Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Internet Connection after Smart HDD Removal


  • This topic is locked This topic is locked
40 replies to this topic

#1 carb18

carb18

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 08 May 2012 - 05:34 PM

Previous Posting
My link

Hey all,

I want to make sure that I completely removed the SMART HDD virus. I still cannot connect to the internet so am having to upload everything through a usb drive. Any help would be greatly appreciated.

Thanks.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Run by chrisb at 9:31:16 on 2012-05-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1450 [GMT -7:00]
.
AV: Norman Endpoint Protection *Enabled/Outdated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
.
============== Running Processes ===============
.
C:\Program Files\Norman\Npm\Bin\elogsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\Malwarebytes' Anti-Malware2\mbamgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Documents and Settings\chrisb\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\chrisb\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware2\mbamservice.exe
svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norman\Npm\Bin\scheduler.exe
C:\Program Files\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\Norman\Nvc\Bin\nvcoas.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\chrisb\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [bcbbcacadfdct] "c:\documents and settings\all users\application data\bcbbcacadfdct.exe"
uRun: [Akamai NetSession Interface] "c:\documents and settings\chrisb\local settings\application data\akamai\netsession_win.exe"
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Norman ZANDA] "c:\program files\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware2\mbamgui.exe" /starttray
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\chrisb\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://server6:4343/officescan/console/ClientInstall/WinNTChk.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://server6:4343/officescan/console/ClientInstall/setup.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://server6:4343/officescan/console/ClientInstall/RemoveCtrl.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} - hxxps://server6:4343/SMB/console/html/root/AtxEnc.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.100.5
TCP: Interfaces\{0868B057-5D24-47D7-9FF8-20F63CA0B631} : DhcpNameServer = 192.168.100.5
Notify: intelUsb3Sevices - usbniw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\chrisb\application data\mozilla\firefox\profiles\rrhabrjs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p=
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - plugin: c:\documents and settings\chrisb\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
.
============= SERVICES / DRIVERS ===============
.
R0 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2010-1-11 31632]
R1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2010-1-11 26744]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-11-1 116608]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-4-12 784792]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2004-2-8 118784]
R2 AsfAlrt;AsfAlrt;c:\windows\system32\drivers\Asfalrt.sys [2002-12-18 36064]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware2\mbamservice.exe [2012-4-24 654408]
R2 Ndiskio;Ndiskio;c:\program files\norman\nse\bin\ndiskio.sys [2010-1-11 22880]
R2 Norman ZANDA;Norman ZANDA;c:\program files\norman\npm\bin\zanda.exe [2009-11-10 427888]
R2 NVOY;Norman Resource Provider;c:\program files\norman\npm\bin\nvoy.exe [2010-1-11 100336]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-9-3 22344]
R3 NNetSec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [2010-1-11 50576]
R3 NNetSecC;Norman Network Filter NDIS common driver;c:\program files\norman\ngs\bin\nnetsecc.sys [2010-11-23 29968]
R3 nsesvc;Norman Scanner Engine Service;c:\program files\norman\nse\bin\nsesvc.exe [2011-6-9 288072]
R3 nvcoas;Norman Virus Control on-access component;c:\program files\norman\nvc\bin\nvcoas.exe [2010-8-5 196608]
R3 Scheduler;Norman Scheduler Service;c:\program files\norman\npm\bin\scheduler.exe [2010-1-11 99312]
S1 ajdrsshx;ajdrsshx;\??\c:\windows\system32\drivers\ajdrsshx.sys --> c:\windows\system32\drivers\ajdrsshx.sys [?]
S1 cnoskfrw;cnoskfrw;\??\c:\windows\system32\drivers\cnoskfrw.sys --> c:\windows\system32\drivers\cnoskfrw.sys [?]
S1 hjvrrnwn;hjvrrnwn;\??\c:\windows\system32\drivers\hjvrrnwn.sys --> c:\windows\system32\drivers\hjvrrnwn.sys [?]
S1 jkvaoffu;jkvaoffu;\??\c:\windows\system32\drivers\jkvaoffu.sys --> c:\windows\system32\drivers\jkvaoffu.sys [?]
S1 MpKsl40566bda;MpKsl40566bda;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ee3c4ddb-c80a-4c5e-8e11-db4572f8ff15}\mpksl40566bda.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ee3c4ddb-c80a-4c5e-8e11-db4572f8ff15}\MpKsl40566bda.sys [?]
S1 ocecyjmz;ocecyjmz;\??\c:\windows\system32\drivers\ocecyjmz.sys --> c:\windows\system32\drivers\ocecyjmz.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S1 trvwhwvl;trvwhwvl;\??\c:\windows\system32\drivers\trvwhwvl.sys --> c:\windows\system32\drivers\trvwhwvl.sys [?]
S1 xvlboqgf;xvlboqgf;\??\c:\windows\system32\drivers\xvlboqgf.sys --> c:\windows\system32\drivers\xvlboqgf.sys [?]
S1 yrcgvaqp;yrcgvaqp;\??\c:\windows\system32\drivers\yrcgvaqp.sys --> c:\windows\system32\drivers\yrcgvaqp.sys [?]
S1 zfyexixv;zfyexixv;\??\c:\windows\system32\drivers\zfyexixv.sys --> c:\windows\system32\drivers\zfyexixv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DivisCTS;B57w2k;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-12 135664]
S3 76911209;76911209; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-12 135664]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-05-08 01:04:37 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-05-08 01:04:28 -------- d-----w- c:\program files\Tweaking.com
2012-05-07 20:46:47 -------- d-----w- C:\ExtraReggies
2012-05-07 19:05:02 138112 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-05-07 19:05:02 138112 ---ha-w- c:\windows\system32\drivers\afd.sys
2012-05-07 17:54:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-24 23:44:00 711240 ----a-w- c:\windows\is-47ER6.exe
2012-04-24 20:40:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
2012-04-24 19:21:18 38400 ---ha-w- c:\windows\system32\usbniw32.dll
2012-04-24 18:46:36 -------- d-----w- C:\ec5784095c72270dafd27ea24b
2012-04-24 18:21:44 -------- d--h--w- c:\windows\PIF
2012-04-24 17:30:59 -------- d--h--w- c:\windows\pss
2012-04-24 02:57:04 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-12 15:40:44 -------- d-----w- c:\documents and settings\chrisb\application data\Search Settings
2012-04-12 15:40:07 -------- d-----w- c:\program files\Application Updater
2012-04-12 15:40:05 -------- d--h--w- c:\program files\YouTube Downloader Toolbar
2012-04-12 15:40:05 -------- d--h--w- c:\program files\common files\Spigot
2012-04-12 01:13:08 62808 ----a-r- c:\documents and settings\chrisb\application data\microsoft\installer\{8965f790-8196-4487-b244-3fc52b503a52}\ARPPRODUCTICON.exe
.
==================== Find3M ====================
.
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 02:41:28 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 17:18:36 237072 ---h--w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 9:32:46.26 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:38 PM

Posted 09 May 2012 - 02:04 AM

Hello carb18 and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running Flash Disinfector
Download Flash_Disinfector.exe by sUBs from HERE and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    "%WinDir%\$NtUninstallKB*$." /30
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    netbt.sys
    nv4_mini.sys
    senfilt.sys
    AsfAlrt.sys
    /md5stop
    net start Dhcp /c
    net start afd /c
    net start sharedaccess /c
    net start netman /c
    net start winmgmt /c
    net start Srservice /c
    net start wscsvc /c
    net start wuauserv /c
    net start BITS /c
    hklm\software\clients\startmenuinternet|command /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 carb18

carb18
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 09 May 2012 - 11:58 AM

Thanks for your help! It is much appreciated.

1. I did run tdskiller and did quarantine and possibly delete some things in the last three days. Just wanted to make sure you that you were aware.



2. TDS Killer



09:11:04.0000 2448 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
09:11:04.0015 2448 ============================================================
09:11:04.0015 2448 Current date / time: 2012/05/09 09:11:04.0015
09:11:04.0015 2448 SystemInfo:
09:11:04.0015 2448
09:11:04.0015 2448 OS Version: 5.1.2600 ServicePack: 3.0
09:11:04.0015 2448 Product type: Workstation
09:11:04.0015 2448 ComputerName: PERLMAN-026
09:11:04.0015 2448 UserName: chrisb
09:11:04.0015 2448 Windows directory: C:\WINDOWS
09:11:04.0015 2448 System windows directory: C:\WINDOWS
09:11:04.0015 2448 Processor architecture: Intel x86
09:11:04.0015 2448 Number of processors: 4
09:11:04.0015 2448 Page size: 0x1000
09:11:04.0015 2448 Boot type: Normal boot
09:11:04.0015 2448 ============================================================
09:11:06.0109 2448 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:11:06.0109 2448 ============================================================
09:11:06.0109 2448 \Device\Harddisk0\DR0:
09:11:06.0109 2448 MBR partitions:
09:11:06.0109 2448 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
09:11:06.0109 2448 ============================================================
09:11:06.0156 2448 C: <-> \Device\Harddisk0\DR0\Partition0
09:11:06.0156 2448 ============================================================
09:11:06.0156 2448 Initialize success
09:11:06.0156 2448 ============================================================
09:12:15.0031 0328 ============================================================
09:12:15.0031 0328 Scan started
09:12:15.0031 0328 Mode: Manual; SigCheck; TDLFS;
09:12:15.0031 0328 ============================================================
09:12:15.0328 0328 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
09:12:15.0750 0328 !SASCORE - ok
09:12:15.0843 0328 76911209 - ok
09:12:15.0843 0328 Abiosdsk - ok
09:12:15.0843 0328 abp480n5 - ok
09:12:15.0890 0328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:12:17.0250 0328 ACPI - ok
09:12:17.0281 0328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:12:17.0500 0328 ACPIEC - ok
09:12:17.0546 0328 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
09:12:17.0703 0328 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
09:12:17.0703 0328 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
09:12:17.0968 0328 Adobe Version Cue CS2 (41d15ead554396bf35b7c5246ad47a28) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
09:12:18.0156 0328 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - warning
09:12:18.0156 0328 Adobe Version Cue CS2 - detected UnsignedFile.Multi.Generic (1)
09:12:18.0156 0328 adpu160m - ok
09:12:18.0203 0328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:12:18.0390 0328 aec - ok
09:12:18.0437 0328 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\system32\drivers\afd.sys
09:12:18.0609 0328 AFD - ok
09:12:18.0625 0328 Aha154x - ok
09:12:18.0625 0328 aic78u2 - ok
09:12:18.0625 0328 aic78xx - ok
09:12:18.0625 0328 ajdrsshx - ok
09:12:18.0671 0328 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:12:18.0859 0328 Alerter - ok
09:12:18.0875 0328 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:12:19.0046 0328 ALG - ok
09:12:19.0046 0328 AliIde - ok
09:12:19.0062 0328 amsint - ok
09:12:19.0125 0328 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:12:19.0250 0328 Apple Mobile Device - ok
09:12:19.0296 0328 Application Updater (4b3e40c1ae77880678b984a2c748cb85) C:\Program Files\Application Updater\ApplicationUpdater.exe
09:12:19.0546 0328 Application Updater - ok
09:12:19.0593 0328 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
09:12:19.0781 0328 AppMgmt - ok
09:12:19.0812 0328 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:12:20.0015 0328 Arp1394 - ok
09:12:20.0015 0328 asc - ok
09:12:20.0031 0328 asc3350p - ok
09:12:20.0031 0328 asc3550 - ok
09:12:20.0093 0328 ASFAgent (378051058f0e9c6668cb6a86d6ffb431) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
09:12:20.0296 0328 ASFAgent ( UnsignedFile.Multi.Generic ) - warning
09:12:20.0296 0328 ASFAgent - detected UnsignedFile.Multi.Generic (1)
09:12:20.0312 0328 AsfAlrt (e301dd2b6cced65e0537ceaee8f954b6) C:\WINDOWS\system32\drivers\AsfAlrt.sys
09:12:20.0375 0328 AsfAlrt ( UnsignedFile.Multi.Generic ) - warning
09:12:20.0375 0328 AsfAlrt - detected UnsignedFile.Multi.Generic (1)
09:12:20.0484 0328 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:12:20.0578 0328 aspnet_state - ok
09:12:20.0625 0328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:12:20.0812 0328 AsyncMac - ok
09:12:20.0843 0328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:12:20.0984 0328 atapi - ok
09:12:20.0984 0328 Atdisk - ok
09:12:21.0015 0328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:12:21.0203 0328 Atmarpc - ok
09:12:21.0234 0328 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:12:21.0437 0328 AudioSrv - ok
09:12:21.0468 0328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:12:21.0640 0328 audstub - ok
09:12:21.0718 0328 Autodesk Licensing Service (ea2d28bbe98256654397cd1f6eaebdd8) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
09:12:21.0875 0328 Autodesk Licensing Service - ok
09:12:21.0890 0328 bc_prt_f - ok
09:12:21.0921 0328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:12:22.0109 0328 Beep - ok
09:12:22.0156 0328 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:12:22.0531 0328 BITS - ok
09:12:22.0593 0328 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
09:12:22.0734 0328 Bonjour Service - ok
09:12:22.0781 0328 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:12:23.0000 0328 Browser - ok
09:12:23.0031 0328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:12:23.0218 0328 cbidf2k - ok
09:12:23.0218 0328 cd20xrnt - ok
09:12:23.0250 0328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:12:23.0421 0328 Cdaudio - ok
09:12:23.0453 0328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:12:23.0656 0328 Cdfs - ok
09:12:23.0656 0328 cdrbsvsd - ok
09:12:23.0687 0328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:12:23.0906 0328 Cdrom - ok
09:12:23.0937 0328 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
09:12:24.0015 0328 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
09:12:24.0015 0328 cercsr6 - detected UnsignedFile.Multi.Generic (1)
09:12:24.0015 0328 Changer - ok
09:12:24.0062 0328 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:12:24.0578 0328 CiSvc - ok
09:12:24.0609 0328 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:12:24.0843 0328 ClipSrv - ok
09:12:24.0937 0328 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:12:25.0234 0328 clr_optimization_v2.0.50727_32 - ok
09:12:25.0296 0328 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:12:25.0531 0328 clr_optimization_v4.0.30319_32 - ok
09:12:25.0531 0328 CmdIde - ok
09:12:25.0531 0328 cnoskfrw - ok
09:12:25.0546 0328 COMSysApp - ok
09:12:25.0546 0328 Cpqarray - ok
09:12:25.0593 0328 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:12:25.0796 0328 CryptSvc - ok
09:12:25.0796 0328 dac2w2k - ok
09:12:25.0812 0328 dac960nt - ok
09:12:25.0859 0328 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:12:27.0031 0328 DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
09:12:27.0031 0328 DcomLaunch - detected UnsignedFile.Multi.Generic (1)
09:12:27.0093 0328 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:12:27.0218 0328 Dhcp - ok
09:12:27.0234 0328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:12:27.0406 0328 Disk - ok
09:12:27.0406 0328 DivisCTS - ok
09:12:27.0484 0328 DLABOIOM (d8d58a84f3ece3359df95fd2e459b330) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
09:12:27.0531 0328 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
09:12:27.0531 0328 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
09:12:27.0546 0328 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
09:12:27.0593 0328 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
09:12:27.0593 0328 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
09:12:27.0625 0328 DLADResN (27c78078bd9c4f2de2ad3eb04bfe101b) C:\WINDOWS\system32\DLA\DLADResN.SYS
09:12:27.0687 0328 DLADResN ( UnsignedFile.Multi.Generic ) - warning
09:12:27.0687 0328 DLADResN - detected UnsignedFile.Multi.Generic (1)
09:12:27.0718 0328 DLAIFS_M (7f2d93e560b763ef5d11422d78da8ed0) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
09:12:27.0812 0328 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
09:12:27.0812 0328 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
09:12:27.0828 0328 DLAOPIOM (f643637de6aac57e38d197aa63d9ea74) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
09:12:27.0890 0328 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
09:12:27.0890 0328 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
09:12:27.0906 0328 DLAPoolM (340705474807f57a46d59d18fc2959f1) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
09:12:27.0953 0328 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
09:12:27.0953 0328 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
09:12:27.0968 0328 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
09:12:28.0031 0328 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
09:12:28.0031 0328 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
09:12:28.0046 0328 DLAUDFAM (6984ea763907c045ce813468882bc587) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
09:12:28.0156 0328 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
09:12:28.0156 0328 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
09:12:28.0171 0328 DLAUDF_M (12b30c449cfd36adbed53eb6560933c6) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
09:12:28.0265 0328 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
09:12:28.0265 0328 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
09:12:28.0265 0328 dmadmin - ok
09:12:28.0328 0328 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:12:28.0609 0328 dmboot - ok
09:12:28.0656 0328 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:12:28.0921 0328 dmio - ok
09:12:28.0984 0328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:12:29.0171 0328 dmload - ok
09:12:29.0218 0328 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:12:29.0421 0328 dmserver - ok
09:12:29.0468 0328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:12:29.0687 0328 DMusic - ok
09:12:29.0718 0328 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:12:30.0500 0328 Dnscache ( UnsignedFile.Multi.Generic ) - warning
09:12:30.0500 0328 Dnscache - detected UnsignedFile.Multi.Generic (1)
09:12:30.0546 0328 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:12:30.0968 0328 Dot3svc - ok
09:12:30.0968 0328 dpti2o - ok
09:12:31.0000 0328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:12:31.0171 0328 drmkaud - ok
09:12:31.0203 0328 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
09:12:31.0296 0328 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
09:12:31.0296 0328 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
09:12:31.0312 0328 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
09:12:31.0390 0328 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
09:12:31.0390 0328 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
09:12:31.0437 0328 E1000 (d94437e7ee086677b266099f695cdea1) C:\WINDOWS\system32\DRIVERS\e1000325.sys
09:12:31.0562 0328 E1000 - ok
09:12:31.0609 0328 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:12:31.0796 0328 EapHost - ok
09:12:31.0937 0328 eLoggerSvc6 (47e646afbf2cbc2e64844a8ac34c725d) C:\Program Files\Norman\Npm\Bin\elogsvc.exe
09:12:32.0062 0328 eLoggerSvc6 - ok
09:12:32.0062 0328 EpmPsd - ok
09:12:32.0093 0328 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:12:32.0281 0328 ERSvc - ok
09:12:32.0312 0328 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:12:32.0500 0328 Eventlog ( UnsignedFile.Multi.Generic ) - warning
09:12:32.0500 0328 Eventlog - detected UnsignedFile.Multi.Generic (1)
09:12:32.0562 0328 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:12:33.0078 0328 EventSystem ( UnsignedFile.Multi.Generic ) - warning
09:12:33.0078 0328 EventSystem - detected UnsignedFile.Multi.Generic (1)
09:12:33.0109 0328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:12:33.0281 0328 Fastfat - ok
09:12:33.0312 0328 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:12:33.0437 0328 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - warning
09:12:33.0437 0328 FastUserSwitchingCompatibility - detected UnsignedFile.Multi.Generic (1)
09:12:33.0468 0328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:12:33.0625 0328 Fdc - ok
09:12:33.0656 0328 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:12:33.0843 0328 Fips - ok
09:12:33.0921 0328 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:12:34.0093 0328 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
09:12:34.0093 0328 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
09:12:34.0093 0328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:12:34.0250 0328 Flpydisk - ok
09:12:34.0281 0328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:12:34.0468 0328 FltMgr - ok
09:12:34.0609 0328 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:12:34.0671 0328 FontCache3.0.0.0 - ok
09:12:34.0687 0328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:12:34.0843 0328 Fs_Rec - ok
09:12:34.0859 0328 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:12:35.0015 0328 Ftdisk - ok
09:12:35.0046 0328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
09:12:35.0109 0328 GEARAspiWDM - ok
09:12:35.0140 0328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:12:35.0328 0328 Gpc - ok
09:12:35.0437 0328 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
09:12:35.0453 0328 gupdate - ok
09:12:35.0453 0328 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
09:12:35.0468 0328 gupdatem - ok
09:12:35.0515 0328 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:12:35.0765 0328 gusvc - ok
09:12:35.0843 0328 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:12:36.0031 0328 helpsvc - ok
09:12:36.0046 0328 HidServ - ok
09:12:36.0062 0328 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:12:36.0234 0328 hidusb - ok
09:12:36.0234 0328 hjvrrnwn - ok
09:12:36.0265 0328 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:12:36.0437 0328 hkmsvc - ok
09:12:36.0500 0328 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
09:12:36.0656 0328 HP Port Resolver ( UnsignedFile.Multi.Generic ) - warning
09:12:36.0656 0328 HP Port Resolver - detected UnsignedFile.Multi.Generic (1)
09:12:36.0687 0328 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
09:12:36.0875 0328 HP Status Server ( UnsignedFile.Multi.Generic ) - warning
09:12:36.0875 0328 HP Status Server - detected UnsignedFile.Multi.Generic (1)
09:12:36.0875 0328 hpn - ok
09:12:36.0921 0328 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:12:37.0031 0328 HTTP ( UnsignedFile.Multi.Generic ) - warning
09:12:37.0031 0328 HTTP - detected UnsignedFile.Multi.Generic (1)
09:12:37.0078 0328 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:12:37.0281 0328 HTTPFilter - ok
09:12:37.0281 0328 i2omgmt - ok
09:12:37.0281 0328 i2omp - ok
09:12:37.0312 0328 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
09:12:37.0484 0328 i8042prt - ok
09:12:37.0609 0328 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:12:37.0875 0328 idsvc - ok
09:12:37.0890 0328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:12:38.0078 0328 Imapi - ok
09:12:38.0109 0328 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:12:38.0375 0328 ImapiService - ok
09:12:38.0390 0328 ini910u - ok
09:12:38.0406 0328 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:12:38.0578 0328 IntelIde - ok
09:12:38.0609 0328 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:12:38.0781 0328 intelppm - ok
09:12:38.0796 0328 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:12:38.0968 0328 Ip6Fw - ok
09:12:39.0015 0328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:12:39.0171 0328 IpFilterDriver - ok
09:12:39.0187 0328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:12:39.0375 0328 IpInIp - ok
09:12:39.0406 0328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:12:40.0015 0328 IpNat - ok
09:12:40.0125 0328 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
09:12:40.0312 0328 iPod Service - ok
09:12:40.0359 0328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:12:40.0562 0328 IPSec - ok
09:12:40.0578 0328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:12:40.0671 0328 IRENUM - ok
09:12:40.0718 0328 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:12:40.0906 0328 isapnp - ok
09:12:40.0984 0328 JavaQuickStarterService (112325f53ab720ca77825726d427fbdc) C:\Program Files\Java\jre6\bin\jqs.exe
09:12:41.0171 0328 JavaQuickStarterService - ok
09:12:41.0171 0328 jkvaoffu - ok
09:12:41.0187 0328 jukebox3 - ok
09:12:41.0203 0328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:12:41.0390 0328 Kbdclass - ok
09:12:41.0406 0328 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:12:41.0578 0328 kbdhid - ok
09:12:41.0625 0328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:12:41.0781 0328 kmixer - ok
09:12:41.0812 0328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:12:41.0921 0328 KSecDD ( UnsignedFile.Multi.Generic ) - warning
09:12:41.0921 0328 KSecDD - detected UnsignedFile.Multi.Generic (1)
09:12:41.0968 0328 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:12:42.0093 0328 lanmanserver ( UnsignedFile.Multi.Generic ) - warning
09:12:42.0093 0328 lanmanserver - detected UnsignedFile.Multi.Generic (1)
09:12:42.0125 0328 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:12:42.0296 0328 lanmanworkstation ( UnsignedFile.Multi.Generic ) - warning
09:12:42.0296 0328 lanmanworkstation - detected UnsignedFile.Multi.Generic (1)
09:12:42.0296 0328 lbrtfdc - ok
09:12:42.0343 0328 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:12:42.0500 0328 LmHosts - ok
09:12:42.0515 0328 lxcccustomerconnect - ok
09:12:42.0546 0328 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
09:12:42.0718 0328 MBAMProtector - ok
09:12:42.0812 0328 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware2\mbamservice.exe
09:12:43.0171 0328 MBAMService - ok
09:12:43.0187 0328 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:12:43.0359 0328 Messenger - ok
09:12:43.0390 0328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:12:43.0546 0328 mnmdd - ok
09:12:43.0578 0328 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:12:43.0765 0328 mnmsrvc - ok
09:12:43.0828 0328 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:12:43.0968 0328 Modem - ok
09:12:44.0015 0328 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:12:44.0187 0328 Mouclass - ok
09:12:44.0203 0328 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:12:44.0359 0328 mouhid - ok
09:12:44.0390 0328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:12:44.0546 0328 MountMgr - ok
09:12:44.0625 0328 MpKsl40566bda - ok
09:12:44.0640 0328 mraid35x - ok
09:12:44.0656 0328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:12:44.0843 0328 MRxDAV - ok
09:12:44.0890 0328 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:12:45.0078 0328 MRxSmb ( UnsignedFile.Multi.Generic ) - warning
09:12:45.0078 0328 MRxSmb - detected UnsignedFile.Multi.Generic (1)
09:12:45.0125 0328 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:12:45.0265 0328 MSDTC - ok
09:12:45.0281 0328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:12:45.0421 0328 Msfs - ok
09:12:45.0421 0328 MSIServer - ok
09:12:45.0468 0328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:12:45.0625 0328 MSKSSRV - ok
09:12:45.0656 0328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:12:45.0796 0328 MSPCLOCK - ok
09:12:45.0812 0328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:12:45.0984 0328 MSPQM - ok
09:12:46.0015 0328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:12:46.0156 0328 mssmbios - ok
09:12:46.0187 0328 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:12:46.0296 0328 Mup ( UnsignedFile.Multi.Generic ) - warning
09:12:46.0296 0328 Mup - detected UnsignedFile.Multi.Generic (1)
09:12:46.0359 0328 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:12:46.0656 0328 napagent - ok
09:12:46.0687 0328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:12:46.0890 0328 NDIS - ok
09:12:47.0031 0328 Ndiskio (725123f7aebfef717e3f26b25b149d7a) C:\Program Files\Norman\Nse\Bin\NDISKIO.SYS
09:12:47.0078 0328 Ndiskio - ok
09:12:47.0093 0328 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:12:47.0187 0328 NdisTapi ( UnsignedFile.Multi.Generic ) - warning
09:12:47.0187 0328 NdisTapi - detected UnsignedFile.Multi.Generic (1)
09:12:47.0218 0328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:12:47.0359 0328 Ndisuio - ok
09:12:47.0390 0328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:12:47.0593 0328 NdisWan - ok
09:12:47.0640 0328 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:12:47.0843 0328 NDProxy ( UnsignedFile.Multi.Generic ) - warning
09:12:47.0843 0328 NDProxy - detected UnsignedFile.Multi.Generic (1)
09:12:48.0093 0328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:12:48.0375 0328 NetBIOS - ok
09:12:48.0406 0328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:12:48.0609 0328 NetBT - ok
09:12:48.0640 0328 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:12:48.0906 0328 NetDDE - ok
09:12:48.0921 0328 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:12:49.0031 0328 NetDDEdsdm - ok
09:12:49.0078 0328 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:12:49.0250 0328 Netlogon - ok
09:12:49.0281 0328 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:12:49.0468 0328 Netman - ok
09:12:49.0578 0328 NetSvc (02d0798f376fcbd0210eda58476d0b1b) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
09:12:49.0796 0328 NetSvc ( UnsignedFile.Multi.Generic ) - warning
09:12:49.0796 0328 NetSvc - detected UnsignedFile.Multi.Generic (1)
09:12:49.0890 0328 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:12:50.0000 0328 NetTcpPortSharing - ok
09:12:50.0062 0328 NGS (f01863fb9b02edd0d457b406926070e5) c:\program files\norman\ngs\bin\ngs.sys
09:12:50.0125 0328 NGS - ok
09:12:50.0140 0328 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:12:50.0312 0328 NIC1394 - ok
09:12:50.0343 0328 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:12:50.0390 0328 Nla ( UnsignedFile.Multi.Generic ) - warning
09:12:50.0390 0328 Nla - detected UnsignedFile.Multi.Generic (1)
09:12:50.0437 0328 NNetSec (db1f8037073175014c119749f8ab7e08) C:\WINDOWS\system32\DRIVERS\NNetSec.sys
09:12:50.0484 0328 NNetSec - ok
09:12:50.0515 0328 NNetSecC (9f49380e683b14d6ffa16b4c251ea175) C:\Program Files\Norman\ngs\bin\nnetsecc.sys
09:12:50.0562 0328 NNetSecC - ok
09:12:50.0625 0328 Norman NJeeves (20f65e9205fffd2f8579e0f8ce38b68f) C:\Program Files\Norman\Npm\Bin\Njeeves.exe
09:12:50.0781 0328 Norman NJeeves - ok
09:12:50.0843 0328 Norman ZANDA (dd3e6f98b73aad03fae0653cd5a92649) C:\Program Files\Norman\Npm\Bin\Zanda.exe
09:12:51.0062 0328 Norman ZANDA - ok
09:12:51.0093 0328 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:12:51.0250 0328 Npfs - ok
09:12:51.0312 0328 nsesvc (9cda7f164e8149dcf3f28ccf5db3cf4d) C:\Program Files\Norman\Nse\Bin\NSESVC.EXE
09:12:51.0562 0328 nsesvc - ok
09:12:51.0625 0328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:12:51.0890 0328 Ntfs - ok
09:12:51.0937 0328 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:12:52.0062 0328 NtLmSsp - ok
09:12:52.0093 0328 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:12:52.0328 0328 NtmsSvc - ok
09:12:52.0359 0328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:12:52.0515 0328 Null - ok
09:12:52.0656 0328 nv (fd933f7a82bc2c2e6c687128e3279019) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:12:53.0140 0328 nv - ok
09:12:53.0234 0328 NvcMFlt (1d6b84ea4246b1dc99fca50da5191890) C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys
09:12:53.0312 0328 NvcMFlt - ok
09:12:53.0437 0328 nvcoas (9f39e950a7be358dc8fef8ea4f80f935) C:\Program Files\Norman\Nvc\Bin\nvcoas.exe
09:12:53.0562 0328 nvcoas - ok
09:12:53.0640 0328 NVOY (19ca1d927eb4d9c88d20e27845eff07b) C:\Program Files\Norman\npm\bin\nvoy.exe
09:12:53.0796 0328 NVOY - ok
09:12:53.0796 0328 NVSvc - ok
09:12:53.0828 0328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:12:54.0015 0328 NwlnkFlt - ok
09:12:54.0031 0328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:12:54.0203 0328 NwlnkFwd - ok
09:12:54.0218 0328 ocecyjmz - ok
09:12:54.0312 0328 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:12:54.0406 0328 odserv - ok
09:12:54.0437 0328 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:12:54.0593 0328 ohci1394 - ok
09:12:54.0640 0328 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
09:12:54.0703 0328 OMCI ( UnsignedFile.Multi.Generic ) - warning
09:12:54.0703 0328 OMCI - detected UnsignedFile.Multi.Generic (1)
09:12:54.0750 0328 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:12:54.0843 0328 ose - ok
09:12:54.0859 0328 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:12:55.0046 0328 Parport - ok
09:12:55.0046 0328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:12:55.0203 0328 PartMgr - ok
09:12:55.0234 0328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:12:55.0390 0328 ParVdm - ok
09:12:55.0390 0328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:12:55.0562 0328 PCI - ok
09:12:55.0562 0328 PciBus - ok
09:12:55.0578 0328 PCIDump - ok
09:12:55.0609 0328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
09:12:55.0765 0328 PCIIde - ok
09:12:55.0781 0328 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:12:55.0968 0328 Pcmcia - ok
09:12:55.0968 0328 PDCOMP - ok
09:12:55.0984 0328 PDFRAME - ok
09:12:55.0984 0328 PDRELI - ok
09:12:55.0984 0328 PDRFRAME - ok
09:12:56.0000 0328 perc2 - ok
09:12:56.0000 0328 perc2hib - ok
09:12:56.0046 0328 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:12:56.0046 0328 PlugPlay ( UnsignedFile.Multi.Generic ) - warning
09:12:56.0046 0328 PlugPlay - detected UnsignedFile.Multi.Generic (1)
09:12:56.0078 0328 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:12:56.0203 0328 PolicyAgent - ok
09:12:56.0234 0328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:12:56.0437 0328 PptpMiniport - ok
09:12:56.0437 0328 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:12:56.0562 0328 ProtectedStorage - ok
09:12:56.0562 0328 proxyhostdriver - ok
09:12:56.0593 0328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:12:56.0781 0328 PSched - ok
09:12:56.0828 0328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:12:57.0031 0328 Ptilink - ok
09:12:57.0031 0328 pvservice - ok
09:12:57.0062 0328 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:12:57.0156 0328 PxHelp20 - ok
09:12:57.0156 0328 ql1080 - ok
09:12:57.0156 0328 Ql10wnt - ok
09:12:57.0156 0328 ql12160 - ok
09:12:57.0171 0328 ql1240 - ok
09:12:57.0171 0328 ql1280 - ok
09:12:57.0187 0328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:12:57.0343 0328 RasAcd - ok
09:12:57.0375 0328 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:12:57.0562 0328 RasAuto - ok
09:12:57.0578 0328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:12:57.0750 0328 Rasl2tp - ok
09:12:57.0796 0328 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:12:57.0984 0328 RasMan - ok
09:12:58.0000 0328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:12:58.0187 0328 RasPppoe - ok
09:12:58.0203 0328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:12:58.0375 0328 Raspti - ok
09:12:58.0406 0328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:12:58.0578 0328 Rdbss - ok
09:12:58.0593 0328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:12:58.0734 0328 RDPCDD - ok
09:12:58.0781 0328 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:12:58.0984 0328 rdpdr - ok
09:12:59.0031 0328 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:12:59.0171 0328 RDPWD ( UnsignedFile.Multi.Generic ) - warning
09:12:59.0171 0328 RDPWD - detected UnsignedFile.Multi.Generic (1)
09:12:59.0218 0328 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:12:59.0468 0328 RDSessMgr - ok
09:12:59.0515 0328 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:12:59.0687 0328 redbook - ok
09:12:59.0750 0328 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:12:59.0937 0328 RemoteAccess - ok
09:12:59.0968 0328 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
09:13:00.0140 0328 RemoteRegistry - ok
09:13:00.0156 0328 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:13:00.0359 0328 RpcLocator - ok
09:13:00.0421 0328 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:13:00.0437 0328 RpcSs ( UnsignedFile.Multi.Generic ) - warning
09:13:00.0437 0328 RpcSs - detected UnsignedFile.Multi.Generic (1)
09:13:00.0484 0328 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:13:00.0718 0328 RSVP - ok
09:13:00.0750 0328 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:13:00.0859 0328 SamSs - ok
09:13:00.0921 0328 SASKUTIL - ok
09:13:00.0953 0328 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:13:01.0171 0328 SCardSvr - ok
09:13:01.0203 0328 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:13:01.0406 0328 Schedule - ok
09:13:01.0500 0328 Scheduler (5fd85727e19476c24acb8e7bffbce26c) C:\Program Files\Norman\Npm\Bin\scheduler.exe
09:13:01.0656 0328 Scheduler - ok
09:13:01.0687 0328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:13:01.0781 0328 Secdrv - ok
09:13:01.0796 0328 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:13:01.0953 0328 seclogon - ok
09:13:02.0015 0328 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
09:13:02.0250 0328 senfilt - ok
09:13:02.0265 0328 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:13:02.0421 0328 SENS - ok
09:13:02.0453 0328 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:13:02.0609 0328 serenum - ok
09:13:02.0640 0328 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:13:02.0812 0328 Serial - ok
09:13:02.0828 0328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:13:02.0984 0328 Sfloppy - ok
09:13:03.0031 0328 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:13:03.0281 0328 SharedAccess - ok
09:13:03.0328 0328 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:13:03.0328 0328 ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
09:13:03.0328 0328 ShellHWDetection - detected UnsignedFile.Multi.Generic (1)
09:13:03.0328 0328 Simbad - ok
09:13:03.0343 0328 slapd-data52 - ok
09:13:03.0390 0328 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
09:13:03.0546 0328 smwdm - ok
09:13:03.0546 0328 Sparrow - ok
09:13:03.0562 0328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:13:03.0734 0328 splitter - ok
09:13:03.0765 0328 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:13:03.0953 0328 Spooler ( UnsignedFile.Multi.Generic ) - warning
09:13:03.0953 0328 Spooler - detected UnsignedFile.Multi.Generic (1)
09:13:03.0984 0328 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:13:04.0109 0328 sr - ok
09:13:04.0156 0328 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:13:04.0281 0328 srservice - ok
09:13:04.0328 0328 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:13:04.0515 0328 Srv ( UnsignedFile.Multi.Generic ) - warning
09:13:04.0515 0328 Srv - detected UnsignedFile.Multi.Generic (1)
09:13:04.0546 0328 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:13:04.0687 0328 SSDPSRV - ok
09:13:04.0734 0328 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:13:04.0906 0328 stisvc - ok
09:13:04.0906 0328 streamip - ok
09:13:04.0921 0328 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:13:05.0093 0328 swenum - ok
09:13:05.0125 0328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:13:05.0281 0328 swmidi - ok
09:13:05.0296 0328 SwPrv - ok
09:13:05.0296 0328 symc810 - ok
09:13:05.0312 0328 symc8xx - ok
09:13:05.0312 0328 sym_hi - ok
09:13:05.0312 0328 sym_u3 - ok
09:13:05.0343 0328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:13:05.0500 0328 sysaudio - ok
09:13:05.0531 0328 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:13:05.0750 0328 SysmonLog - ok
09:13:05.0781 0328 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:13:05.0968 0328 TapiSrv - ok
09:13:06.0031 0328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:13:06.0187 0328 Tcpip ( UnsignedFile.Multi.Generic ) - warning
09:13:06.0187 0328 Tcpip - detected UnsignedFile.Multi.Generic (1)
09:13:06.0218 0328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:13:06.0390 0328 TDPIPE - ok
09:13:06.0406 0328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:13:06.0578 0328 TDTCP - ok
09:13:06.0593 0328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:13:06.0781 0328 TermDD - ok
09:13:06.0812 0328 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:13:07.0015 0328 TermService - ok
09:13:07.0046 0328 tgsrvc_smartagent - ok
09:13:07.0078 0328 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:13:07.0093 0328 Themes ( UnsignedFile.Multi.Generic ) - warning
09:13:07.0093 0328 Themes - detected UnsignedFile.Multi.Generic (1)
09:13:07.0125 0328 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
09:13:07.0328 0328 TlntSvr - ok
09:13:07.0328 0328 TosIde - ok
09:13:07.0359 0328 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:13:07.0531 0328 TrkWks - ok
09:13:07.0531 0328 trvwhwvl - ok
09:13:07.0562 0328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:13:07.0718 0328 Udfs - ok
09:13:07.0718 0328 ultra - ok
09:13:07.0781 0328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:13:07.0984 0328 Update - ok
09:13:08.0015 0328 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:13:08.0140 0328 upnphost - ok
09:13:08.0171 0328 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:13:08.0359 0328 UPS - ok
09:13:08.0390 0328 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:13:08.0484 0328 USBAAPL - ok
09:13:08.0531 0328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:13:08.0687 0328 usbccgp - ok
09:13:08.0703 0328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:13:08.0875 0328 usbehci - ok
09:13:08.0921 0328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:13:09.0093 0328 usbhub - ok
09:13:09.0125 0328 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:13:09.0265 0328 usbscan - ok
09:13:09.0281 0328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:13:09.0453 0328 USBSTOR - ok
09:13:09.0468 0328 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:13:09.0640 0328 usbuhci - ok
09:13:09.0656 0328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:13:09.0843 0328 VgaSave - ok
09:13:09.0859 0328 ViaIde - ok
09:13:09.0875 0328 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:13:10.0046 0328 VolSnap - ok
09:13:10.0093 0328 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:13:10.0296 0328 VSS - ok
09:13:10.0328 0328 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:13:10.0500 0328 W32Time - ok
09:13:10.0531 0328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:13:10.0703 0328 Wanarp - ok
09:13:10.0703 0328 WDICA - ok
09:13:10.0718 0328 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:13:10.0890 0328 wdmaud - ok
09:13:10.0921 0328 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:13:11.0093 0328 WebClient - ok
09:13:11.0171 0328 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:13:11.0390 0328 winmgmt - ok
09:13:11.0468 0328 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
09:13:11.0921 0328 WinRM ( UnsignedFile.Multi.Generic ) - warning
09:13:11.0921 0328 WinRM - detected UnsignedFile.Multi.Generic (1)
09:13:11.0968 0328 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:13:12.0078 0328 WmdmPmSN - ok
09:13:12.0140 0328 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
09:13:12.0156 0328 Wmi ( UnsignedFile.Multi.Generic ) - warning
09:13:12.0156 0328 Wmi - detected UnsignedFile.Multi.Generic (1)
09:13:12.0234 0328 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:13:12.0453 0328 WmiApSrv - ok
09:13:12.0468 0328 wmp54gsvc - ok
09:13:12.0593 0328 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:13:12.0968 0328 WMPNetworkSvc - ok
09:13:13.0140 0328 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:13:13.0328 0328 WPFFontCache_v0400 - ok
09:13:13.0437 0328 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:13:13.0593 0328 WS2IFSL - ok
09:13:13.0625 0328 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:13:13.0796 0328 wscsvc - ok
09:13:13.0812 0328 WSearch - ok
09:13:13.0828 0328 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:13:13.0984 0328 wuauserv - ok
09:13:14.0031 0328 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:13:14.0125 0328 WudfPf - ok
09:13:14.0140 0328 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:13:14.0234 0328 WudfRd - ok
09:13:14.0250 0328 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:13:14.0343 0328 WudfSvc - ok
09:13:14.0390 0328 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:13:14.0625 0328 WZCSVC - ok
09:13:14.0656 0328 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:13:14.0843 0328 xmlprov - ok
09:13:14.0843 0328 xvlboqgf - ok
09:13:14.0859 0328 yrcgvaqp - ok
09:13:14.0859 0328 zfyexixv - ok
09:13:14.0875 0328 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:13:15.0062 0328 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:13:15.0062 0328 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:13:15.0062 0328 Boot (0x1200) (db7834ff3a4ed9ddbead348fcb6ebe71) \Device\Harddisk0\DR0\Partition0
09:13:15.0062 0328 \Device\Harddisk0\DR0\Partition0 - ok
09:13:15.0062 0328 ============================================================
09:13:15.0062 0328 Scan finished
09:13:15.0062 0328 ============================================================
09:13:15.0171 0136 Detected object count: 46
09:13:15.0171 0136 Actual detected object count: 46
09:14:07.0625 0136 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0625 0136 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0625 0136 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0625 0136 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0625 0136 ASFAgent ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0625 0136 ASFAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0625 0136 AsfAlrt ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0625 0136 AsfAlrt ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0640 0136 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0640 0136 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0640 0136 DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0640 0136 DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0640 0136 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0640 0136 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0640 0136 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0640 0136 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0640 0136 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0640 0136 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0640 0136 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0640 0136 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0640 0136 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0640 0136 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0640 0136 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0640 0136 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0656 0136 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0656 0136 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0656 0136 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0656 0136 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0656 0136 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0656 0136 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0656 0136 Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0656 0136 Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0656 0136 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0656 0136 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0656 0136 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0656 0136 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0656 0136 Eventlog ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0656 0136 Eventlog ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0656 0136 EventSystem ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0656 0136 EventSystem ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0671 0136 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0671 0136 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0671 0136 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0671 0136 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0671 0136 HP Port Resolver ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0671 0136 HP Port Resolver ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0671 0136 HP Status Server ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0671 0136 HP Status Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0671 0136 HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0671 0136 HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0671 0136 KSecDD ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0671 0136 KSecDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0671 0136 lanmanserver ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0671 0136 lanmanserver ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0671 0136 lanmanworkstation ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0671 0136 lanmanworkstation ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0671 0136 MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0671 0136 MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0687 0136 Mup ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0687 0136 Mup ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0687 0136 NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0687 0136 NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0687 0136 NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0687 0136 NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0687 0136 NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0687 0136 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0687 0136 Nla ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0687 0136 Nla ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0687 0136 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0687 0136 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0687 0136 PlugPlay ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0687 0136 PlugPlay ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0687 0136 RDPWD ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0687 0136 RDPWD ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0687 0136 RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0687 0136 RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0703 0136 ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0703 0136 ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0703 0136 Spooler ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0703 0136 Spooler ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0703 0136 Srv ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0703 0136 Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0703 0136 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0703 0136 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0703 0136 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0703 0136 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0703 0136 WinRM ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0703 0136 WinRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0703 0136 Wmi ( UnsignedFile.Multi.Generic ) - skipped by user
09:14:07.0703 0136 Wmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:14:07.0703 0136 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:14:07.0703 0136 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:14:10.0953 3124 Deinitialize success


3. Farbar


Farbar Service Scanner Version: 08-05-2012
Ran by chrisb (administrator) on 09-05-2012 at 09:14:28
Running from "C:\Documents and Settings\chrisb\Desktop\BleepingComputer"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) NNetSec(9) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****


4. OTL.txt and Extra. txt

OTL logfile created on: 5/9/2012 9:22:43 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\chrisb\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.58% Memory free
3.85 Gb Paging File | 3.41 Gb Available in Paging File | 88.74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 16.59 Gb Free Space | 22.26% Space Free | Partition Type: NTFS
Drive F: | 244.63 Mb Total Space | 59.31 Mb Free Space | 24.25% Space Free | Partition Type: FAT

Computer Name: PERLMAN-026 | User Name: chrisb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/08 12:41:44 | 000,337,575 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\BleepingComputer\FSS.exe
PRC - [2012/05/06 09:35:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chrisb\Desktop\OTL.exe
PRC - [2012/04/12 10:39:18 | 000,980,832 | -H-- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012/04/12 10:31:34 | 000,784,792 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware2\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware2\mbamgui.exe
PRC - [2012/03/13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\chrisb\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2011/11/07 09:49:02 | 000,116,608 | -H-- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/05/18 04:58:47 | 000,341,344 | -H-- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\zlh.exe
PRC - [2011/05/15 23:28:03 | 000,196,608 | -H-- | M] (Norman ASA) -- C:\Program Files\Norman\nvc\bin\nvcoas.exe
PRC - [2011/04/12 04:14:42 | 000,100,336 | -H-- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\nvoy.exe
PRC - [2011/04/12 04:11:16 | 000,427,888 | -H-- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\zanda.exe
PRC - [2011/04/11 04:34:34 | 000,074,592 | -H-- | M] (Norman ASA) -- C:\Program Files\Norman\nvc\bin\cclaw.exe
PRC - [2011/04/11 02:57:23 | 000,112,424 | -H-- | M] () -- C:\Program Files\Norman\Npm\Bin\njeeves.exe
PRC - [2011/04/11 01:38:22 | 000,099,312 | -H-- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\scheduler.exe
PRC - [2011/04/08 00:21:34 | 000,075,104 | -H-- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe
PRC - [2011/02/11 04:49:01 | 000,288,072 | -H-- | M] (Norman ASA) -- C:\Program Files\Norman\nse\bin\nsesvc.exe
PRC - [2008/05/14 17:21:40 | 000,085,096 | -H-- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2008/05/13 13:12:43 | 000,654,848 | -H-- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 19:54:31 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2005/11/07 05:20:00 | 000,122,940 | -H-- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/02/08 08:02:22 | 000,118,784 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/08 12:41:44 | 000,337,575 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\BleepingComputer\FSS.exe
MOD - [2012/04/24 12:21:18 | 000,038,400 | -H-- | M] () -- C:\WINDOWS\system32\usbniw32.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/11 02:57:23 | 000,112,424 | -H-- | M] () -- C:\Program Files\Norman\Npm\Bin\njeeves.exe
MOD - [2011/04/08 01:53:56 | 000,234,760 | -H-- | M] () -- C:\Program Files\Norman\Npm\Bin\noemrc.dll
MOD - [2010/11/21 07:54:34 | 000,094,208 | -H-- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/10/18 02:05:24 | 010,896,384 | -H-- | M] () -- C:\Program Files\Norman\Npm\Bin\nqtcore4.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | -H-- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/06/16 05:49:36 | 000,210,432 | -H-- | M] () -- C:\Program Files\Norman\Npm\Bin\lua.dll
MOD - [2009/02/14 05:04:38 | 000,756,040 | -H-- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pfc.dll -- (wmp54gsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\epfwtdi.dll -- (tgsrvc_smartagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\F700iat.dll -- (streamip)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cypresslink.dll -- (slapd-data52)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\F700iat.dll -- (pvservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ABVPN2K.dll -- (proxyhostdriver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smserial.dll -- (PciBus)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hpt3xx.dll -- (lxcccustomerconnect)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\clcapsvc.dll -- (jukebox3)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CrystalSysInfo.dll -- (EpmPsd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\QV2KUX.dll -- (DivisCTS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EagleNT.dll -- (cdrbsvsd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\commserver.dll -- (bc_prt_f)
SRV - [2012/04/12 10:31:34 | 000,784,792 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware2\mbamservice.exe -- (MBAMService)
SRV - [2011/11/07 09:49:02 | 000,116,608 | -H-- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/05/15 23:28:03 | 000,196,608 | -H-- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\nvc\bin\nvcoas.exe -- (nvcoas)
SRV - [2011/04/12 04:14:42 | 000,100,336 | -H-- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\nvoy.exe -- (NVOY)
SRV - [2011/04/12 04:11:16 | 000,427,888 | -H-- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\zanda.exe -- (Norman ZANDA)
SRV - [2011/04/11 02:57:23 | 000,112,424 | -H-- | M] () [On_Demand | Running] -- C:\Program Files\Norman\Npm\Bin\njeeves.exe -- (Norman NJeeves)
SRV - [2011/04/11 01:38:22 | 000,099,312 | -H-- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Npm\Bin\scheduler.exe -- (Scheduler)
SRV - [2011/04/08 00:21:34 | 000,075,104 | -H-- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe -- (eLoggerSvc6)
SRV - [2011/02/11 04:49:01 | 000,288,072 | -H-- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\nse\bin\nsesvc.exe -- (nsesvc)
SRV - [2008/05/14 17:21:40 | 000,085,096 | -H-- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/05/13 13:12:43 | 000,654,848 | -H-- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005/04/04 18:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2004/02/08 08:02:22 | 000,118,784 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\zfyexixv.sys -- (zfyexixv)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\yrcgvaqp.sys -- (yrcgvaqp)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\xvlboqgf.sys -- (xvlboqgf)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\trvwhwvl.sys -- (trvwhwvl)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ocecyjmz.sys -- (ocecyjmz)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE3C4DDB-C80A-4C5E-8E11-DB4572F8FF15}\MpKsl40566bda.sys -- (MpKsl40566bda)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\jkvaoffu.sys -- (jkvaoffu)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\hjvrrnwn.sys -- (hjvrrnwn)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cnoskfrw.sys -- (cnoskfrw)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ajdrsshx.sys -- (ajdrsshx)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (76911209)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/04 07:01:42 | 000,031,632 | -H-- | M] (Norman ASA) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\nvcw32mf.sys -- (NvcMFlt)
DRV - [2011/02/11 04:49:01 | 000,022,880 | -H-- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\nse\bin\ndiskio.sys -- (Ndiskio)
DRV - [2011/02/11 04:39:43 | 000,050,576 | -H-- | M] (Norman ASA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nnetsec.sys -- (NNetSec)
DRV - [2011/02/11 04:39:43 | 000,029,968 | -H-- | M] (Norman ASA) [Kernel | On_Demand | Running] -- C:\Program Files\Norman\ngs\bin\nnetsecc.sys -- (NNetSecC)
DRV - [2010/12/13 02:25:02 | 000,026,744 | -H-- | M] (Norman ASA) [Kernel | System | Running] -- c:\Program Files\Norman\ngs\bin\ngs.sys -- (NGS)
DRV - [2005/11/18 12:02:50 | 000,005,660 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 12:02:10 | 000,022,684 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/07 05:20:00 | 000,094,332 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 05:20:00 | 000,087,036 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 05:20:00 | 000,086,652 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 05:20:00 | 000,025,628 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 05:20:00 | 000,014,684 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 05:20:00 | 000,006,364 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 05:20:00 | 000,002,496 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2004/09/17 09:02:54 | 000,732,928 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2002/12/18 04:31:06 | 000,036,064 | -H-- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt)
DRV - [2001/08/22 08:42:58 | 000,013,632 | -H-- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-839522115-2139871995-682003330-1189\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-839522115-2139871995-682003330-1189\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-839522115-2139871995-682003330-1189\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_en
IE - HKU\S-1-5-21-839522115-2139871995-682003330-1189\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-839522115-2139871995-682003330-1189\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\chrisb\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\chrisb\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/21 15:52:03 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 11:35:52 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/06/02 14:20:20 | 000,000,000 | -H-D | M]

[2011/06/02 14:20:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\chrisb\Application Data\Mozilla\Extensions
[2011/06/02 14:20:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\chrisb\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/04/12 08:40:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\chrisb\Application Data\Mozilla\Firefox\Profiles\rrhabrjs.default\extensions
[2011/12/05 10:45:55 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\chrisb\Application Data\Mozilla\Firefox\Profiles\rrhabrjs.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012/03/02 12:19:11 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\chrisb\Application Data\Mozilla\Firefox\Profiles\rrhabrjs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/12/20 08:41:08 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/06 08:27:52 | 000,634,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\CHRISB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RRHABRJS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/01 16:55:11 | 001,331,409 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\CHRISB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RRHABRJS.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011/11/01 10:04:44 | 000,330,316 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\CHRISB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RRHABRJS.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012/03/21 15:52:03 | 000,097,208 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/12 09:33:56 | 000,012,800 | -H-- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/02/21 13:21:39 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/21 13:21:39 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\chrisb\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\chrisb\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\chrisb\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\chrisb\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\chrisb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Minimal = C:\Documents and Settings\chrisb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnfhcmjkebafbfikmbkhdpbmfpfjgiog\1.0_0\
CHR - Extension: Poppit = C:\Documents and Settings\chrisb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/05/07 18:06:47 | 000,000,855 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-839522115-2139871995-682003330-1189\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware2\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-21-839522115-2139871995-682003330-1189..\Run: [Akamai NetSession Interface] C:\Documents and Settings\chrisb\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-839522115-2139871995-682003330-1189..\Run: [bcbbcacadfdct] "C:\Documents and Settings\All Users\Application Data\bcbbcacadfdct.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\chrisb\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-2139871995-682003330-1189\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-839522115-2139871995-682003330-1189\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-839522115-2139871995-682003330-1189\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-839522115-2139871995-682003330-1189\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-839522115-2139871995-682003330-1189\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://server6:4343/officescan/console/ClientInstall/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://server6:4343/officescan/console/ClientInstall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab (DLM Control)
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://server6:4343/officescan/console/ClientInstall/RemoveCtrl.cab (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} https://server6:4343/SMB/console/html/root/AtxEnc.cab (Encrypt Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = perlman-az.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0868B057-5D24-47D7-9FF8-20F63CA0B631}: DhcpNameServer = 192.168.100.5
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\intelUsb3Sevices: DllName - (usbniw32.dll) - C:\WINDOWS\System32\usbniw32.dll ()
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/16 16:10:07 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/05/13 10:20:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/05/09 08:50:00 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/05/09 08:50:02 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{f3893326-4930-11dd-9394-0011432f37ca}\Shell\AutoRun\command - "" = WD_Windows_Tools\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: 29311494.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {15CA87EC-5589-D2DF-077E-9BF4751ACC9A} - Browser Customizations
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29D93885-7AB1-6B0A-60AE-59BF67123B40} - Themes Setup
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {3CC243F2-3D10-BD46-1D4A-1C7098A1F24F} - DirectAnimation
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BF24DE34-FEFF-A389-8714-1B0EC79470B6} - Vector Graphics Rendering (VML)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EAE6E05C-3C5F-8B6E-EAE1-68002ABBE8C7} - Browser Customizations
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: jukebox3 - %systemroot%\system32\clcapsvc.dll File not found
NetSvcs: pvservice - %systemroot%\system32\F700iat.dll File not found
NetSvcs: slapd-data52 - %systemroot%\system32\cypresslink.dll File not found
NetSvcs: tgsrvc_smartagent - %systemroot%\system32\epfwtdi.dll File not found
NetSvcs: lxcccustomerconnect - %systemroot%\system32\hpt3xx.dll File not found
NetSvcs: bc_prt_f - %systemroot%\system32\commserver.dll File not found
NetSvcs: wmp54gsvc - %systemroot%\system32\pfc.dll File not found
NetSvcs: streamip - %systemroot%\system32\F700iat.dll File not found
NetSvcs: DivisCTS - %systemroot%\system32\QV2KUX.dll File not found
NetSvcs: proxyhostdriver - %systemroot%\system32\ABVPN2K.dll File not found
NetSvcs: cdrbsvsd - %systemroot%\system32\EagleNT.dll File not found
NetSvcs: EpmPsd - %systemroot%\system32\CrystalSysInfo.dll File not found
NetSvcs: PciBus - %systemroot%\system32\smserial.dll File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056

========== Files/Folders - Created Within 30 Days ==========

[2012/05/09 09:20:49 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\chrisb\Desktop\OTL.exe
[2012/05/09 09:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chrisb\Desktop\aPPROPRIATE
[2012/05/09 09:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chrisb\My Documents\PLU250
[2012/05/09 08:50:00 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2012/05/09 08:41:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chrisb\Desktop\BleepingComputer
[2012/05/08 09:25:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\chrisb\Desktop\dds.exe
[2012/05/07 18:04:37 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/05/07 18:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2012/05/07 18:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2012/05/07 13:46:47 | 000,000,000 | ---D | C] -- C:\ExtraReggies
[2012/05/07 12:05:02 | 000,138,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2012/05/07 10:54:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/07 10:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chrisb\Desktop\XP
[2012/04/30 10:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chrisb\Desktop\FireEverything
[2012/04/30 09:41:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chrisb\Desktop\CIntRep-1-2-8-1288
[2012/04/24 13:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/24 13:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware2
[2012/04/24 11:46:36 | 000,000,000 | ---D | C] -- C:\ec5784095c72270dafd27ea24b
[2012/04/24 11:34:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\chrisb\Recent
[2012/04/24 11:21:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/04/24 11:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wacom Tablet
[2012/04/24 11:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SignatureCAD
[2012/04/24 11:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Red Kawa
[2012/04/24 11:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PandoraBrowse
[2012/04/24 11:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Easy Pdf Password Remover Free
[2012/04/24 10:47:51 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\chrisb\Desktop\unhide.exe
[2012/04/24 10:30:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\pss
[2012/04/24 10:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chrisb\Desktop\SystemClean
[2012/04/23 20:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/23 20:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/04/23 10:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chrisb\Desktop\ExtendedBonusRoom
[2012/04/12 08:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chrisb\Application Data\Search Settings
[2012/04/12 08:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012/04/12 08:40:05 | 000,000,000 | -H-D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2012/04/12 08:40:05 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Spigot
[2012/04/12 08:37:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/09 09:28:10 | 000,000,982 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2139871995-682003330-1189UA.job
[2012/05/09 09:00:18 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/09 09:00:10 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/09 08:59:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/09 08:58:09 | 000,000,930 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2139871995-682003330-1189Core.job
[2012/05/09 08:55:11 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/08 11:16:00 | 000,000,868 | -H-- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/05/08 09:30:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\chrisb\defogger_reenable
[2012/05/08 09:17:30 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\chrisb\Desktop\dds.exe
[2012/05/07 18:42:49 | 000,000,325 | -HS- | M] () -- C:\boot.ini
[2012/05/07 18:06:47 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/07 18:04:29 | 000,001,908 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/05/07 11:21:12 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\AFD.reg
[2012/05/06 09:35:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chrisb\Desktop\OTL.exe
[2012/05/03 16:40:16 | 000,000,171 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\Winsock-2.reg
[2012/04/30 14:43:29 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\Shortcut to !Default_XP_Home_SP3_Start_v300.reg.lnk
[2012/04/30 11:23:54 | 000,000,171 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\Winsock-1.reg
[2012/04/30 11:20:50 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\!Default_XP_Home_SP3_Start_v300.zip
[2012/04/25 10:02:02 | 000,000,828 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2012/04/24 21:22:15 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\HijackThis.lnk
[2012/04/24 16:44:01 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-47ER6.exe
[2012/04/24 16:44:01 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-47ER6.msg
[2012/04/24 16:44:01 | 000,000,482 | ---- | M] () -- C:\WINDOWS\is-47ER6.lst
[2012/04/24 16:43:58 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/24 13:33:18 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/24 12:21:18 | 000,038,400 | -H-- | M] () -- C:\WINDOWS\System32\usbniw32.dll
[2012/04/24 11:33:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-SzGd3Pt2eaVMXy
[2012/04/24 11:33:40 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SzGd3Pt2eaVMXy
[2012/04/24 11:31:59 | 000,063,346 | -H-- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2012/04/24 11:31:59 | 000,022,391 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/04/24 11:31:16 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/24 08:18:15 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-SzGd3Pt2eaVMXyr
[2012/04/23 19:11:55 | 000,347,031 | ---- | M] () -- C:\acadminidump.dmp
[2012/04/23 18:55:32 | 001,033,111 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\Vistancia.zip
[2012/04/23 17:40:23 | 000,825,955 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\WindsorModel.skp
[2012/04/23 17:21:27 | 001,575,302 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\WindsorModel.jpg
[2012/04/23 17:21:07 | 000,825,594 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\WindsorModel.skb
[2012/04/23 17:19:56 | 000,135,981 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\Color.jpg
[2012/04/23 14:40:22 | 000,437,702 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\Untitled.skp
[2012/04/23 13:38:12 | 000,098,613 | ---- | M] () -- C:\Documents and Settings\chrisb\My Documents\GEI234.jpg
[2012/04/23 10:24:28 | 000,033,665 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\143358166_Nah_Im_Cool_Man_Ima_stay_home_and_chill_with_my_monkey_answer_2_xlarge.jpeg
[2012/04/23 08:59:21 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\chrisb\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2012/04/20 15:48:38 | 000,000,181 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\fix-1.bat
[2012/04/19 13:52:04 | 000,315,103 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\Maplewood-7001-Spanish.pdf
[2012/04/19 13:51:17 | 001,427,790 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\Maplewood-6041-Tuscan.pdf
[2012/04/19 13:50:26 | 001,167,543 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\Maplewood-6002-Tuscan.pdf
[2012/04/19 13:49:45 | 000,551,226 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\Maplewood-6001-Tuscan.pdf
[2012/04/18 17:09:02 | 015,032,938 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\Elev-p6001-Tuscan.psd
[2012/04/18 15:42:08 | 002,743,856 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\Elev-p6001-Tuscan.EPS
[2012/04/18 09:44:12 | 000,639,905 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\Maplewood-Tuscan.jpg
[2012/04/18 09:19:11 | 000,266,251 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\6001-A2.9 Enhanced Elevations.dwf
[2012/04/17 18:42:22 | 002,875,272 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\Elev-p7001-Model.EPS
[2012/04/17 17:36:35 | 002,894,523 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\elev-p02-Model.EPS
[2012/04/17 14:07:53 | 000,304,163 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\6031-A2.3 Elevation 'E' - Mediterranean.dwf
[2012/04/17 08:30:00 | 000,025,211 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\Plan6041_TuscanElev.pdf
[2012/04/17 08:08:56 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\BZPORT
[2012/04/13 14:29:25 | 002,391,321 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\UL2-SketchupBoards.pdf
[2012/04/13 06:18:18 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\chrisb\Desktop\unhide.exe
[2012/04/12 17:15:00 | 000,229,611 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\Plan6041_TuscanElev.jpg
[2012/04/09 17:37:26 | 004,745,518 | ---- | M] () -- C:\Documents and Settings\chrisb\Desktop\MapleWood-6041.tif
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/08 09:30:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\chrisb\defogger_reenable
[2012/05/07 18:43:57 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/05/07 18:43:57 | 000,000,988 | ---- | C] () -- C:\Documents and Settings\chrisb\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2012/05/07 18:43:57 | 000,000,988 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2012/05/07 18:04:29 | 000,001,908 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/05/07 11:29:06 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\AFD.reg
[2012/05/07 10:40:29 | 000,000,171 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\Winsock-2.reg
[2012/04/30 14:43:29 | 000,000,583 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\Shortcut to !Default_XP_Home_SP3_Start_v300.reg.lnk
[2012/04/30 11:23:45 | 000,000,171 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\Winsock-1.reg
[2012/04/30 11:20:50 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\!Default_XP_Home_SP3_Start_v300.zip
[2012/04/30 11:18:12 | 000,007,183 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\!Default_XP_Home_SP3_Start_v300.reg
[2012/04/30 09:07:35 | 000,000,181 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\fix-1.bat
[2012/04/24 16:44:01 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-47ER6.msg
[2012/04/24 16:44:01 | 000,000,482 | ---- | C] () -- C:\WINDOWS\is-47ER6.lst
[2012/04/24 16:44:00 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-47ER6.exe
[2012/04/24 16:43:58 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/24 12:21:18 | 000,038,400 | -H-- | C] () -- C:\WINDOWS\System32\usbniw32.dll
[2012/04/24 11:09:50 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google SketchUp 8.lnk
[2012/04/24 11:09:50 | 000,001,568 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google SketchUp 7.lnk
[2012/04/24 11:09:50 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\chrisb\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/04/24 11:09:49 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\chrisb\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/04/24 11:09:49 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\chrisb\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird (2).lnk
[2012/04/24 11:09:49 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\chrisb\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Dreamweaver.exe.lnk
[2012/04/24 11:09:49 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\chrisb\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to firefox.exe.lnk
[2012/04/24 11:09:48 | 000,002,539 | ---- | C] () -- C:\Documents and Settings\chrisb\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2012/04/24 11:09:48 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\chrisb\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/04/24 11:09:48 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\chrisb\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/04/24 11:09:47 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\chrisb\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/24 11:09:47 | 000,001,780 | ---- | C] () -- C:\Documents and Settings\chrisb\Application Data\Microsoft\Internet Explorer\Quick Launch\BillQuick 2011.lnk
[2012/04/24 11:09:47 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\chrisb\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop CS2.lnk
[2012/04/24 11:09:47 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\chrisb\Application Data\Microsoft\Internet Explorer\Quick Launch\Google SketchUp 8.lnk
[2012/04/24 11:09:47 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\chrisb\Application Data\Microsoft\Internet Explorer\Quick Launch\BillQuick 2008.lnk
[2012/04/24 11:09:47 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\chrisb\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe InDesign CS2.lnk
[2012/04/24 11:09:47 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\YouSendIt.lnk
[2012/04/24 11:09:46 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2012/04/24 11:09:46 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/04/24 11:09:46 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/04/24 11:09:42 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Switch Sound File Converter.lnk
[2012/04/24 11:09:36 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/04/24 11:09:35 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/24 11:09:34 | 000,001,820 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Web Platform Installer.lnk
[2012/04/24 11:09:13 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/04/24 11:09:13 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2012/04/24 11:09:12 | 000,002,245 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Illustrator CS2.lnk
[2012/04/24 11:09:12 | 000,001,773 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2012/04/24 11:09:12 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help Center.lnk
[2012/04/24 11:09:12 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe InDesign CS2.lnk
[2012/04/24 11:09:11 | 000,002,335 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 8 Standard.lnk
[2012/04/24 11:09:11 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge.lnk
[2012/04/24 11:09:09 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 8.lnk
[2012/04/24 10:29:31 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\HijackThis.lnk
[2012/04/24 08:18:15 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-SzGd3Pt2eaVMXyr
[2012/04/24 08:18:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-SzGd3Pt2eaVMXy
[2012/04/24 08:17:55 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SzGd3Pt2eaVMXy
[2012/04/23 19:57:04 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/23 18:55:32 | 001,033,111 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\Vistancia.zip
[2012/04/23 17:03:56 | 001,575,302 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\WindsorModel.jpg
[2012/04/23 14:51:16 | 000,825,594 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\WindsorModel.skb
[2012/04/23 14:40:40 | 000,825,955 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\WindsorModel.skp
[2012/04/23 14:40:21 | 000,437,702 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\Untitled.skp
[2012/04/23 13:41:04 | 000,135,981 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\Color.jpg
[2012/04/23 13:38:12 | 000,098,613 | ---- | C] () -- C:\Documents and Settings\chrisb\My Documents\GEI234.jpg
[2012/04/23 10:24:27 | 000,033,665 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\143358166_Nah_Im_Cool_Man_Ima_stay_home_and_chill_with_my_monkey_answer_2_xlarge.jpeg
[2012/04/19 13:52:04 | 000,315,103 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\Maplewood-7001-Spanish.pdf
[2012/04/19 13:51:16 | 001,427,790 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\Maplewood-6041-Tuscan.pdf
[2012/04/19 13:50:26 | 001,167,543 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\Maplewood-6002-Tuscan.pdf
[2012/04/19 13:49:45 | 000,551,226 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\Maplewood-6001-Tuscan.pdf
[2012/04/18 16:35:01 | 015,032,938 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\Elev-p6001-Tuscan.psd
[2012/04/18 15:41:25 | 002,743,856 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\Elev-p6001-Tuscan.EPS
[2012/04/18 09:44:08 | 000,639,905 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\Maplewood-Tuscan.jpg
[2012/04/18 09:19:11 | 000,266,251 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\6001-A2.9 Enhanced Elevations.dwf
[2012/04/17 18:42:03 | 002,875,272 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\Elev-p7001-Model.EPS
[2012/04/17 17:28:57 | 002,894,523 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\elev-p02-Model.EPS
[2012/04/17 14:07:53 | 000,304,163 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\6031-A2.3 Elevation 'E' - Mediterranean.dwf
[2012/04/13 14:28:56 | 002,391,321 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\UL2-SketchupBoards.pdf
[2012/04/12 17:15:00 | 000,229,611 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\Plan6041_TuscanElev.jpg
[2012/04/12 15:34:51 | 000,025,211 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\Plan6041_TuscanElev.pdf
[2012/04/09 17:37:25 | 004,745,518 | ---- | C] () -- C:\Documents and Settings\chrisb\Desktop\MapleWood-6041.tif
[2011/12/06 09:11:59 | 000,001,094 | -HS- | C] () -- C:\Documents and Settings\chrisb\Local Settings\Application Data\e4y1vip1181
[2011/12/06 09:11:59 | 000,001,094 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\e4y1vip1181
[2011/09/22 08:06:40 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/12 10:04:42 | 000,002,027 | ---- | C] () -- C:\Documents and Settings\chrisb\Local Settings\Application Data\springsettings.cfg
[2010/09/17 08:19:01 | 000,001,801 | -H-- | C] () -- C:\WINDOWS\System32\Wacom_Tablet.dat

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/05/13 02:30:20 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/05/13 02:30:20 | 000,659,456 | -H-- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/05/13 02:30:20 | 000,905,216 | -H-- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AFD.SYS >
[2008/04/13 12:19:23 | 000,138,112 | -H-- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/04/13 12:19:23 | 000,138,112 | -H-- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008/04/13 12:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\system32\dllcache\afd.sys
[2008/04/13 12:19:23 | 000,138,112 | -H-- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\system32\drivers\afd.sys
[2011/02/16 06:22:48 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 08:07:58 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 03:34:26 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2004/08/04 03:00:00 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008/10/16 07:43:01 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 03:04:36 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 06:25:05 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 04:48:03 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 04:40:08 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011/08/17 06:41:46 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

< MD5 for: ASFALRT.SYS >
[2002/12/18 04:31:06 | 000,036,064 | -H-- | M] (Intel Corporation) MD5=E301DD2B6CCED65E0537CEAEE8F954B6 -- C:\WINDOWS\system32\drivers\Asfalrt.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 03:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/05/13 13:53:20 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/05/13 13:53:20 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 03:00:00 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 03:00:00 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: NETBT.SYS >
[2004/08/04 03:00:00 | 000,162,816 | -H-- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008/04/13 12:21:00 | 000,162,816 | -H-- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 12:21:00 | 000,162,816 | -H-- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: NV4_MINI.SYS >
[2004/08/04 03:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:nv4_mini.sys
[2008/05/13 13:53:20 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:nv4_mini.sys
[2008/05/13 13:53:20 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:nv4_mini.sys
[2004/08/03 22:29:56 | 001,897,408 | -H-- | M] (NVIDIA Corporation) MD5=2B298519EDBFCF451D43E0F1E8F1006D -- C:\WINDOWS\ServicePackFiles\i386\nv4_mini.sys
[2005/07/13 15:33:00 | 003,168,352 | -H-- | M] (NVIDIA Corporation) MD5=FD933F7A82BC2C2E6C687128E3279019 -- C:\WINDOWS\system32\dllcache\nv4_mini.sys
[2005/07/13 15:33:00 | 003,168,352 | -H-- | M] (NVIDIA Corporation) MD5=FD933F7A82BC2C2E6C687128E3279019 -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2005/07/13 15:33:00 | 003,168,352 | -H-- | M] (NVIDIA Corporation) MD5=FD933F7A82BC2C2E6C687128E3279019 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\nv4_mini.sys

< MD5 for: SENFILT.SYS >
[2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) MD5=B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 -- C:\DELL\drivers\R105155\SMAXWDM\W2K_XP\senfilt.sys
[2004/09/17 09:02:54 | 000,732,928 | -H-- | M] (Creative Technology Ltd.) MD5=B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 -- C:\WINDOWS\system32\drivers\senfilt.sys

< MD5 for: VOLSNAP.SYS >
[2008/04/13 11:41:01 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 11:41:01 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 03:00:00 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:00:00 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware2\Chameleon\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< net start Dhcp /c >
The DHCP Client service is starting.
The DHCP Client service was started successfully.

< net start afd /c >

< net start sharedaccess /c >
The Windows Firewall/Internet Connection Sharing (ICS) service is starting.

< net start netman /c >

< net start winmgmt /c >

< net start Srservice /c >

< net start wscsvc /c >
The Security Center service is starting.

< net start wuauserv /c >

< net start BITS /c >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/21 15:51:57 | 000,834,712 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/21 15:51:57 | 000,834,712 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/21 15:51:57 | 000,834,712 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/21 15:52:02 | 000,924,600 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/21 15:52:02 | 000,924,600 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/21 15:52:02 | 000,924,600 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\chrisb\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/12 00:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\chrisb\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/12 00:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\chrisb\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/12 00:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\chrisb\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/04/12 00:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/17 05:21:24 | 000,070,656 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/17 05:21:24 | 000,070,656 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/17 05:21:24 | 000,070,656 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/08/17 04:01:37 | 000,634,632 | -H-- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB59771$] -> Error: Cannot create file handle -> Unknown point type
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16E029F0

< End of report >


OTL Extras logfile created on: 5/9/2012 9:22:43 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\chrisb\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.58% Memory free
3.85 Gb Paging File | 3.41 Gb Available in Paging File | 88.74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 16.59 Gb Free Space | 22.26% Space Free | Partition Type: NTFS
Drive F: | 244.63 Mb Total Space | 59.31 Mb Free Space | 24.25% Space Free | Partition Type: FAT

Computer Name: PERLMAN-026 | User Name: chrisb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-839522115-2139871995-682003330-1189\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = localsubnet

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = localsubnet

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"2868:TCP" = 2868:TCP:*:Enabled:Norman
"2868:UDP" = 2868:UDP:*:Enabled:Norman

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2868:TCP" = 2868:TCP:*:Enabled:Norman
"2868:UDP" = 2868:UDP:*:Enabled:Norman

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CEC06EF-5052-4CE8-8256-74AE363A4238}" = Adobe Creative Suite 3 Master Collection
"{0DFD5020-A5DC-4640-B35B-E2D7C002E88B}" = Autodesk AliasStudioPLE 2008
"{0E31CA83-8E2B-4B0D-A84D-F561B6CD482D}" = QBFC 5.0
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{12E75B98-8463-4C1F-8DDA-F6CF31566A55}" = Google SketchUp Pro 6
"{14317CFE-F30C-4D11-90B1-2D514ED3A2DC}" = Autodesk Raster Design 2008 Object Enabler on DWG TrueView 2008 - English (United States)
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.2
"{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}" = Adobe Setup
"{217165E1-294E-4B50-8D19-E8EBC1EA77CB}" = AutoCAD Civil 2008 Object Enabler on AutoCAD Architecture 2008 - English (United States)
"{228EAF16-EEA2-4615-A646-5941B543EC44}" = BillQuick 2008
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26688195-F650-43ED-AFB4-50479F9DC480}" = BillQuick 2011
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{30998034-DC46-457B-B935-2813636F8DDB}" = MetaPrint Client 2.0.9.0
"{33E39CA2-A11C-4b40-B6CE-B548FFEC16FA}" = YouTube Downloader Toolbar v5.4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{5169D2E2-0B94-3320-8C7A-718F92BE20CE}" = Microsoft Visual Basic PowerPacks 1.2
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-6004-0409-0002-0060B0CE6BBA}" = AutoCAD Architecture 2008
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AC56732-74A1-4B1A-82B1-5AC8FFC0E789}" = BillQuick 2011 (Patch Build 12.0.64.0)
"{5E1A4985-6C58-400D-B383-E692B2548255}" = Technesis SmartSpool
"{637AF5A9-CFD1-43D7-A622-8F93954E92E3}" = AirPort
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75B40D99-9CF4-11D7-950B-00B0D0235AE8}" = OcÚ Client Tools
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{86FEEF96-13D5-464B-A1DE-BE717D31182C}" = Norman Endpoint Protection
"{8965F790-8196-4487-B244-3FC52B503A52}" = BillQuick 2011 (Patch Build 12.0.66.0)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8D1860CF-FC19-42AC-B20F-6ABBD29668E5}" = AutoCAD MEP 2008 Object Enabler on AutoCAD Architecture 2008 - English (United States)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B1A9CD45-A702-4E3B-91ED-8CD562869901}" = DWG TrueView 2008
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C12D609B-EB71-411B-82C3-9BE6D40435D7}" = Google SketchUp LayOut 6
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3BAE6D2-0FAD-4C32-8138-8A226460C864}" = Intel ® Pro Alerting Agent
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{CD085EAD-2136-4461-8B27-E293CF35334D}" = BillQuick 2008 (Patch Build 9.0.104)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01653EF-9F9F-41D6-B879-654A6BF5892C}" = Digital Locker Assistant
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D5F881C2-B134-474E-AA60-B25DD218AE0D}" = Crash Analysis Tool
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E08DDAC6-7F05-49EB-BD7D-FB2A0D9D7740}" = BillQuick 2008 (Patch Build 9.0.97)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Web Only
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}" = Google SketchUp 6 Exporters
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.2 Standard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_5ac697db6c6103f6f8b5198d25f73f7" = Add or Remove Adobe Creative Suite 3 Master Collection
"Akamai" = Akamai NetSession Interface Service
"AutoCAD Architecture 2008" = AutoCAD Architecture 2008
"AutoCAD Architecture 2008 SP1" = AutoCAD Architecture 2008 SP1
"Autodesk Design Review 2009" = Autodesk Design Review 2009
"AviSynth" = AviSynth 2.5
"COMcheck 3.5.0" = COMcheck 3.5.0
"DWG TrueView 2008" = DWG TrueView 2008
"EnergyPlus Version 3.0" = EnergyPlus Version 3.0
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.3.5.1
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InfraRecorder" = InfraRecorder
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"IrfanView" = IrfanView (remove only)
"Lizard Safeguard - PDF Viewer_is1" = Lizard Safeguard - PDF Viewer 2.5.83
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenStudio_is1" = OpenStudio 1.0.2
"OziExplorer 3.95_is1" = OziExplorer 3.95
"Palette Previewer™" = Palette Previewer™
"PROSet" = Intel® PRO Network Connections Drivers
"Spring" = Spring 0.82.6.1
"STANDARD" = Microsoft Office Standard 2007
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"VLC media player" = VLC media player 0.9.9
"V-Ray for SketchUp 1.49.01" = V-Ray for SketchUp
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-839522115-2139871995-682003330-1189\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"COMcheck 3.9.0.2 " = COMcheck 3.9.0.2 (Current User)
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/7/2012 6:33:33 PM | Computer Name = PERLMAN-026 | Source = Application Error | ID = 1000
Description = Faulting application nip.exe, version 1.2.0.30, faulting module ntdll.dll,
version 5.1.2600.6055, fault address 0x0000100b.

Error - 5/7/2012 8:22:56 PM | Computer Name = PERLMAN-026 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The network location cannot be reached. For information about network
troubleshooting, see Windows Help. ). Group Policy processing aborted.

Error - 5/7/2012 10:06:56 PM | Computer Name = PERLMAN-026 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The network location cannot be reached. For information about network
troubleshooting, see Windows Help. ). Group Policy processing aborted.

Error - 5/8/2012 12:09:54 PM | Computer Name = PERLMAN-026 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The network location cannot be reached. For information about network
troubleshooting, see Windows Help. ). Group Policy processing aborted.

Error - 5/8/2012 12:09:58 PM | Computer Name = PERLMAN-026 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x800704cf). The network location cannot be reached. For
information about network troubleshooting, see Windows Help. Enrollment will not
be performed.

Error - 5/8/2012 12:09:59 PM | Computer Name = PERLMAN-026 | Source = UserInit | ID = 1000
Description = Could not execute the following script PushPrinterConnections.exe.
The system cannot find the file specified. .

Error - 5/8/2012 12:09:59 PM | Computer Name = PERLMAN-026 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The network location cannot be reached. For information about network
troubleshooting, see Windows Help. ). Group Policy processing aborted.

Error - 5/8/2012 12:10:01 PM | Computer Name = PERLMAN-026 | Source = UserInit | ID = 1000
Description = Could not execute the following script FontCopy.bat. The system cannot
find the file specified. .

Error - 5/8/2012 12:10:12 PM | Computer Name = PERLMAN-026 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 5/8/2012 12:14:13 PM | Computer Name = PERLMAN-026 | Source = Application Error | ID = 1000
Description = Faulting application nip.exe, version 1.2.0.30, faulting module ntdll.dll,
version 5.1.2600.6055, fault address 0x0000100b.

[ OSession Events ]
Error - 10/7/2009 12:21:59 PM | Computer Name = PERLMAN-026 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 83535
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/7/2009 12:21:59 PM | Computer Name = PERLMAN-026 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 83039
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/7/2009 12:21:59 PM | Computer Name = PERLMAN-026 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 82741
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/7/2009 12:21:59 PM | Computer Name = PERLMAN-026 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 82568
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/7/2009 12:21:59 PM | Computer Name = PERLMAN-026 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 81740
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/5/2010 2:21:02 PM | Computer Name = PERLMAN-026 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5622
seconds with 180 seconds of active time. This session ended with a crash.

Error - 1/18/2011 7:18:33 PM | Computer Name = PERLMAN-026 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 26906
seconds with 720 seconds of active time. This session ended with a crash.

Error - 8/18/2011 12:45:58 PM | Computer Name = PERLMAN-026 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/30/2011 1:01:57 PM | Computer Name = PERLMAN-026 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 59920
seconds with 1140 seconds of active time. This session ended with a crash.

Error - 12/9/2011 4:20:23 PM | Computer Name = PERLMAN-026 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 116
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/9/2012 12:01:29 PM | Computer Name = PERLMAN-026 | Source = Service Control Manager | ID = 7023
Description = The LHidFilt service terminated with the following error: %%126

Error - 5/9/2012 12:01:29 PM | Computer Name = PERLMAN-026 | Source = Service Control Manager | ID = 7023
Description = The Mcafeeframework service terminated with the following error: %%126

Error - 5/9/2012 12:01:29 PM | Computer Name = PERLMAN-026 | Source = Service Control Manager | ID = 7023
Description = The VRFIL service terminated with the following error: %%126

Error - 5/9/2012 12:01:29 PM | Computer Name = PERLMAN-026 | Source = Service Control Manager | ID = 7023
Description = The Si3114r5 service terminated with the following error: %%126

Error - 5/9/2012 12:01:29 PM | Computer Name = PERLMAN-026 | Source = Service Control Manager | ID = 7023
Description = The Intcazaudaddservice service terminated with the following error:
%%126

Error - 5/9/2012 12:01:29 PM | Computer Name = PERLMAN-026 | Source = Service Control Manager | ID = 7023
Description = The Tapvpn service terminated with the following error: %%126

Error - 5/9/2012 12:01:29 PM | Computer Name = PERLMAN-026 | Source = Service Control Manager | ID = 7023
Description = The DcFpoint service terminated with the following error: %%126

Error - 5/9/2012 12:01:29 PM | Computer Name = PERLMAN-026 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%10047

Error - 5/9/2012 12:01:29 PM | Computer Name = PERLMAN-026 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD SASKUTIL

Error - 5/9/2012 12:48:16 PM | Computer Name = PERLMAN-026 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%10047


< End of report >


5. Computer is running good. No internet access though. Thanks again :)

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:38 PM

Posted 10 May 2012 - 01:07 AM

Hi carb18!

Not a problem! I'm glad to be able to help you out. :)

1. I did run tdskiller and did quarantine and possibly delete some things in the last three days. Just wanted to make sure you that you were aware.

Okay, thanks for letting me know that.

Can you tell me what else you've done on your own so far, just so I have a better idea of what's going on with the machine?

From the looks of your logs, I see some entries that seem to suggest that this might be a business/company computer.

I ask because I know some companies have strict computing policies when it comes to infected computers. I have no problems assisting you if this is a business/company machine, I just want to make sure that we're not stepping on anybodies toes here, and that you're not going to be getting into any trouble.

Let me know.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 carb18

carb18
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 10 May 2012 - 01:27 AM

Hey ST,

Yes it is, but we are a very small company and do not have any IT, so we are grateful for any of your advice.

I don't have remember exactly what I did but I know I did the following.

-Ran Rkill
-Ran SuperAnti Spyware Full Scan
-Ran MSE Full Scan
-Ran Malware Bytes
-Removed or Quarantined Anything found in any of the scans.
-Deleted a few suspicious registries

At this point my computer ran smoothly but I had no connection to our LAN.

-Ran FSS scans
-Searched around on bleeping computer and added some registries/programs that FSS said were missing. (Winsock and a few others)

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:38 PM

Posted 10 May 2012 - 01:32 AM

Hi carb18!

Yes it is, but we are a very small company and do not have any IT, so we are grateful for any of your advice.

Okay, that's not a problem.

-Ran SuperAnti Spyware Full Scan
-Ran MSE Full Scan
-Ran Malware Bytes


Any chance you could provide me with the log files that were produced when you ran those scans?

I do have a fix all ready to go for you, I just want to make sure that I have the entire picture of what was done before we started working together.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 carb18

carb18
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 10 May 2012 - 11:32 PM

Unfortunately I never saved any of those logs. Is there a place on my computer where they might have been stored automatically?

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:38 PM

Posted 11 May 2012 - 12:49 AM

Hi carb18,

Look here for MalwareBytes' Anti-Malware.

Grab Malwarebytes' Anti-Malware Log-File

  • Open Malwarebytes' Anti-Malware
  • Select the Logs tab
  • Click on the latest log. The bottom most log is the latest
  • Click Open
  • Notepad will open. Please post this log in your next reply.


--------

ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.

ERUNT utility program
Download:

  • Please download ERUNT...by Lars Hederer. Save it to your desktop.
  • Double-click erunt-setup-exe to start the install process. Follow the install prompts.
  • Use the default install settings...
    say "NO" to the section that asks you to add ERUNT to the Start-Up folder. Enable this option later if desired.
  • Start ERUNT by opting to start the program at the end of setup -or- double click the desktop icon.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK ... Then click on "YES" to create the folder.
Run:
  • Please navigate to Start >> All Programs >> ERUNT. Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


NEXT:




OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    MOD - [2012/04/24 12:21:18 | 000,038,400 | -H-- | M] () -- C:\WINDOWS\system32\usbniw32.dll
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pfc.dll -- (wmp54gsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\epfwtdi.dll -- (tgsrvc_smartagent)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\F700iat.dll -- (streamip)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cypresslink.dll -- (slapd-data52)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\F700iat.dll -- (pvservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ABVPN2K.dll -- (proxyhostdriver)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smserial.dll -- (PciBus)
    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hpt3xx.dll -- (lxcccustomerconnect)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\clcapsvc.dll -- (jukebox3)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CrystalSysInfo.dll -- (EpmPsd)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\QV2KUX.dll -- (DivisCTS)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EagleNT.dll -- (cdrbsvsd)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\commserver.dll -- (bc_prt_f)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\zfyexixv.sys -- (zfyexixv)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\yrcgvaqp.sys -- (yrcgvaqp)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\xvlboqgf.sys -- (xvlboqgf)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\trvwhwvl.sys -- (trvwhwvl)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ocecyjmz.sys -- (ocecyjmz)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\jkvaoffu.sys -- (jkvaoffu)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\hjvrrnwn.sys -- (hjvrrnwn)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cnoskfrw.sys -- (cnoskfrw)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ajdrsshx.sys -- (ajdrsshx)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (76911209)
    O4 - HKU\S-1-5-21-839522115-2139871995-682003330-1189..\Run: [bcbbcacadfdct] "C:\Documents and Settings\All Users\Application Data\bcbbcacadfdct.exe" File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O20 - Winlogon\Notify\intelUsb3Sevices: DllName - (usbniw32.dll) - C:\WINDOWS\System32\usbniw32.dll ()
    O33 - MountPoints2\{f3893326-4930-11dd-9394-0011432f37ca}\Shell\AutoRun\command - "" = WD_Windows_Tools\Setup.exe
    NetSvcs: jukebox3 - %systemroot%\system32\clcapsvc.dll File not found
    NetSvcs: pvservice - %systemroot%\system32\F700iat.dll File not found
    NetSvcs: slapd-data52 - %systemroot%\system32\cypresslink.dll File not found
    NetSvcs: tgsrvc_smartagent - %systemroot%\system32\epfwtdi.dll File not found
    NetSvcs: lxcccustomerconnect - %systemroot%\system32\hpt3xx.dll File not found
    NetSvcs: bc_prt_f - %systemroot%\system32\commserver.dll File not found
    NetSvcs: wmp54gsvc - %systemroot%\system32\pfc.dll File not found
    NetSvcs: streamip - %systemroot%\system32\F700iat.dll File not found
    NetSvcs: DivisCTS - %systemroot%\system32\QV2KUX.dll File not found
    NetSvcs: proxyhostdriver - %systemroot%\system32\ABVPN2K.dll File not found
    NetSvcs: cdrbsvsd - %systemroot%\system32\EagleNT.dll File not found
    NetSvcs: EpmPsd - %systemroot%\system32\CrystalSysInfo.dll File not found
    NetSvcs: PciBus - %systemroot%\system32\smserial.dll File not found
    [2012/04/24 12:21:18 | 000,038,400 | -H-- | M] () -- C:\WINDOWS\System32\usbniw32.dll
    [2012/04/24 11:33:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-SzGd3Pt2eaVMXy
    [2012/04/24 11:33:40 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SzGd3Pt2eaVMXy
    [2012/04/24 11:31:16 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
    [2012/04/24 08:18:15 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-SzGd3Pt2eaVMXyr
    [2012/04/24 12:21:18 | 000,038,400 | -H-- | C] () -- C:\WINDOWS\System32\usbniw32.dll
    [2012/04/24 08:18:15 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-SzGd3Pt2eaVMXyr
    [2012/04/24 08:18:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-SzGd3Pt2eaVMXy
    [2012/04/24 08:17:55 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SzGd3Pt2eaVMXy
    [2012/04/23 19:57:04 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
    [2011/12/06 09:11:59 | 000,001,094 | -HS- | C] () -- C:\Documents and Settings\chrisb\Local Settings\Application Data\e4y1vip1181
    [2011/12/06 09:11:59 | 000,001,094 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\e4y1vip1181
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


Let me know how the above goes.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 carb18

carb18
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 11 May 2012 - 11:09 AM

Thanks ST.

Here is the most recent malware bytes log. It's actually clean so I am posting two more that actually show what was removed. Backup of registry went smoothly.

Malware Log 2 - 4/30/12

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.23.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
chrisb :: PERLMAN-026 [administrator]

Protection: Enabled

4/30/2012 2:44:44 PM
mbam-log-2012-04-30 (14-44-44).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 438298
Time elapsed: 2 hour(s), 59 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Malware Log 2 - 4/25/12
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
chrisb :: PERLMAN-026 [administrator]

Protection: Enabled

4/25/2012 5:44:01 PM
mbam-log-2012-04-25 (17-44-01).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 436959
Time elapsed: 3 hour(s), 5 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\System Volume Information\_restore{8504C646-78FC-40C4-B873-E4BF9F93E1C1}\RP1053\A0156052.rbf (PUP.Dealio.TB) -> Quarantined and deleted successfully.

(end)



Malware Log 3 - 4/24/12

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
chrisb :: PERLMAN-026 [administrator]

Protection: Enabled

4/24/2012 4:52:22 PM
mbam-log-2012-04-24 (16-52-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 269612
Time elapsed: 1 hour(s), 17 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Privacy Protection (Rogue.PrvacyProtect) -> Data: C:\Documents and Settings\All Users\Application Data\privacy.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL Log(Looks like there was some type of error?)


Error: Unable to interpret <:Services
:Processes
KILLALLPROCESSES
:OTL
MOD - [2012/04/24 12:21:18 | 000,038,400 | -H-- | M] () -- C:\WINDOWS\system32\usbniw32.dll
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pfc.dll -- (wmp54gsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\epfwtdi.dll -- (tgsrvc_smartagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\F700iat.dll -- (streamip)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cypresslink.dll -- (slapd-data52)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\F700iat.dll -- (pvservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ABVPN2K.dll -- (proxyhostdriver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smserial.dll -- (PciBus)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hpt3xx.dll -- (lxcccustomerconnect)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32> in the current context!
Error: Unable to interpret <\clcapsvc.dll -- (jukebox3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CrystalSysInfo.dll -- (EpmPsd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\QV2KUX.dll -- (DivisCTS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EagleNT.dll -- (cdrbsvsd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\commserver.dll -- (bc_prt_f)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\zfyexixv.sys -- (zfyexixv)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\yrcgvaqp.sys -- (yrcgvaqp)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\xvlboqgf.sys -- (xvlboqgf)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\trvwhwvl.sys -- (trvwhwvl)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ocecyjmz.sys -- (ocecyjmz)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\jkvaoffu.sys -- (j> in the current context!
Error: Unable to interpret <kvaoffu)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\hjvrrnwn.sys -- (hjvrrnwn)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cnoskfrw.sys -- (cnoskfrw)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ajdrsshx.sys -- (ajdrsshx)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (76911209)
O4 - HKU\S-1-5-21-839522115-2139871995-682003330-1189..\Run: [bcbbcacadfdct] "C:\Documents and Settings\All Users\Application Data\bcbbcacadfdct.exe" File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-952> in the current context!
Error: Unable to interpret <2-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - Winlogon\Notify\intelUsb3Sevices: DllName - (usbniw32.dll) - C:\WINDOWS\System32\usbniw32.dll ()
O33 - MountPoints2\{f3893326-4930-11dd-9394-0011432f37ca}\Shell\AutoRun\command - "" = WD_Windows_Tools\Setup.exe
NetSvcs: jukebox3 - %systemroot%\system32\clcapsvc.dll File not found
NetSvcs: pvservice - %systemroot%\system32\F700iat.dll File not found
NetSvcs: slapd-data52 - %systemroot%\system32\cypresslink.dll File not found
NetSvcs: tgsrvc_smartagent - %systemroot%\system32\epfwtdi.dll File not found
NetSvcs: lxcccustomerconnect - %systemroot%\system32\hpt3xx.dll File not found
NetSvcs: bc_prt_f - %systemroot%\system32\commserver.dll File not found
NetSvcs: wmp54gsvc - %systemroot%\system32\pfc.dll File not found
NetSvcs: streamip - %systemroot%\system32\F700iat.dll File not found
NetSvcs: DivisCTS - %systemroot%\system32\QV2KUX.dll File not found
NetSvcs: proxyhostdriver - %systemroot%\system32\ABVPN2K.dll Fi> in the current context!
Error: Unable to interpret <le not found
NetSvcs: cdrbsvsd - %systemroot%\system32\EagleNT.dll File not found
NetSvcs: EpmPsd - %systemroot%\system32\CrystalSysInfo.dll File not found
NetSvcs: PciBus - %systemroot%\system32\smserial.dll File not found
[2012/04/24 12:21:18 | 000,038,400 | -H-- | M] () -- C:\WINDOWS\System32\usbniw32.dll
[2012/04/24 11:33:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-SzGd3Pt2eaVMXy
[2012/04/24 11:33:40 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SzGd3Pt2eaVMXy
[2012/04/24 11:31:16 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/24 08:18:15 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-SzGd3Pt2eaVMXyr
[2012/04/24 12:21:18 | 000,038,400 | -H-- | C] () -- C:\WINDOWS\System32\usbniw32.dll
[2012/04/24 08:18:15 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-SzGd3Pt2eaVMXyr
[2012/04/24 08:18:15 | 000,000,000 | ---- | C] (> in the current context!
Error: Unable to interpret <) -- C:\Documents and Settings\All Users\Application Data\-SzGd3Pt2eaVMXy
[2012/04/24 08:17:55 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SzGd3Pt2eaVMXy
[2012/04/23 19:57:04 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2011/12/06 09:11:59 | 000,001,094 | -HS- | C] () -- C:\Documents and Settings\chrisb\Local Settings\Application Data\e4y1vip1181
[2011/12/06 09:11:59 | 000,001,094 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\e4y1vip1181

:Reg

:Files
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[EMPTYFLASH]
[EMPTYJAVA]> in the current context!

OTL by OldTimer - Version 3.2.42.3 log created on 05112012_085410

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:38 PM

Posted 12 May 2012 - 08:06 AM

Hi carb18!

Here is the most recent malware bytes log. It's actually clean so I am posting two more that actually show what was removed. Backup of registry went smoothly.

Okay. Thanks :)

Can you please try running the OTL fix for me again?

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    MOD - [2012/04/24 12:21:18 | 000,038,400 | -H-- | M] () -- C:\WINDOWS\system32\usbniw32.dll
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pfc.dll -- (wmp54gsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\epfwtdi.dll -- (tgsrvc_smartagent)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\F700iat.dll -- (streamip)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cypresslink.dll -- (slapd-data52)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\F700iat.dll -- (pvservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ABVPN2K.dll -- (proxyhostdriver)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smserial.dll -- (PciBus)
    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hpt3xx.dll -- (lxcccustomerconnect)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\clcapsvc.dll -- (jukebox3)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CrystalSysInfo.dll -- (EpmPsd)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\QV2KUX.dll -- (DivisCTS)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EagleNT.dll -- (cdrbsvsd)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\commserver.dll -- (bc_prt_f)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\zfyexixv.sys -- (zfyexixv)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\yrcgvaqp.sys -- (yrcgvaqp)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\xvlboqgf.sys -- (xvlboqgf)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\trvwhwvl.sys -- (trvwhwvl)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ocecyjmz.sys -- (ocecyjmz)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\jkvaoffu.sys -- (jkvaoffu)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\hjvrrnwn.sys -- (hjvrrnwn)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cnoskfrw.sys -- (cnoskfrw)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ajdrsshx.sys -- (ajdrsshx)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (76911209)
    O4 - HKU\S-1-5-21-839522115-2139871995-682003330-1189..\Run: [bcbbcacadfdct] "C:\Documents and Settings\All Users\Application Data\bcbbcacadfdct.exe" File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O20 - Winlogon\Notify\intelUsb3Sevices: DllName - (usbniw32.dll) - C:\WINDOWS\System32\usbniw32.dll ()
    O33 - MountPoints2\{f3893326-4930-11dd-9394-0011432f37ca}\Shell\AutoRun\command - "" = WD_Windows_Tools\Setup.exe
    NetSvcs: jukebox3 - %systemroot%\system32\clcapsvc.dll File not found
    NetSvcs: pvservice - %systemroot%\system32\F700iat.dll File not found
    NetSvcs: slapd-data52 - %systemroot%\system32\cypresslink.dll File not found
    NetSvcs: tgsrvc_smartagent - %systemroot%\system32\epfwtdi.dll File not found
    NetSvcs: lxcccustomerconnect - %systemroot%\system32\hpt3xx.dll File not found
    NetSvcs: bc_prt_f - %systemroot%\system32\commserver.dll File not found
    NetSvcs: wmp54gsvc - %systemroot%\system32\pfc.dll File not found
    NetSvcs: streamip - %systemroot%\system32\F700iat.dll File not found
    NetSvcs: DivisCTS - %systemroot%\system32\QV2KUX.dll File not found
    NetSvcs: proxyhostdriver - %systemroot%\system32\ABVPN2K.dll File not found
    NetSvcs: cdrbsvsd - %systemroot%\system32\EagleNT.dll File not found
    NetSvcs: EpmPsd - %systemroot%\system32\CrystalSysInfo.dll File not found
    NetSvcs: PciBus - %systemroot%\system32\smserial.dll File not found
    [2012/04/24 12:21:18 | 000,038,400 | -H-- | M] () -- C:\WINDOWS\System32\usbniw32.dll
    [2012/04/24 11:33:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-SzGd3Pt2eaVMXy
    [2012/04/24 11:33:40 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SzGd3Pt2eaVMXy
    [2012/04/24 11:31:16 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
    [2012/04/24 08:18:15 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-SzGd3Pt2eaVMXyr
    [2012/04/24 12:21:18 | 000,038,400 | -H-- | C] () -- C:\WINDOWS\System32\usbniw32.dll
    [2012/04/24 08:18:15 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-SzGd3Pt2eaVMXyr
    [2012/04/24 08:18:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-SzGd3Pt2eaVMXy
    [2012/04/24 08:17:55 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SzGd3Pt2eaVMXy
    [2012/04/23 19:57:04 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
    [2011/12/06 09:11:59 | 000,001,094 | -HS- | C] () -- C:\Documents and Settings\chrisb\Local Settings\Application Data\e4y1vip1181
    [2011/12/06 09:11:59 | 000,001,094 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\e4y1vip1181
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 carb18

carb18
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 14 May 2012 - 08:44 PM

Sorry for the delay. It took me a couple of times to get it to run. :)


========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Service wmp54gsvc stopped successfully!
Service wmp54gsvc deleted successfully!
File %systemroot%\system32\pfc.dll not found.
Service tgsrvc_smartagent stopped successfully!
Service tgsrvc_smartagent deleted successfully!
File %systemroot%\system32\epfwtdi.dll not found.
Service streamip stopped successfully!
Service streamip deleted successfully!
File %systemroot%\system32\F700iat.dll not found.
Service slapd-data52 stopped successfully!
Service slapd-data52 deleted successfully!
File %systemroot%\system32\cypresslink.dll not found.
Service pvservice stopped successfully!
Service pvservice deleted successfully!
File %systemroot%\system32\F700iat.dll not found.
Service proxyhostdriver stopped successfully!
Service proxyhostdriver deleted successfully!
File %systemroot%\system32\ABVPN2K.dll not found.
Service PciBus stopped successfully!
Service PciBus deleted successfully!
File %systemroot%\system32\smserial.dll not found.
Service NVSvc stopped successfully!
Service NVSvc deleted successfully!
File C:\WINDOWS\system32\nvsvc32.exe not found.
Service lxcccustomerconnect stopped successfully!
Service lxcccustomerconnect deleted successfully!
File %systemroot%\system32\hpt3xx.dll not found.
Service jukebox3 stopped successfully!
Service jukebox3 deleted successfully!
File %systemroot%\system32\clcapsvc.dll not found.
Service EpmPsd stopped successfully!
Service EpmPsd deleted successfully!
File %systemroot%\system32\CrystalSysInfo.dll not found.
Service DivisCTS stopped successfully!
Service DivisCTS deleted successfully!
File %systemroot%\system32\QV2KUX.dll not found.
Service cdrbsvsd stopped successfully!
Service cdrbsvsd deleted successfully!
File %systemroot%\system32\EagleNT.dll not found.
Service bc_prt_f stopped successfully!
Service bc_prt_f deleted successfully!
File %systemroot%\system32\commserver.dll not found.
Service zfyexixv stopped successfully!
Service zfyexixv deleted successfully!
File C:\WINDOWS\system32\drivers\zfyexixv.sys not found.
Service yrcgvaqp stopped successfully!
Service yrcgvaqp deleted successfully!
File C:\WINDOWS\system32\drivers\yrcgvaqp.sys not found.
Service xvlboqgf stopped successfully!
Service xvlboqgf deleted successfully!
File C:\WINDOWS\system32\drivers\xvlboqgf.sys not found.
Service trvwhwvl stopped successfully!
Service trvwhwvl deleted successfully!
File C:\WINDOWS\system32\drivers\trvwhwvl.sys not found.
Service ocecyjmz stopped successfully!
Service ocecyjmz deleted successfully!
File C:\WINDOWS\system32\drivers\ocecyjmz.sys not found.
Service jkvaoffu stopped successfully!
Service jkvaoffu deleted successfully!
File C:\WINDOWS\system32\drivers\jkvaoffu.sys not found.
Service hjvrrnwn stopped successfully!
Service hjvrrnwn deleted successfully!
File C:\WINDOWS\system32\drivers\hjvrrnwn.sys not found.
Service cnoskfrw stopped successfully!
Service cnoskfrw deleted successfully!
File C:\WINDOWS\system32\drivers\cnoskfrw.sys not found.
Service ajdrsshx stopped successfully!
Service ajdrsshx deleted successfully!
File C:\WINDOWS\system32\drivers\ajdrsshx.sys not found.
Service 76911209 stopped successfully!
Service 76911209 deleted successfully!
Registry value HKEY_USERS\S-1-5-21-839522115-2139871995-682003330-1189\Software\Microsoft\Windows\CurrentVersion\Run\\bcbbcacadfdct deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\intelUsb3Sevices\ deleted successfully.
C:\WINDOWS\system32\usbniw32.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3893326-4930-11dd-9394-0011432f37ca}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3893326-4930-11dd-9394-0011432f37ca}\ not found.
File WD_Windows_Tools\Setup.exe not found.
jukebox3 removed from NetSvcs value successfully!
pvservice removed from NetSvcs value successfully!
slapd-data52 removed from NetSvcs value successfully!
tgsrvc_smartagent removed from NetSvcs value successfully!
lxcccustomerconnect removed from NetSvcs value successfully!
bc_prt_f removed from NetSvcs value successfully!
wmp54gsvc removed from NetSvcs value successfully!
streamip removed from NetSvcs value successfully!
DivisCTS removed from NetSvcs value successfully!
proxyhostdriver removed from NetSvcs value successfully!
cdrbsvsd removed from NetSvcs value successfully!
EpmPsd removed from NetSvcs value successfully!
PciBus removed from NetSvcs value successfully!
File C:\WINDOWS\System32\usbniw32.dll not found.
C:\Documents and Settings\All Users\Application Data\-SzGd3Pt2eaVMXy moved successfully.
C:\Documents and Settings\All Users\Application Data\SzGd3Pt2eaVMXy moved successfully.
C:\WINDOWS\system32\dds_trash_log.cmd moved successfully.
C:\Documents and Settings\All Users\Application Data\-SzGd3Pt2eaVMXyr moved successfully.
File C:\WINDOWS\System32\usbniw32.dll not found.
File C:\Documents and Settings\All Users\Application Data\-SzGd3Pt2eaVMXyr not found.
File C:\Documents and Settings\All Users\Application Data\-SzGd3Pt2eaVMXy not found.
File C:\Documents and Settings\All Users\Application Data\SzGd3Pt2eaVMXy not found.
File C:\WINDOWS\System32\dds_trash_log.cmd not found.
C:\Documents and Settings\chrisb\Local Settings\Application Data\e4y1vip1181 moved successfully.
C:\Documents and Settings\All Users\Application Data\e4y1vip1181 moved successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\hosts
C:\Documents and Settings\chrisb\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\chrisb\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\chrisb\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\chrisb\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Unable to start System Restore Service. Error code 1056

[EMPTYFLASH]

User: Administrator

User: Administrator.PERLMAN-AZ
->Flash cache emptied: 456 bytes

User: All Users

User: chrisb
->Flash cache emptied: 5276219 bytes

User: Default User
->Flash cache emptied: 56543 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 23792 bytes

Total Flash Files Cleaned = 5.00 mb


[EMPTYJAVA]

User: Administrator

User: Administrator.PERLMAN-AZ

User: All Users

User: chrisb
->Java cache emptied: 64291195 bytes

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 61.00 mb


OTL by OldTimer - Version 3.2.42.3 log created on 05142012_182336

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:38 PM

Posted 15 May 2012 - 01:34 AM

Hi carb18!

No worries on the delay.

Great! Thanks for posting that OTL fix file.

Lets give this tool a try and see where we stand then.

Please Note: ComboFix is going to ask you whether or not you want to download the Recovery Console to your computer. Since you don't have the ability to connect to the internet right now, you won't be able install it to your computer.

Please proceed with running through the ComboFix scan anyways.

Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now


-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 carb18

carb18
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 15 May 2012 - 02:03 PM

Thanks ST. Here is the log!


ComboFix 12-05-15.04 - chrisb 05/15/2012 10:58:48.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1650 [GMT -7:00]
Running from: c:\documents and settings\chrisb\Desktop\ComboFix.exe
AV: Norman Endpoint Protection *Disabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
* Resident AV is active
.
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\2831108256
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\chrisb\Local Settings\Temporary Internet Files\5y7c4dA.jpg
c:\documents and settings\chrisb\Local Settings\Temporary Internet Files\V1nTIRX.jpg
c:\documents and settings\chrisb\Local Settings\Temporary Internet Files\V30c1i.jpg
c:\documents and settings\chrisb\Local Settings\Temporary Internet Files\xo1bpCUI.jpg
C:\drvrtmp
c:\windows\$NtUninstallKB59771$
c:\windows\$NtUninstallKB59771$\1561834604\@
c:\windows\$NtUninstallKB59771$\1561834604\cfg.ini
c:\windows\$NtUninstallKB59771$\1561834604\Desktop.ini
c:\windows\$NtUninstallKB59771$\1561834604\L\qaiifcwi
c:\windows\$NtUninstallKB59771$\1561834604\U\00000001.@
c:\windows\$NtUninstallKB59771$\1561834604\U\00000002.@
c:\windows\$NtUninstallKB59771$\1561834604\U\00000004.@
c:\windows\$NtUninstallKB59771$\1561834604\U\80000000.@
c:\windows\$NtUninstallKB59771$\1561834604\U\80000004.@
c:\windows\$NtUninstallKB59771$\1561834604\U\80000032.@
c:\windows\$NtUninstallKB59771$\1561834604\version
c:\windows\$NtUninstallKB59771$\3871501418
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-11 15:54 . 2012-05-11 15:54 -------- d-----w- C:\_OTL
2012-05-08 01:04 . 2012-05-08 01:06 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-05-08 01:04 . 2012-05-08 01:04 -------- d-----w- c:\program files\Tweaking.com
2012-05-07 20:46 . 2012-05-07 20:46 -------- d-----w- C:\ExtraReggies
2012-05-07 19:05 . 2008-04-13 19:19 138112 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-05-07 19:05 . 2008-04-13 19:19 138112 ---ha-w- c:\windows\system32\drivers\afd.sys
2012-05-07 17:54 . 2012-05-08 01:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-24 23:44 . 2012-04-24 23:44 711240 ----a-w- c:\windows\is-47ER6.exe
2012-04-24 18:46 . 2012-04-24 23:33 -------- d-----w- C:\ec5784095c72270dafd27ea24b
2012-04-24 18:21 . 2012-04-24 18:21 -------- d--h--w- c:\windows\PIF
2012-04-24 15:55 . 2012-04-24 15:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-12 01:13 . 2012-04-12 01:13 62808 ----a-r- c:\documents and settings\chrisb\Application Data\Microsoft\Installer\{8965F790-8196-4487-B244-3FC52B503A52}\ARPPRODUCTICON.exe
2012-03-22 02:41 . 2011-06-10 00:08 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 01:01 . 2012-03-14 01:01 62808 ----a-r- c:\documents and settings\chrisb\Application Data\Microsoft\Installer\{5AC56732-74A1-4B1A-82B1-5AC8FFC0E789}\ARPPRODUCTICON.exe
2012-02-23 17:18 . 2011-09-15 16:20 237072 ---h--w- c:\windows\system32\MpSigStub.exe
2012-03-21 22:52 . 2011-03-23 18:36 97208 ---ha-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[7] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[7] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[7] 2004-08-04 10:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\es.dll
.
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[7] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
.
[-] 2011-10-03 . 1240A6B7B470BED0AA6C9FEC7AB0EA26 . 5972992 . . [8.00.6001.23250] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
[-] 2011-09-05 . 56A67300C652CDF66E575B707F8B9397 . 3615744 . . [7.00.6000.17104] . . c:\windows\system32\mshtml.dll
[-] 2011-09-05 . 56A67300C652CDF66E575B707F8B9397 . 3615744 . . [7.00.6000.17104] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2011-08-18 . 06B74A61A6D689DB2F8D2DA56194EDCF . 3617792 . . [7.00.6000.21306] . . c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\mshtml.dll
[-] 2011-07-25 . BCE7CCEBAD6C8955D2B4C3B246BD0E57 . 5971456 . . [8.00.6001.23216] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
[-] 2011-05-30 . D0B1DB576941CB0B6669B8752FFAC79A . 5967360 . . [8.00.6001.23181] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . 3422847AA07E37076A87D0B7D5044DC6 . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll
[-] 2010-12-20 . 2A2C070EC691CE410533A1DA7AA3CD86 . 5962240 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
[-] 2010-11-06 . 864E69F32656A7121444BA0193D7B64B . 5960704 . . [8.00.6001.23091] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
[-] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-05-04 . F247F7AC6713066D4C71721BDC73FC2E . 3600384 . . [7.00.6000.17063] . . c:\windows\ie7updates\KB2586448-IE7\mshtml.dll
[-] 2010-05-04 . C466BDCDFAE6F6EFD618F34BA90B1923 . 3603456 . . [7.00.6000.21264] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtml.dll
[-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB982381-IE7\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll
[-] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
[-] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll
[-] 2009-10-21 . E6453EE08B283419171889786D057A75 . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
[-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
[-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie7\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-03-02 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[7] 2007-08-14 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2006-03-23 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[-] 2006-03-23 . DEAA438EA31095E14A196FF647E38D13 . 3053568 . . [6.00.2900.2873] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
.
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[7] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
.
[-] 2011-08-22 . 19630AEBBFAEB06984CAB91848270AAF . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
[-] 2011-08-17 . 3688E2BBE543CC753809E462C3553188 . 832512 . . [7.00.6000.17103] . . c:\windows\system32\wininet.dll
[-] 2011-08-17 . 3688E2BBE543CC753809E462C3553188 . 832512 . . [7.00.6000.17103] . . c:\windows\system32\dllcache\wininet.dll
[-] 2011-08-17 . 6E388A1A8AA9EF62E6252530549940C1 . 841216 . . [7.00.6000.21306] . . c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\wininet.dll
[-] 2011-06-23 . 509CF67AE762A38E23A5455A0053853C . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[-] 2011-04-25 . 7F4F1697001B9E9A7924D219DC215903 . 919552 . . [8.00.6001.23165] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . A9FA95F0D7F511959AC721E4843E5967 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[-] 2010-12-20 . 5504B4ECCE892EB82CD2C5FA71940AC1 . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . 9357C4249F4810FB0E49C13387A8A77C . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[-] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-05-04 . 83306356DE710DA87ED91A6AF6233214 . 832512 . . [7.00.6000.17055] . . c:\windows\ie7updates\KB2586448-IE7\wininet.dll
[-] 2010-05-04 . 506B3DCB9C26070072E3047C6910F844 . 841216 . . [7.00.6000.21256] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\wininet.dll
[-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2010-01-05 . 21E7890F1EC89BEF0AF7C08D730AE317 . 832512 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB982381-IE7\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 7C599DEC022BEF6E3C9F4DB4FC164E8B . 832512 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\wininet.dll
[-] 2009-10-29 . CA5CB4F174592090FBECFEAD9B51BB90 . 841216 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
[-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976325-IE7\wininet.dll
[-] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll
[-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ie7\wininet.dll
[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2007-08-14 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-03-04 . 1C0979C7A489BEE573CD0BF4AD94BB06 . 658432 . . [6.00.2900.2861] . . c:\windows\$NtServicePackUninstall$\wininet.dll
.
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[7] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[7] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[7] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2004-08-04 10:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[-] 2010-12-10 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-27 . 49E936E1398D1A536E84CD5D068F0F09 . 2024448 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 8206B5F94A6A9450E934029420C1693F . 2023936 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2005-03-30 . 02FE8020C3A758FE2A8C45CBF4FD17CB . 2015232 . . [5.1.2600.2643] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-04-27 . 466A3E1239F4A9428797730E81A7A865 . 2146304 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . F6F8245B3A2E9CA834DD318E7AE0C6D0 . 2145280 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2005-03-30 . D5B44CEB743886F36222928CE2536C44 . 2135552 . . [5.1.2600.2643] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-19 68856]
"Akamai NetSession Interface"="c:\documents and settings\chrisb\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-04-12 980832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-13 5931008]
"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2011-05-18 341344]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\chrisb\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-2139871995-682003330-1119\Scripts\Logon\0\0]
"Script"=FontCopy.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-2139871995-682003330-1178\Scripts\Logon\0\0]
"Script"=FontCopy.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-2139871995-682003330-1189\Scripts\Logon\0\0]
"Script"=FontCopy.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-2139871995-682003330-1215\Scripts\Logon\0\0]
"Script"=FontCopy.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2868:TCP"= 2868:TCP:Norman
"2868:UDP"= 2868:UDP:Norman
.
R0 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [1/11/2010 9:23 AM 31632]
R1 NGS;Norman General Security Driver;c:\program files\Norman\ngs\bin\ngs.sys [1/11/2010 9:23 AM 26744]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [11/1/2011 10:12 AM 116608]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [4/12/2012 10:31 AM 784792]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [2/8/2004 8:02 AM 118784]
R2 AsfAlrt;AsfAlrt;c:\windows\system32\drivers\Asfalrt.sys [12/18/2002 4:31 AM 36064]
R2 Ndiskio;Ndiskio;c:\program files\Norman\nse\bin\ndiskio.sys [1/11/2010 9:23 AM 22880]
R2 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe [1/11/2010 9:23 AM 100336]
R3 NNetSec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [1/11/2010 9:23 AM 50576]
R3 NNetSecC;Norman Network Filter NDIS common driver;c:\program files\Norman\ngs\bin\nnetsecc.sys [11/23/2010 12:50 PM 29968]
R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\nse\bin\nsesvc.exe [6/9/2011 2:46 PM 288072]
R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\nvcoas.exe [8/5/2010 7:26 PM 196608]
R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [1/11/2010 9:23 AM 99312]
S1 MpKsl40566bda;MpKsl40566bda;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE3C4DDB-C80A-4C5E-8E11-DB4572F8FF15}\MpKsl40566bda.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE3C4DDB-C80A-4C5E-8E11-DB4572F8FF15}\MpKsl40566bda.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/12/2010 9:33 AM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/12/2010 9:33 AM 135664]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 3:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-14 03:10]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 16:33]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 16:33]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2139871995-682003330-1189Core.job
- c:\documents and settings\chrisb\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-28 20:53]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2139871995-682003330-1189UA.job
- c:\documents and settings\chrisb\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-28 20:53]
.
2010-04-22 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-10-08 20:49]
.
2010-06-03 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-05-21 17:49]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} - hxxps://server6:4343/SMB/console/html/root/AtxEnc.cab
FF - ProfilePath - c:\documents and settings\chrisb\Application Data\Mozilla\Firefox\Profiles\rrhabrjs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p=
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
Notify-intelUsb3Sevices - usbniw32.dll
SafeBoot-29311494.sys
AddRemove-OpenStudio_is1 - c:\program files\Google\Google SketchUp 6\Plugins\OpenStudio\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-15 11:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-839522115-2139871995-682003330-1189\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3160)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Norman\Npm\Bin\elogsvc.exe
c:\program files\Norman\Npm\Bin\Zanda.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Norman\Npm\Bin\Njeeves.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Norman\Nvc\Bin\cclaw.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-05-15 11:34:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-15 18:34
.
Pre-Run: 17,544,155,136 bytes free
Post-Run: 25,390,325,760 bytes free
.
- - End Of File - - 21B2122F1A6297439030DE72611FEBF1

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:38 PM

Posted 16 May 2012 - 12:47 AM

Hi carb18!

Thanks for posting that log file!

I need to have you run this tool for me:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 carb18

carb18
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 16 May 2012 - 02:07 PM

Hey ST.

I should've probably mentioned this but I have had my LAN cable unplugged this whole time. I wanted to make sure that my computer was no longer infected before I reconnected to the internet. Let me know if/when you would like me to plug it back in. Thanks again!

Here is the log.


MiniToolBox by Farbar Version: 18-01-2012
Ran by chrisb (administrator) on 16-05-2012 at 10:10:54
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Intel® PRO/1000 MTW Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : perlman-026

Primary Dns Suffix . . . . . . . : perlman-az.com

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/1000 MTW Network Connection

Physical Address. . . . . . . . . : 00-11-43-2F-37-CA

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging »˛ with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for :

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 43 2f 37 ca ...... Intel® PRO/1000 MTW Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================


========================= Event log errors: ===============================

Application errors:
==================
Error: (05/16/2012 09:32:25 AM) (Source: Application Error) (User: )
Description: Faulting application nip.exe, version 1.2.0.30, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.
Processing media-specific event for [nip.exe!ws!]

Error: (05/16/2012 09:29:59 AM) (Source: UserInit) (User: )
Description: Could not execute the following script FontCopy.bat. The system cannot find the file specified.
.

Error: (05/16/2012 09:29:58 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The network location cannot be reached. For information about network troubleshooting, see Windows Help. ). Group Policy processing aborted.

Error: (05/16/2012 09:29:33 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x800704cf). The network location cannot be reached. For information about network troubleshooting, see Windows Help.
Enrollment will not be performed.

Error: (05/16/2012 09:29:33 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The network location cannot be reached. For information about network troubleshooting, see Windows Help. ). Group Policy processing aborted.

Error: (05/16/2012 09:29:24 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10044)

Error: (05/15/2012 06:10:25 PM) (Source: NormanNPT) (User: )
Description: Norman Message [2012/05/15 18:10:25]
--------------------------------------------------------
Application: Norman Internet Update
Node address: 00000000:000000000000
--------------------------------------------------------

Error message: No available Internet Update validation server.

Error: (05/15/2012 06:10:25 PM) (Source: NormanNPT) (User: )
Description: Event message [2012/05/15 18:10:25]
--------------------------------------------------------
Application: Internet update
Node address: 00000000:000000000000
--------------------------------------------------------

Error: No available Internet Update validation server.

Error: (05/15/2012 06:10:25 PM) (Source: NormanNPT) (User: )
Description: Norman Message [2012/05/15 18:10:25]
--------------------------------------------------------
Application: Norman Internet Update
Node address: 00000000:000000000000
--------------------------------------------------------

Error message:

Error: (05/15/2012 06:10:25 PM) (Source: NormanNPT) (User: )
Description: Event message [2012/05/15 18:10:25]
--------------------------------------------------------
Application: Internet update
Node address: 00000000:000000000000
--------------------------------------------------------

Error:


System errors:
=============
Error: (05/16/2012 09:30:52 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
SASKUTIL

Error: (05/16/2012 09:30:52 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
%%10047

Error: (05/16/2012 09:30:52 AM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service terminated with the following error:
%%10044

Error: (05/16/2012 09:30:52 AM) (Source: Service Control Manager) (User: )
Description: The Net Logon service terminated with the following error:
%%10044

Error: (05/16/2012 09:30:52 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error:
%%31

Error: (05/16/2012 09:30:52 AM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error:
%%31

Error: (05/16/2012 09:30:25 AM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (05/16/2012 09:30:01 AM) (Source: DCOM) (User: SYSTEM)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (05/16/2012 09:29:23 AM) (Source: NETLOGON) (User: )
Description: The system returned the following unexpected error code:
%%10044

Error: (05/15/2012 11:22:51 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
SASKUTIL


Microsoft Office Sessions:
=========================
Error: (12/09/2011 01:20:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 116 seconds with 60 seconds of active time. This session ended with a crash.

Error: (08/30/2011 10:01:57 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 59920 seconds with 1140 seconds of active time. This session ended with a crash.

Error: (08/18/2011 09:45:58 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/18/2011 04:18:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 26906 seconds with 720 seconds of active time. This session ended with a crash.

Error: (05/05/2010 11:21:02 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5622 seconds with 180 seconds of active time. This session ended with a crash.

Error: (10/07/2009 09:21:59 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 81740 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/07/2009 09:21:59 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 82568 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/07/2009 09:21:59 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 82741 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/07/2009 09:21:59 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 83039 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/07/2009 09:21:59 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 83535 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Add or Remove Adobe Creative Suite 3 Master Collection (Version: 1.0)
Adobe Acrobat 8 Standard (Version: 8.1.2)
Adobe Acrobat 8.1.2 Standard (Version: 8.1.2)
Adobe After Effects CS3 Presets (Version: 8)
Adobe AIR (Version: 2.5.0.16600)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge 1.0 (Version: 001.000.004)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Creative Suite 2
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Dreamweaver CS3 (Version: 9)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash CS3 (Version: 9.0)
Adobe Flash Player 11 Plugin (Version: 11.1.102.63)
Adobe Fonts All (Version: 1.0)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS2 (Version: 12.000.000)
Adobe InDesign CS2 (Version: 004.000.000)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader 9.4.0 (Version: 9.4.0)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.5 (Version: 11.5.1.601)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe SVG Viewer 3.0 (Version: 3.0)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS2 (Version: 2.0.1)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Video Profiles (Version: 1.0)
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP DVA Panels CS3 (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AHV content for Acrobat and Flash (Version: 1)
AirPort (Version: 5.4.2.21)
Akamai NetSession Interface Service
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
AutoCAD Architecture 2008 (Version: 5.5.256.0)
AutoCAD Architecture 2008 SP1 (Version: 1)
AutoCAD Civil 2008 Object Enabler on AutoCAD Architecture 2008 - English (United States) (Version: 17.0.396.0)
AutoCAD MEP 2008 Object Enabler on AutoCAD Architecture 2008 - English (United States) (Version: 5.5.219.0)
Autodesk AliasStudioPLE 2008 (Version: 14.00.0000)
Autodesk Backburner 2008.1 (Version: 2008.1)
Autodesk Design Review 2009 (Version: 9.0.96)
Autodesk Raster Design 2008 Object Enabler on DWG TrueView 2008 - English (United States) (Version: 17.2.221.0)
AviSynth 2.5
BillQuick 2008 (Patch Build 9.0.104) (Version: 9.00.0104.0)
BillQuick 2008 (Patch Build 9.0.97) (Version: 9.00.0097.0)
BillQuick 2008 (Version: 9.00.0087.0)
BillQuick 2011 (Patch Build 12.0.64.0) (Version: 12.00.64.0)
BillQuick 2011 (Patch Build 12.0.66.0) (Version: 12.00.66.0)
BillQuick 2011 (Version: 12.00.50.0)
Bonjour (Version: 3.0.0.10)
Citrix Presentation Server Client - Web Only (Version: 10.200.2650)
COMcheck 3.5.0
COMcheck 3.9.0.2 (Current User)
Crash Analysis Tool (Version: 1.00.0001)
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell ResourceCD
Digital Locker Assistant (Version: 1.80.0004)
DWG TrueView 2008 (Version: 17.1.65.0)
EnergyPlus Version 3.0 (Version: 3.0.0)
ERUNT 1.1j
FileZilla Client 3.3.5.1 (Version: 3.3.5.1)
Google Chrome (Version: 18.0.1025.162)
Google Earth (Version: 6.1.0.5001)
Google SketchUp 6 (Version: 6.4.112)
Google SketchUp 6 Exporters (Version: 6.4.112)
Google SketchUp 7 (Version: 2.1.6860)
Google SketchUp 8 (Version: 3.0.3117)
Google SketchUp LayOut 6 (Version: 1.0.1199)
Google SketchUp Pro 6 (Version: 6.0.01313)
Google Update Helper (Version: 1.3.21.111)
Google Updater (Version: 2.4.2432.1652)
HijackThis 2.0.2 (Version: 2.0.2)
InfraRecorder
Intel ® Pro Alerting Agent (Version: 4.2.5)
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections (Version: 8.00.5000)
IrfanView (remove only)
iTunes (Version: 10.5.0.142)
Java™ 6 Update 15 (Version: 6.0.150)
Lizard Safeguard - PDF Viewer 2.5.83
MetaPrint Client 2.0.9.0 (Version: 2.0.9.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Standard 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6425.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic PowerPacks 1.2 (Version: 9.0.30729)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Web Platform Installer 3.0 (Version: 3.0.5)
MobileMe Control Panel (Version: 2.6.0.29)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
Mozilla Thunderbird (3.1.10) (Version: 3.1.10 (en-US))
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
Norman Endpoint Protection (Version: 7.20.0500)
NVIDIA Drivers
Oc╚ Client Tools
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OverDrive Media Console (Version: 3.2.5)
OziExplorer 3.95
Palette Previewer™
PDF Settings (Version: 1.0)
QBFC 5.0 (Version: 5.0.00203.0)
QuickTime (Version: 7.69.80.9)
Roxio DLA (Version: 5.2.0)
SoundMAX (Version: 5.12.01.7000)
Spring 0.82.6.1 (Version: 0.82.6.1)
Suite Specific (Version: 2.0.0)
Switch Sound File Converter
System Requirements Lab
Technesis SmartSpool (Version: 5.20.000)
Tweaking.com - Windows Repair (All in One) (Version: 1.7.3)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
V-Ray for SketchUp (Version: 1.49.01)
VBA (2627.01) (Version: 6.03.00.9402)
VLC media player 0.9.9 (Version: 0.9.9)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.581 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
YouSendIt Express (Version: 2.11.1)
YouTube Downloader 2.7.2
YouTube Downloader Toolbar v5.4 (Version: 5.4)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 2046.08 MB
Available physical RAM: 1564.07 MB
Total Pagefile: 3938.62 MB
Available Pagefile: 3648.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.02 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.5 GB) (Free:23.66 GB) NTFS
5 Drive f: () (Removable) (Total:0.24 GB) (Free:0.05 GB) FAT

========================= Users: ========================================

User accounts for \\PERLMAN-026

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini042409-01.dmp
C:\WINDOWS\Minidump\Mini050712-01.dmp
C:\WINDOWS\Minidump\Mini062209-01.dmp

**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users