserv - ok
12:29:35.0870 2760 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:29:35.0917 2760 WudfPf - ok
12:29:36.0339 2760 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:29:36.0386 2760 WudfRd - ok
12:29:36.0792 2760 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:29:36.0823 2760 WudfSvc - ok
12:29:37.0464 2760 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:29:37.0729 2760 WZCSVC - ok
12:29:38.0167 2760 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:29:38.0167 2760 xmlprov - ok
12:29:38.0761 2760 yukonwxp (849494d3f85a45231744ca7470246c71) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
12:29:38.0917 2760 yukonwxp - ok
12:29:39.0354 2760 ZTEusbmdm6k (c2215c6ada8b1e9feb507cee9b446661) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
12:29:39.0417 2760 ZTEusbmdm6k - ok
12:29:39.0886 2760 ZTEusbnmea (f16ce3c7690ab7426dc96520d54a737e) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
12:29:39.0948 2760 ZTEusbnmea - ok
12:29:40.0370 2760 ZTEusbser6k (c2215c6ada8b1e9feb507cee9b446661) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
12:29:40.0433 2760 ZTEusbser6k - ok
12:29:40.0526 2760 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:29:40.0948 2760 \Device\Harddisk0\DR0 - ok
12:29:40.0964 2760 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
12:29:40.0979 2760 \Device\Harddisk1\DR2 - ok
12:29:40.0995 2760 Boot (0x1200) (e4ad69d9cc348d390532fed99894f504) \Device\Harddisk0\DR0\Partition0
12:29:40.0995 2760 \Device\Harddisk0\DR0\Partition0 - ok
12:29:41.0011 2760 Boot (0x1200) (e0830110b47f9555e9b2bb8d53f4b257) \Device\Harddisk1\DR2\Partition0
12:29:41.0011 2760 \Device\Harddisk1\DR2\Partition0 - ok
12:29:41.0011 2760 ============================================================
12:29:41.0011 2760 Scan finished
12:29:41.0011 2760 ============================================================
12:29:41.0042 0812 Detected object count: 0
12:29:41.0042 0812 Actual detected object count: 0

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:19 PM

Posted 20 April 2012 - 06:56 AM

That is good.

There are some randomly named services, DDS reports them as running and TDSSKiller lists them as leftovers. Just to make sure do the following:

Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click Run Scan button.
  • Two reports will open, copy and paste OTL.txt and attach Extra.txt to your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


#14 adrayton

adrayton
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 20 April 2012 - 07:25 AM

It won't let me post the log as it's too big. I had the sam problem with my initial post where there were literally hundreds of this entry in the firefox entry...

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="

I've trimmed it down to just a few instances so I can post...


OTL logfile created on: 20/04/2012 13:06:49 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Janey\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1015.23 Mb Total Physical Memory | 629.87 Mb Available Physical Memory | 62.04% Memory free
2.39 Gb Paging File | 2.11 Gb Available in Paging File | 88.29% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 28.67 Gb Free Space | 51.29% Space Free | Partition Type: NTFS
Drive D: | 7.47 Gb Total Space | 3.68 Gb Free Space | 49.29% Space Free | Partition Type: FAT32

Computer Name: JANEYSNETBOOK | User Name: Janey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/20 12:57:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janey\Desktop\OTL.exe
PRC - [2011/08/17 13:15:28 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/08 15:42:46 | 003,019,096 | ---- | M] (2BrightSparks) -- C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
PRC - [2009/08/24 17:48:02 | 000,241,664 | ---- | M] () -- C:\Program Files\T-Mobile\Mobile Broadband Manager\AssistantServices.exe
PRC - [2009/08/24 17:47:22 | 000,132,608 | ---- | M] () -- C:\Program Files\T-Mobile\Mobile Broadband Manager\UIExec.exe
PRC - [2008/04/15 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 00:09:44 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdqcoms.exe


========== Modules (No Company Name) ==========

MOD - [2009/08/24 17:48:02 | 000,241,664 | ---- | M] () -- C:\Program Files\T-Mobile\Mobile Broadband Manager\AssistantServices.exe
MOD - [2009/08/24 17:47:22 | 000,132,608 | ---- | M] () -- C:\Program Files\T-Mobile\Mobile Broadband Manager\UIExec.exe
MOD - [2008/02/27 12:05:40 | 000,115,200 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdqdrpp.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\IDT\WDM\STacSV.exe -- (STacSV)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/08/24 17:48:02 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files\T-Mobile\Mobile Broadband Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2008/02/28 00:09:44 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxdqcoms.exe -- (lxdq_device)
SRV - [2008/02/28 00:09:34 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe -- (lxdqCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\rimagzoj.sys -- (rimagzoj)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\qirgvzzo.sys -- (qirgvzzo)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\qadlrumf.sys -- (qadlrumf)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\activmouse.sys -- (prmvmouse)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\dpxycqao.sys -- (dpxycqao)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Janey\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\bowkionk.sys -- (bowkionk)
DRV - [2012/02/05 12:21:37 | 000,055,536 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\waclient.sys -- (waclient)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2009/05/05 18:25:12 | 000,055,936 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\activhidsermini.sys -- (ActivHidSerMini)
DRV - [2009/04/22 16:35:04 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/02/02 18:14:20 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/02/02 18:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/02/02 18:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/12/16 23:12:32 | 001,294,200 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/08/30 01:03:24 | 001,388,980 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/08/28 16:16:36 | 000,112,128 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/07/24 18:37:16 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/07/24 18:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/07/24 18:37:04 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/06/27 11:02:00 | 000,289,024 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/05/30 12:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/03/10 19:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/04 18:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tattoodle.com?tid={4534CDC7-9D4D-41ce-8F62-D3E45BD1809F}
IE - HKCU\..\SearchScopes,DefaultScope = {19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=642886&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: CompactMenuCE@Merci.chao:4.3.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={315495B7-5C9E-79BA-24C7-9AC88B696592}&q="
FF - prefs.js..network.proxy.ftp: "sgproxy1"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "sgproxy1"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.socks: "sgproxy1"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "sgproxy1"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/30 21:31:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/30 21:31:39 | 000,000,000 | ---D | M]

[2009/09/07 22:28:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Janey\Application Data\Mozilla\Extensions
[2010/11/30 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Janey\Application Data\Mozilla\Firefox\Profiles\dowc0q4v.default\extensions
[2009/12/15 22:31:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Janey\Application Data\Mozilla\Firefox\Profiles\dowc0q4v.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/11/30 21:30:12 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Janey\Application Data\Mozilla\Firefox\Profiles\dowc0q4v.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}(2)
[2010/06/22 08:34:40 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Documents and Settings\Janey\Application Data\Mozilla\Firefox\Profiles\dowc0q4v.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/04/06 10:23:57 | 000,000,000 | ---D | M] (Personal Menu) -- C:\Documents and Settings\Janey\Application Data\Mozilla\Firefox\Profiles\dowc0q4v.default\extensions\CompactMenuCE@Merci.chao
[2009/12/20 18:22:58 | 000,005,413 | ---- | M] () -- C:\Documents and Settings\Janey\Application Data\Mozilla\Firefox\Profiles\dowc0q4v.default\searchplugins\fast-browser-search.xml
[2012/01/04 22:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/01 23:24:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/01 20:51:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/18 20:00:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/25 15:56:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/04 22:41:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2010/12/01 23:23:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Janey\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Plus = C:\Documents and Settings\Janey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cenchpggpaphkhnpahhcdhanhkpndmge\1.1_0\
CHR - Extension: Cath Kidston = C:\Documents and Settings\Janey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndlpkmaeinmnbiadacenijnhlolneopm\3_0\

O1 HOSTS File: ([2012/04/17 13:41:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\T-Mobile\Mobile Broadband Manager\UIExec.exe ()
O4 - Startup: C:\Documents and Settings\Janey\Start Menu\Programs\Startup\SyncBack.lnk = C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe (2BrightSparks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A5E20D9-F47E-43A7-A9CA-5216081D060A}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Janey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Janey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/20 13:04:30 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Janey\Desktop\OTL.exe
[2012/04/20 11:54:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Janey\Recent
[2012/04/20 11:15:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2012/04/17 19:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/04/17 19:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/04/17 19:26:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/17 19:25:40 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/17 13:28:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/17 13:28:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/17 13:28:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/17 13:28:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/17 13:28:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/17 13:28:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/17 13:27:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Janey\Start Menu\Programs\Administrative Tools
[2012/04/17 11:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janey\My Documents\Simply Super Software
[2012/04/16 20:07:01 | 000,000,000 | ---D | C] -- C:\found.001
[2012/04/16 19:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janey\Start Menu\Programs\HiJackThis
[2012/04/16 19:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/04/16 18:19:27 | 000,000,000 | ---D | C] -- C:\found.000
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/20 13:06:16 | 000,476,430 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/20 13:06:15 | 000,085,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/20 13:00:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/20 13:00:45 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/20 12:57:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janey\Desktop\OTL.exe
[2012/04/20 12:57:04 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/04/20 11:36:38 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/04/18 11:54:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/04/18 11:54:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/04/17 13:41:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/15 22:12:04 | 000,586,025 | ---- | M] () -- C:\Documents and Settings\Janey\Desktop\venue 18 april.PDF
[2012/04/15 22:09:20 | 000,233,024 | ---- | M] () -- C:\Documents and Settings\Janey\Desktop\venue 23 april.PDF
[2012/04/15 20:09:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/25 19:01:03 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/18 11:54:37 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/04/18 11:54:37 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/04/17 19:47:59 | 1064,620,032 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/17 13:28:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/17 13:28:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/17 13:28:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/17 13:28:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/17 13:28:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/17 13:03:42 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Janey\Start Menu\Programs\Startup\SyncBack.lnk
[2012/04/15 22:12:36 | 000,586,025 | ---- | C] () -- C:\Documents and Settings\Janey\Desktop\venue 18 april.PDF
[2012/04/15 22:10:24 | 000,233,024 | ---- | C] () -- C:\Documents and Settings\Janey\Desktop\venue 23 april.PDF
[2012/02/16 17:56:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/05 12:21:37 | 000,055,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\waclient.sys
[2011/09/04 13:56:12 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/09/04 13:56:11 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2010/12/01 08:48:34 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/11/16 15:08:22 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/15 20:19:07 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Janey\Application Data\start
[2010/11/15 11:38:27 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Janey\Application Data\completescan
[2010/11/15 11:34:18 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Janey\Application Data\install

< End of report >

Attached Files



#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:19 PM

Posted 20 April 2012 - 07:50 AM

Those driver services seem to be leftovers.

Please open OTL.
  • Copy the text in code box and paste it to Custom Scans/Fixes section:

    :otl
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\rimagzoj.sys -- (rimagzoj)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\qirgvzzo.sys -- (qirgvzzo)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\qadlrumf.sys -- (qadlrumf)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\dpxycqao.sys -- (dpxycqao)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\bowkionk.sys -- (bowkionk)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\dpxycqao.sys -- (dpxycqao)
    
  • Click Run Fix button.
  • If the fix needed a reboot please do it.
  • After finished a log will open. Copy and paste the log to your reply.

Also please tell me how is the system running.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users