Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC Power Speed System Optimizer infection


  • This topic is locked This topic is locked
24 replies to this topic

#1 lynh

lynh

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 27 May 2012 - 09:57 PM

My husband's XP computer has problems and guess who is tasked with fixing it? The symptoms are constant popups from a program called PC Power Speed System Optimizer that claims to find 300 and some odd threats, and is volunteering to fix them. There are a myriad of programs installed that I doubt he intentionally installed. His network connection tends to disappear. The other really weird thing is that virtually every window, from msgboxes/dialogues to application windows, feature a large graphic icon that is a woman wearing a headset (ala a support person) just to the left of the system controls (i.e. minimize, maximize/restore, close)on the title bar in the upper right hand part of the window. Maybe she has a connection with another of the suspicious (to me anyway) programs on the computer that is called 24X7 Help?

Anyway, the DDS log follows, and the DDS attach log and the ark.txt log with the output from running GMER are attached.

I am eternally and enormously grateful in advance for whatever you can do to help me.

--lyn

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Keith at 18:33:18 on 2012-05-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.168 [GMT -7:00]
.
AV: Outpost Security Suite *Disabled/Updated* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Outpost Security Suite *Enabled*
FW: avast! Antivirus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\24x7Help\App24x7Help.exe
C:\Program Files\SiteRanker\SiteRankTray.exe
C:\Program Files\PCPowerSpeed\PCPowerTray.exe
C:\Program Files\24x7Help\App24x7Svc.exe
C:\Program Files\24x7Help\App24x7Hook.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80114&lng=en
uSearch Bar = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - c:\progra~1\sitera~1\SiteRank.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost security suite free\feedback.exe" /dump:os_startup
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [OutpostMonitor] "c:\progra~1\agnitum\outpos~1\op_mon.exe" /tray /noservice
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [24x7HELP] "c:\program files\24x7help\App24x7Help.exe" /STARTUP
mRun: [SiteRanker] "c:\program files\siteranker\SiteRankTray.exe"
mRun: [PCPowerSpeed] "c:\program files\pcpowerspeed\PCPowerTray.exe" /startup
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\documents and settings\keith\desktop\PartyPoker.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296451797743
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1314306493359
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{002FE72C-D299-43B1-BAA1-2BE751D795F9} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3997565B-E7ED-4EDD-A913-7EB2468DE58F} : DhcpNameServer = 192.168.1.1
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
.
============= SERVICES / DRIVERS ===============
.
R? ASWFilt;ASWFilt
R? DNINDIS5;DNINDIS5 NDIS Protocol Driver
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? VBEngNT;VBEngNT
R? VBFilt;VBFilt
R? WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service
S? 24x7HelpSvc;24x7HelpService
S? acssrv;Agnitum Client Security Service
S? afw;Agnitum firewall driver
S? afwcore;afwcore
S? aswFsBlk;aswFsBlk
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? JSWSCIMD;jswscimd Service
S? mbamchameleon;mbamchameleon
S? SandBox;SandBox
.
=============== Created Last 30 ================
.
2012-05-18 15:57:04 -------- d-----w- c:\documents and settings\keith\application data\PCPowerSpeed
2012-05-18 15:57:03 -------- d-----w- c:\documents and settings\all users\application data\PCPowerSpeed
2012-05-18 15:56:40 -------- d-----w- c:\program files\PCPowerSpeed
2012-05-18 15:56:28 -------- d-----w- c:\documents and settings\keith\application data\SiteRanker
2012-05-18 15:55:56 -------- d-----w- c:\program files\SiteRanker
2012-05-18 15:54:31 -------- d-----w- c:\program files\24x7Help
2012-05-18 15:53:01 -------- d-----w- c:\documents and settings\keith\application data\Inbox Toolbar
2012-05-18 15:52:07 -------- d-----w- c:\program files\Inbox Toolbar
2012-05-18 11:05:57 -------- d-----w- c:\documents and settings\keith\local settings\application data\Apple Computer
2012-05-18 11:04:35 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-18 11:04:35 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-05-18 11:01:42 -------- d-----w- c:\program files\iPod
2012-05-18 11:01:13 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-05-18 11:01:12 -------- d-----w- c:\program files\iTunes
2012-05-18 11:00:11 -------- d-----w- c:\documents and settings\keith\local settings\application data\Apple
2012-05-18 10:56:27 -------- d-----w- c:\program files\Bonjour
2012-05-01 18:02:10 -------- d-----w- c:\program files\Citrix
.
==================== Find3M ====================
.
2012-05-27 19:57:01 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 18:36:08.62 ===============


-----------------------------------------------------------------------------------------------------

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 PM

Posted 29 May 2012 - 12:57 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 lynh

lynh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 29 May 2012 - 02:22 AM

Hello Gringo,

Thank you for your response.

I ran SecurityCheck and it output a brief log showing my Antivirus (Avast) and firewall (Outpost). I did not post the log yet, for reasons you will see below.

After running SecurityCheck, I ran ComboFix. This wanted me to update Recovery console, but the problematic computer can't connect to the Internet. I looked at my Network Connections and couldn't immediately see why, although the properties for the connection have a couple of entries for something called Jumpstart Wireless (one of them is a wireless driver). This looks odd because that computer only has a wired connection to a router for the cable modem. I disabled the connection and re enabled it but it did not connect.

A message box came up informing me that I had no connection and asked to retry. I let it retry but it still could not connect. During this time, the pop ups for the PC Speed thing appeared. Also, the icon for my Outpost firewall (which I had suspended before running ComboFix)disappeared from the system tray and icons for the 24X7help program appeared and another that I don't recall seeing before called Site Ranking something or other.

There is also a dialogue that is presumably from ComboFix titled "Error. Failed to download required files. Shall contintue scanning for malware." There is an OK button. I did not click OK, and in fact I have not done anything else after the disable/enable of the network connection.

The reason I didn't post the SecurityCheck log is because I am running ComboFix off a thumbdrive that I used to download the programs onto from my computer. That same thumbdrive is where the log is and I didn't want to remove the drive and stop ComboFix unless that's what you want me to do.

Can you please let me know how to proceed?

Thanks so much,
--lyn

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 PM

Posted 29 May 2012 - 02:38 AM

go ahead and click the ok button and let combofix complete


after combofix completes see if you can connect and let me know about this when you give me the report


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 lynh

lynh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 30 May 2012 - 01:16 AM

ComboFix completed -- both logs are included below. I was able to connect after ComboFix finished, although the home page of IE looks like it's been hijacked -- this may have also been the case before. There is some funky think that looks like a search engine toolbar called Inbox. I had to shut the computer down in order to get the thumb drive out as safe removal kept complaining that something was accessing the drive, even though no applications were apparently running. Lazy file flushing? Kinda doubt it as the ComboFix log is only 11K. OK, I'm stopping trying to think about this since I have no clue...

Thanks,
Lyn

SecurtyCheck log:

Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
O
u
t
p
o
s
t
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
S
u
i
t
e
ECHO is off.
a
v
a
s
t
!
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.60.1.1000
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 18% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

----------------------------------------

ComboFix log:

ComboFix 12-05-28.05 - Keith 05/29/2012 22:28:50.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.142 [GMT -7:00]
Running from: F:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Outpost Security Suite *Disabled/Updated* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FW: avast! Antivirus *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Outpost Security Suite *Enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Keith\My Documents\~WRL0005.tmp
c:\documents and settings\Keith\My Documents\~WRL0169.tmp
c:\documents and settings\Keith\My Documents\~WRL0380.tmp
c:\documents and settings\Keith\My Documents\~WRL3369.tmp
c:\documents and settings\Keith\My Documents\~WRL3627.tmp
c:\program files\RivalGaming\RiVAlgaming.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
.
.
2012-05-25 03:21 . 2012-05-25 03:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-05-18 15:57 . 2012-05-18 15:57 -------- d-----w- c:\documents and settings\Keith\Application Data\PCPowerSpeed
2012-05-18 15:57 . 2012-05-18 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPowerSpeed
2012-05-18 15:56 . 2012-05-18 15:57 -------- d-----w- c:\program files\PCPowerSpeed
2012-05-18 15:56 . 2012-05-18 15:58 -------- d-----w- c:\documents and settings\Keith\Application Data\SiteRanker
2012-05-18 15:55 . 2012-05-29 06:42 -------- d-----w- c:\program files\SiteRanker
2012-05-18 15:54 . 2012-05-18 15:54 -------- d-----w- c:\program files\24x7Help
2012-05-18 15:53 . 2012-05-18 15:53 -------- d-----w- c:\documents and settings\Keith\Application Data\Inbox Toolbar
2012-05-18 15:52 . 2012-05-18 15:53 -------- d-----w- c:\program files\Inbox Toolbar
2012-05-18 11:05 . 2012-05-18 11:05 -------- d-----w- c:\documents and settings\Keith\Local Settings\Application Data\Apple Computer
2012-05-18 11:05 . 2012-05-18 11:17 -------- d-----w- c:\documents and settings\Keith\Application Data\Apple Computer
2012-05-18 11:04 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-18 11:04 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-05-18 11:01 . 2012-05-18 11:01 -------- d-----w- c:\program files\iPod
2012-05-18 11:01 . 2012-05-18 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-05-18 11:01 . 2012-05-18 11:03 -------- d-----w- c:\program files\iTunes
2012-05-18 11:01 . 2012-05-18 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2012-05-18 11:00 . 2012-05-18 11:00 -------- d-----w- c:\documents and settings\Keith\Local Settings\Application Data\Apple
2012-05-18 10:59 . 2012-05-18 10:59 -------- d-----w- c:\program files\Apple Software Update
2012-05-18 10:58 . 2012-05-18 10:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-05-18 10:58 . 2012-05-18 11:04 -------- dc----w- c:\windows\system32\DRVSTORE
2012-05-18 10:56 . 2012-05-18 10:56 -------- d-----w- c:\program files\Bonjour
2012-05-18 10:55 . 2012-05-18 11:01 -------- d-----w- c:\program files\Common Files\Apple
2012-05-18 10:55 . 2012-05-18 10:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2012-05-01 18:02 . 2012-05-01 18:02 -------- d-----w- c:\program files\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-27 19:57 . 2012-03-03 19:41 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-04-11 13:14 . 2004-08-12 13:25 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-12 13:33 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-01 11:01 . 2004-08-12 13:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-12 13:21 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-12 13:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2012-05-16 04:56 342272 ----a-w- c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2010-12-13 21:15 462984 ----a-w- c:\program files\Agnitum\Outpost Security Suite Free\op_shell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Security Suite Free\feedback.exe" [2010-12-13 513960]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2010-12-13 3014512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"24x7HELP"="c:\program files\24x7Help\App24x7Help.exe" [2012-05-18 1684632]
"SiteRanker"="c:\program files\SiteRanker\SiteRankTray.exe" [2012-05-16 320000]
"PCPowerSpeed"="c:\program files\PCPowerSpeed\PCPowerTray.exe" [2012-03-28 385664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/1/2012 10:35 AM 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/1/2012 10:35 AM 337112]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [1/31/2011 11:10 PM 710696]
R2 24x7HelpSvc;24x7HelpService;c:\program files\24x7Help\App24x7Svc.exe [5/18/2012 8:54 AM 394392]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [1/31/2011 11:09 PM 2067936]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/1/2012 10:35 AM 20696]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [1/31/2011 11:09 PM 34280]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [1/31/2011 11:10 PM 267624]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 5:45 PM 57440]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [1/31/2011 11:10 PM 72352]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 1:10 PM 17149]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [3/3/2012 12:41 PM 24064]
S3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [1/31/2011 11:10 PM 241088]
S3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt.dll [1/31/2011 11:10 PM 36288]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2.sys --> c:\windows\system32\DRIVERS\WN111v2.sys [?]
S4 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S4 gupdatem;Google Update Service (gupdatem);"c:\program files\Google\Update\GoogleUpdate.exe" /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80114&lng=en
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-RivalGaming - c:\program files\RivalGaming\Uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-29 22:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2260)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\24x7Help\App24x7Hook.dll
c:\program files\Agnitum\Outpost Security Suite Free\op_shell.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-05-29 22:40:46
ComboFix-quarantined-files.txt 2012-05-30 05:40
.
Pre-Run: 29,545,930,752 bytes free
Post-Run: 29,506,539,520 bytes free
.
- - End Of File - - 264A2290BEDDC01099A28958E52174C0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 PM

Posted 30 May 2012 - 01:19 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 lynh

lynh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 30 May 2012 - 02:46 AM

Hi Gringo,

THe reports from TDSSKiller and aswMBR follow. Please note that I was not asked to download definitions when running aswMBR. And, when I saved the log file, it also saved a zero length MBR.dat file in the same location as the log file was saved.

Thanks,
Lyn

TDSSKiller report:

00:29:44.0203 3512 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
00:29:44.0859 3512 ============================================================
00:29:44.0859 3512 Current date / time: 2012/05/30 00:29:44.0859
00:29:44.0859 3512 SystemInfo:
00:29:44.0859 3512
00:29:44.0859 3512 OS Version: 5.1.2600 ServicePack: 3.0
00:29:44.0859 3512 Product type: Workstation
00:29:44.0859 3512 ComputerName: WKHENDER
00:29:44.0859 3512 UserName: Keith
00:29:44.0859 3512 Windows directory: C:\WINDOWS
00:29:44.0859 3512 System windows directory: C:\WINDOWS
00:29:44.0859 3512 Processor architecture: Intel x86
00:29:44.0859 3512 Number of processors: 2
00:29:44.0859 3512 Page size: 0x1000
00:29:44.0859 3512 Boot type: Normal boot
00:29:44.0859 3512 ============================================================
00:29:46.0953 3512 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:29:46.0968 3512 Drive \Device\Harddisk1\DR2 - Size: 0x79280000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:29:47.0015 3512 ============================================================
00:29:47.0015 3512 \Device\Harddisk0\DR0:
00:29:47.0015 3512 MBR partitions:
00:29:47.0015 3512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F
00:29:47.0015 3512 \Device\Harddisk1\DR2:
00:29:47.0015 3512 MBR partitions:
00:29:47.0031 3512 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x3C8907
00:29:47.0031 3512 ============================================================
00:29:47.0031 3512 C: <-> \Device\Harddisk0\DR0\Partition0
00:29:47.0031 3512 ============================================================
00:29:47.0031 3512 Initialize success
00:29:47.0031 3512 ============================================================
00:29:58.0234 3964 ============================================================
00:29:58.0234 3964 Scan started
00:29:58.0234 3964 Mode: Manual;
00:29:58.0234 3964 ============================================================
00:29:58.0546 3964 24x7HelpSvc (15e2c150d3bcf498fd4180394776bc98) C:\Program Files\24x7Help\App24x7Svc.exe
00:29:58.0578 3964 24x7HelpSvc - ok
00:29:58.0671 3964 Aavmker4 (fdba5bb4c8171cda00b2233d5389ee5f) C:\WINDOWS\system32\drivers\Aavmker4.sys
00:29:58.0671 3964 Aavmker4 - ok
00:29:58.0687 3964 Abiosdsk - ok
00:29:58.0703 3964 abp480n5 - ok
00:29:58.0765 3964 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:29:58.0765 3964 ACPI - ok
00:29:58.0796 3964 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:29:58.0812 3964 ACPIEC - ok
00:29:58.0859 3964 ACS (8cddbfcdac7226fe0202c7338107725b) C:\WINDOWS\system32\acs.exe
00:29:58.0890 3964 ACS - ok
00:29:59.0046 3964 acssrv (4b7b8dd6aab4dd6ed1624bd027aae598) C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
00:29:59.0140 3964 acssrv - ok
00:29:59.0203 3964 adpu160m - ok
00:29:59.0250 3964 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:29:59.0265 3964 aec - ok
00:29:59.0312 3964 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:29:59.0312 3964 AFD - ok
00:29:59.0359 3964 afw (14ba5ca5d11771ce8e8b6cc6830a2436) C:\WINDOWS\system32\DRIVERS\afw.sys
00:29:59.0359 3964 afw - ok
00:29:59.0390 3964 afwcore (1f3d61965a9bd278a205d3062176e45c) C:\WINDOWS\system32\drivers\afwcore.sys
00:29:59.0406 3964 afwcore - ok
00:29:59.0421 3964 Aha154x - ok
00:29:59.0453 3964 aic78u2 - ok
00:29:59.0468 3964 aic78xx - ok
00:29:59.0515 3964 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
00:29:59.0515 3964 Alerter - ok
00:29:59.0546 3964 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
00:29:59.0546 3964 ALG - ok
00:29:59.0562 3964 AliIde - ok
00:29:59.0578 3964 amsint - ok
00:29:59.0703 3964 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:29:59.0703 3964 Apple Mobile Device - ok
00:29:59.0750 3964 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
00:29:59.0750 3964 AppMgmt - ok
00:29:59.0765 3964 asc - ok
00:29:59.0796 3964 asc3350p - ok
00:29:59.0812 3964 asc3550 - ok
00:29:59.0890 3964 ASWFilt (1ac23aedb2f90e80b8ee4c7c327bec94) C:\WINDOWS\system32\Filt\ASWFilt.dll
00:29:59.0906 3964 ASWFilt - ok
00:29:59.0953 3964 aswFsBlk (581b82df5dbcc1dda6b775fac0d92472) C:\WINDOWS\system32\drivers\aswFsBlk.sys
00:29:59.0953 3964 aswFsBlk - ok
00:29:59.0968 3964 aswMon2 (4310e0977b48ec9bc5cca6931f806e6d) C:\WINDOWS\system32\drivers\aswMon2.sys
00:29:59.0968 3964 aswMon2 - ok
00:30:00.0000 3964 aswRdr (0b44ee90b3db93582b260a80b28b7ffd) C:\WINDOWS\system32\drivers\aswRdr.sys
00:30:00.0015 3964 aswRdr - ok
00:30:00.0078 3964 aswSnx (ca9601cd277a1e510b80422a40240a95) C:\WINDOWS\system32\drivers\aswSnx.sys
00:30:00.0109 3964 aswSnx - ok
00:30:00.0156 3964 aswSP (05ea22dde5ca7ee3a865046aff2f0229) C:\WINDOWS\system32\drivers\aswSP.sys
00:30:00.0187 3964 aswSP - ok
00:30:00.0218 3964 aswTdi (3ac73a9e7378848d1bde174b4bb39212) C:\WINDOWS\system32\drivers\aswTdi.sys
00:30:00.0234 3964 aswTdi - ok
00:30:00.0265 3964 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:30:00.0265 3964 AsyncMac - ok
00:30:00.0296 3964 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:30:00.0296 3964 atapi - ok
00:30:00.0312 3964 Atdisk - ok
00:30:00.0375 3964 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:30:00.0375 3964 Atmarpc - ok
00:30:00.0421 3964 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
00:30:00.0421 3964 AudioSrv - ok
00:30:00.0453 3964 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:30:00.0453 3964 audstub - ok
00:30:00.0546 3964 avast! Antivirus (a45aa986d9490a4e5b87563d9cd7b175) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
00:30:00.0546 3964 avast! Antivirus - ok
00:30:00.0562 3964 avast! Firewall - ok
00:30:00.0609 3964 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:30:00.0609 3964 Beep - ok
00:30:00.0671 3964 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
00:30:00.0687 3964 BITS - ok
00:30:00.0765 3964 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
00:30:00.0781 3964 Bonjour Service - ok
00:30:00.0828 3964 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
00:30:00.0828 3964 Browser - ok
00:30:00.0921 3964 catchme - ok
00:30:00.0968 3964 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:30:00.0968 3964 cbidf2k - ok
00:30:00.0984 3964 cd20xrnt - ok
00:30:01.0031 3964 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:30:01.0046 3964 Cdaudio - ok
00:30:01.0062 3964 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:30:01.0062 3964 Cdfs - ok
00:30:01.0109 3964 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:30:01.0109 3964 Cdrom - ok
00:30:01.0125 3964 Changer - ok
00:30:01.0171 3964 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
00:30:01.0187 3964 CiSvc - ok
00:30:01.0203 3964 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
00:30:01.0218 3964 ClipSrv - ok
00:30:01.0234 3964 CmdIde - ok
00:30:01.0265 3964 COMSysApp - ok
00:30:01.0312 3964 Cpqarray - ok
00:30:01.0343 3964 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
00:30:01.0343 3964 CryptSvc - ok
00:30:01.0359 3964 dac2w2k - ok
00:30:01.0390 3964 dac960nt - ok
00:30:01.0437 3964 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
00:30:01.0468 3964 DcomLaunch - ok
00:30:01.0515 3964 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
00:30:01.0515 3964 Dhcp - ok
00:30:01.0531 3964 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:30:01.0546 3964 Disk - ok
00:30:01.0562 3964 dmadmin - ok
00:30:01.0640 3964 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:30:01.0671 3964 dmboot - ok
00:30:01.0703 3964 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:30:01.0718 3964 dmio - ok
00:30:01.0750 3964 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:30:01.0765 3964 dmload - ok
00:30:01.0796 3964 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
00:30:01.0796 3964 dmserver - ok
00:30:01.0828 3964 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:30:01.0828 3964 DMusic - ok
00:30:01.0875 3964 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
00:30:01.0875 3964 DNINDIS5 - ok
00:30:01.0921 3964 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
00:30:01.0937 3964 Dnscache - ok
00:30:02.0000 3964 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
00:30:02.0015 3964 Dot3svc - ok
00:30:02.0031 3964 dpti2o - ok
00:30:02.0078 3964 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:30:02.0078 3964 drmkaud - ok
00:30:02.0125 3964 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:30:02.0125 3964 E100B - ok
00:30:02.0156 3964 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
00:30:02.0171 3964 EapHost - ok
00:30:02.0218 3964 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
00:30:02.0234 3964 ERSvc - ok
00:30:02.0265 3964 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:30:02.0281 3964 Eventlog - ok
00:30:02.0328 3964 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
00:30:02.0343 3964 EventSystem - ok
00:30:02.0375 3964 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:30:02.0375 3964 Fastfat - ok
00:30:02.0406 3964 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:30:02.0421 3964 FastUserSwitchingCompatibility - ok
00:30:02.0453 3964 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:30:02.0453 3964 Fdc - ok
00:30:02.0468 3964 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:30:02.0484 3964 Fips - ok
00:30:02.0515 3964 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:30:02.0515 3964 Flpydisk - ok
00:30:02.0546 3964 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:30:02.0546 3964 FltMgr - ok
00:30:02.0593 3964 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:30:02.0593 3964 Fs_Rec - ok
00:30:02.0625 3964 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:30:02.0640 3964 Ftdisk - ok
00:30:02.0671 3964 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:30:02.0687 3964 GEARAspiWDM - ok
00:30:02.0718 3964 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:30:02.0718 3964 Gpc - ok
00:30:02.0750 3964 gupdate - ok
00:30:02.0781 3964 gupdatem - ok
00:30:02.0843 3964 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:30:02.0843 3964 helpsvc - ok
00:30:02.0859 3964 HidServ - ok
00:30:02.0890 3964 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:30:02.0890 3964 hidusb - ok
00:30:02.0921 3964 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
00:30:02.0921 3964 hkmsvc - ok
00:30:02.0937 3964 hpn - ok
00:30:03.0000 3964 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:30:03.0000 3964 HTTP - ok
00:30:03.0031 3964 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
00:30:03.0046 3964 HTTPFilter - ok
00:30:03.0062 3964 i2omgmt - ok
00:30:03.0093 3964 i2omp - ok
00:30:03.0125 3964 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:30:03.0125 3964 i8042prt - ok
00:30:03.0171 3964 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:30:03.0171 3964 Imapi - ok
00:30:03.0218 3964 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
00:30:03.0234 3964 ImapiService - ok
00:30:03.0265 3964 ini910u - ok
00:30:03.0375 3964 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
00:30:03.0406 3964 IntelC51 - ok
00:30:03.0468 3964 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
00:30:03.0484 3964 IntelC52 - ok
00:30:03.0515 3964 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
00:30:03.0531 3964 IntelC53 - ok
00:30:03.0562 3964 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:30:03.0562 3964 IntelIde - ok
00:30:03.0593 3964 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:30:03.0593 3964 intelppm - ok
00:30:03.0625 3964 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:30:03.0625 3964 Ip6Fw - ok
00:30:03.0656 3964 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:30:03.0656 3964 IpFilterDriver - ok
00:30:03.0671 3964 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:30:03.0671 3964 IpInIp - ok
00:30:03.0718 3964 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:30:03.0718 3964 IpNat - ok
00:30:03.0828 3964 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
00:30:03.0843 3964 iPod Service - ok
00:30:03.0875 3964 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:30:03.0890 3964 IPSec - ok
00:30:03.0906 3964 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:30:03.0921 3964 IRENUM - ok
00:30:03.0953 3964 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:30:03.0968 3964 isapnp - ok
00:30:04.0000 3964 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
00:30:04.0000 3964 JSWSCIMD - ok
00:30:04.0031 3964 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:30:04.0031 3964 Kbdclass - ok
00:30:04.0078 3964 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:30:04.0093 3964 kmixer - ok
00:30:04.0125 3964 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:30:04.0125 3964 KSecDD - ok
00:30:04.0171 3964 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
00:30:04.0203 3964 lanmanserver - ok
00:30:04.0250 3964 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
00:30:04.0265 3964 lanmanworkstation - ok
00:30:04.0281 3964 lbrtfdc - ok
00:30:04.0328 3964 LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
00:30:04.0328 3964 LHidFlt2 - ok
00:30:04.0375 3964 LHidUsb (ffb851b1b2f6596b7d3182b977a85206) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
00:30:04.0375 3964 LHidUsb - ok
00:30:04.0421 3964 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
00:30:04.0421 3964 LmHosts - ok
00:30:04.0437 3964 LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
00:30:04.0468 3964 LMouFlt2 - ok
00:30:04.0500 3964 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys
00:30:04.0515 3964 mbamchameleon - ok
00:30:04.0546 3964 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
00:30:04.0546 3964 Messenger - ok
00:30:04.0578 3964 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:30:04.0578 3964 mnmdd - ok
00:30:04.0625 3964 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
00:30:04.0625 3964 mnmsrvc - ok
00:30:04.0671 3964 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:30:04.0671 3964 Modem - ok
00:30:04.0703 3964 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
00:30:04.0718 3964 MODEMCSA - ok
00:30:04.0750 3964 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
00:30:04.0765 3964 mohfilt - ok
00:30:04.0796 3964 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:30:04.0796 3964 Mouclass - ok
00:30:04.0828 3964 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:30:04.0828 3964 mouhid - ok
00:30:04.0859 3964 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:30:04.0875 3964 MountMgr - ok
00:30:04.0875 3964 mraid35x - ok
00:30:04.0921 3964 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:30:04.0921 3964 MRxDAV - ok
00:30:04.0984 3964 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:30:05.0000 3964 MRxSmb - ok
00:30:05.0046 3964 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
00:30:05.0062 3964 MSDTC - ok
00:30:05.0078 3964 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:30:05.0093 3964 Msfs - ok
00:30:05.0109 3964 MSIServer - ok
00:30:05.0171 3964 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:30:05.0171 3964 MSKSSRV - ok
00:30:05.0203 3964 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:30:05.0203 3964 MSPCLOCK - ok
00:30:05.0234 3964 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:30:05.0234 3964 mssmbios - ok
00:30:05.0281 3964 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
00:30:05.0281 3964 ms_mpu401 - ok
00:30:05.0328 3964 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:30:05.0328 3964 Mup - ok
00:30:05.0375 3964 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
00:30:05.0390 3964 napagent - ok
00:30:05.0437 3964 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:30:05.0453 3964 NDIS - ok
00:30:05.0484 3964 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:30:05.0484 3964 NdisTapi - ok
00:30:05.0531 3964 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:30:05.0531 3964 Ndisuio - ok
00:30:05.0562 3964 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:30:05.0578 3964 NdisWan - ok
00:30:05.0593 3964 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:30:05.0625 3964 NDProxy - ok
00:30:05.0640 3964 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:30:05.0640 3964 NetBIOS - ok
00:30:05.0671 3964 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:30:05.0671 3964 NetBT - ok
00:30:05.0734 3964 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:30:05.0750 3964 NetDDE - ok
00:30:05.0765 3964 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:30:05.0781 3964 NetDDEdsdm - ok
00:30:05.0828 3964 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:30:05.0828 3964 Netlogon - ok
00:30:05.0875 3964 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
00:30:05.0890 3964 Netman - ok
00:30:05.0937 3964 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
00:30:05.0953 3964 Nla - ok
00:30:05.0984 3964 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:30:06.0000 3964 Npfs - ok
00:30:06.0062 3964 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:30:06.0109 3964 Ntfs - ok
00:30:06.0125 3964 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:30:06.0140 3964 NtLmSsp - ok
00:30:06.0187 3964 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
00:30:06.0218 3964 NtmsSvc - ok
00:30:06.0250 3964 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:30:06.0265 3964 Null - ok
00:30:06.0296 3964 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:30:06.0296 3964 NwlnkFlt - ok
00:30:06.0312 3964 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:30:06.0312 3964 NwlnkFwd - ok
00:30:06.0359 3964 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:30:06.0375 3964 Parport - ok
00:30:06.0390 3964 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:30:06.0390 3964 PartMgr - ok
00:30:06.0437 3964 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:30:06.0437 3964 ParVdm - ok
00:30:06.0453 3964 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:30:06.0468 3964 PCI - ok
00:30:06.0468 3964 PCIDump - ok
00:30:06.0500 3964 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
00:30:06.0500 3964 PCIIde - ok
00:30:06.0546 3964 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:30:06.0546 3964 Pcmcia - ok
00:30:06.0562 3964 PDCOMP - ok
00:30:06.0593 3964 PDFRAME - ok
00:30:06.0609 3964 PDRELI - ok
00:30:06.0640 3964 PDRFRAME - ok
00:30:06.0671 3964 perc2 - ok
00:30:06.0687 3964 perc2hib - ok
00:30:06.0796 3964 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:30:06.0796 3964 PlugPlay - ok
00:30:06.0812 3964 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:30:06.0828 3964 PolicyAgent - ok
00:30:06.0859 3964 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:30:06.0875 3964 PptpMiniport - ok
00:30:06.0875 3964 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:30:06.0890 3964 ProtectedStorage - ok
00:30:06.0906 3964 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:30:06.0921 3964 PSched - ok
00:30:06.0968 3964 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:30:06.0968 3964 Ptilink - ok
00:30:06.0984 3964 ql1080 - ok
00:30:07.0015 3964 Ql10wnt - ok
00:30:07.0031 3964 ql12160 - ok
00:30:07.0062 3964 ql1240 - ok
00:30:07.0078 3964 ql1280 - ok
00:30:07.0109 3964 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:30:07.0109 3964 RasAcd - ok
00:30:07.0156 3964 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
00:30:07.0187 3964 RasAuto - ok
00:30:07.0218 3964 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:30:07.0218 3964 Rasl2tp - ok
00:30:07.0281 3964 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
00:30:07.0296 3964 RasMan - ok
00:30:07.0312 3964 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:30:07.0328 3964 RasPppoe - ok
00:30:07.0343 3964 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:30:07.0359 3964 Raspti - ok
00:30:07.0375 3964 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:30:07.0390 3964 Rdbss - ok
00:30:07.0421 3964 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:30:07.0421 3964 RDPCDD - ok
00:30:07.0468 3964 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:30:07.0468 3964 rdpdr - ok
00:30:07.0531 3964 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
00:30:07.0562 3964 RDPWD - ok
00:30:07.0625 3964 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
00:30:07.0640 3964 RDSessMgr - ok
00:30:07.0671 3964 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:30:07.0687 3964 redbook - ok
00:30:07.0734 3964 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
00:30:07.0750 3964 RemoteAccess - ok
00:30:07.0796 3964 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
00:30:07.0796 3964 RemoteRegistry - ok
00:30:07.0843 3964 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
00:30:07.0859 3964 RpcLocator - ok
00:30:07.0921 3964 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
00:30:07.0937 3964 RpcSs - ok
00:30:07.0968 3964 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
00:30:08.0000 3964 RSVP - ok
00:30:08.0015 3964 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:30:08.0031 3964 SamSs - ok
00:30:08.0093 3964 SandBox (9f5ca7b63e3a16b03e8596e6b782f498) C:\WINDOWS\system32\drivers\SandBox.sys
00:30:08.0109 3964 SandBox - ok
00:30:08.0171 3964 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
00:30:08.0187 3964 SCardSvr - ok
00:30:08.0234 3964 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
00:30:08.0250 3964 Schedule - ok
00:30:08.0312 3964 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:30:08.0312 3964 Secdrv - ok
00:30:08.0343 3964 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
00:30:08.0359 3964 seclogon - ok
00:30:08.0437 3964 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
00:30:08.0453 3964 senfilt - ok
00:30:08.0500 3964 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
00:30:08.0515 3964 SENS - ok
00:30:08.0531 3964 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:30:08.0531 3964 serenum - ok
00:30:08.0578 3964 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:30:08.0593 3964 Serial - ok
00:30:08.0640 3964 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:30:08.0640 3964 Sfloppy - ok
00:30:08.0687 3964 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
00:30:08.0703 3964 SharedAccess - ok
00:30:08.0750 3964 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:30:08.0765 3964 ShellHWDetection - ok
00:30:08.0781 3964 Simbad - ok
00:30:08.0828 3964 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
00:30:08.0843 3964 smwdm - ok
00:30:08.0859 3964 Sparrow - ok
00:30:08.0906 3964 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:30:08.0906 3964 splitter - ok
00:30:08.0953 3964 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
00:30:08.0968 3964 Spooler - ok
00:30:09.0000 3964 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:30:09.0000 3964 sr - ok
00:30:09.0046 3964 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
00:30:09.0062 3964 srservice - ok
00:30:09.0109 3964 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:30:09.0125 3964 Srv - ok
00:30:09.0171 3964 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
00:30:09.0187 3964 SSDPSRV - ok
00:30:09.0250 3964 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
00:30:09.0281 3964 stisvc - ok
00:30:09.0312 3964 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:30:09.0312 3964 swenum - ok
00:30:09.0359 3964 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:30:09.0359 3964 swmidi - ok
00:30:09.0375 3964 SwPrv - ok
00:30:09.0406 3964 symc810 - ok
00:30:09.0437 3964 symc8xx - ok
00:30:09.0453 3964 sym_hi - ok
00:30:09.0484 3964 sym_u3 - ok
00:30:09.0546 3964 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:30:09.0546 3964 sysaudio - ok
00:30:09.0593 3964 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
00:30:09.0609 3964 SysmonLog - ok
00:30:09.0671 3964 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
00:30:09.0687 3964 TapiSrv - ok
00:30:09.0734 3964 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:30:09.0750 3964 Tcpip - ok
00:30:09.0796 3964 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:30:09.0796 3964 TDPIPE - ok
00:30:09.0828 3964 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:30:09.0843 3964 TDTCP - ok
00:30:09.0875 3964 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:30:09.0875 3964 TermDD - ok
00:30:09.0937 3964 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
00:30:09.0953 3964 TermService - ok
00:30:10.0000 3964 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:30:10.0015 3964 Themes - ok
00:30:10.0062 3964 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
00:30:10.0078 3964 TlntSvr - ok
00:30:10.0093 3964 TosIde - ok
00:30:10.0140 3964 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
00:30:10.0156 3964 TrkWks - ok
00:30:10.0218 3964 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:30:10.0234 3964 Udfs - ok
00:30:10.0250 3964 ultra - ok
00:30:10.0312 3964 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:30:10.0328 3964 Update - ok
00:30:10.0375 3964 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
00:30:10.0437 3964 upnphost - ok
00:30:10.0453 3964 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
00:30:10.0468 3964 UPS - ok
00:30:10.0515 3964 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:30:10.0515 3964 usbccgp - ok
00:30:10.0562 3964 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:30:10.0562 3964 usbehci - ok
00:30:10.0593 3964 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:30:10.0609 3964 usbhub - ok
00:30:10.0640 3964 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:30:10.0656 3964 usbprint - ok
00:30:10.0687 3964 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:30:10.0703 3964 usbscan - ok
00:30:10.0734 3964 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:30:10.0750 3964 USBSTOR - ok
00:30:10.0765 3964 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:30:10.0765 3964 usbuhci - ok
00:30:10.0828 3964 VBEngNT (66aeeb2e471b88628c11f4cabe68a7c4) C:\WINDOWS\system32\drivers\VBEngNT.sys
00:30:10.0843 3964 VBEngNT - ok
00:30:10.0890 3964 VBFilt (ac3dcee82ff6bd7d902b054fcdfb0baa) C:\WINDOWS\system32\Filt\VBFilt.dll
00:30:10.0906 3964 VBFilt - ok
00:30:10.0953 3964 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:30:10.0953 3964 VgaSave - ok
00:30:10.0968 3964 ViaIde - ok
00:30:11.0015 3964 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:30:11.0015 3964 VolSnap - ok
00:30:11.0078 3964 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
00:30:11.0093 3964 VSS - ok
00:30:11.0140 3964 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
00:30:11.0156 3964 W32Time - ok
00:30:11.0187 3964 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:30:11.0203 3964 Wanarp - ok
00:30:11.0218 3964 WDICA - ok
00:30:11.0265 3964 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:30:11.0281 3964 wdmaud - ok
00:30:11.0312 3964 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
00:30:11.0328 3964 WebClient - ok
00:30:11.0390 3964 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:30:11.0390 3964 winmgmt - ok
00:30:11.0484 3964 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
00:30:11.0500 3964 WmdmPmSN - ok
00:30:11.0562 3964 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
00:30:11.0593 3964 Wmi - ok
00:30:11.0671 3964 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:30:11.0671 3964 WmiApSrv - ok
00:30:11.0687 3964 WN111v2 - ok
00:30:11.0734 3964 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:30:11.0750 3964 WS2IFSL - ok
00:30:11.0781 3964 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
00:30:11.0796 3964 wscsvc - ok
00:30:11.0843 3964 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
00:30:11.0843 3964 WSIMD - ok
00:30:11.0890 3964 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
00:30:11.0906 3964 wuauserv - ok
00:30:11.0968 3964 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
00:30:12.0015 3964 WZCSVC - ok
00:30:12.0046 3964 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
00:30:12.0062 3964 xmlprov - ok
00:30:12.0125 3964 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:30:12.0562 3964 \Device\Harddisk0\DR0 - ok
00:30:12.0625 3964 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
00:30:12.0687 3964 \Device\Harddisk1\DR2 - ok
00:30:12.0703 3964 Boot (0x1200) (8d36e95eb4fe24b290839e8ab5683fd0) \Device\Harddisk0\DR0\Partition0
00:30:12.0703 3964 \Device\Harddisk0\DR0\Partition0 - ok
00:30:12.0734 3964 Boot (0x1200) (085bb6cba4978d5d8db93bbf07e985a1) \Device\Harddisk1\DR2\Partition0
00:30:12.0734 3964 \Device\Harddisk1\DR2\Partition0 - ok
00:30:12.0750 3964 ============================================================
00:30:12.0750 3964 Scan finished
00:30:12.0750 3964 ============================================================
00:30:12.0781 3952 Detected object count: 0
00:30:12.0781 3952 Actual detected object count: 0
00:30:52.0937 3212 ============================================================
00:30:52.0937 3212 Scan started
00:30:52.0937 3212 Mode: Manual;
00:30:52.0937 3212 ============================================================
00:30:53.0296 3212 24x7HelpSvc (15e2c150d3bcf498fd4180394776bc98) C:\Program Files\24x7Help\App24x7Svc.exe
00:30:53.0296 3212 24x7HelpSvc - ok
00:30:53.0328 3212 Aavmker4 (fdba5bb4c8171cda00b2233d5389ee5f) C:\WINDOWS\system32\drivers\Aavmker4.sys
00:30:53.0328 3212 Aavmker4 - ok
00:30:53.0343 3212 Abiosdsk - ok
00:30:53.0359 3212 abp480n5 - ok
00:30:53.0406 3212 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:30:53.0421 3212 ACPI - ok
00:30:53.0453 3212 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:30:53.0453 3212 ACPIEC - ok
00:30:53.0515 3212 ACS (8cddbfcdac7226fe0202c7338107725b) C:\WINDOWS\system32\acs.exe
00:30:53.0515 3212 ACS - ok
00:30:53.0671 3212 acssrv (4b7b8dd6aab4dd6ed1624bd027aae598) C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
00:30:53.0687 3212 acssrv - ok
00:30:53.0765 3212 adpu160m - ok
00:30:53.0812 3212 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:30:53.0812 3212 aec - ok
00:30:53.0859 3212 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:30:53.0859 3212 AFD - ok
00:30:53.0890 3212 afw (14ba5ca5d11771ce8e8b6cc6830a2436) C:\WINDOWS\system32\DRIVERS\afw.sys
00:30:53.0890 3212 afw - ok
00:30:53.0921 3212 afwcore (1f3d61965a9bd278a205d3062176e45c) C:\WINDOWS\system32\drivers\afwcore.sys
00:30:53.0937 3212 afwcore - ok
00:30:53.0953 3212 Aha154x - ok
00:30:53.0968 3212 aic78u2 - ok
00:30:54.0000 3212 aic78xx - ok
00:30:54.0046 3212 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
00:30:54.0046 3212 Alerter - ok
00:30:54.0078 3212 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
00:30:54.0078 3212 ALG - ok
00:30:54.0093 3212 AliIde - ok
00:30:54.0109 3212 amsint - ok
00:30:54.0234 3212 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:30:54.0234 3212 Apple Mobile Device - ok
00:30:54.0265 3212 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
00:30:54.0265 3212 AppMgmt - ok
00:30:54.0281 3212 asc - ok
00:30:54.0312 3212 asc3350p - ok
00:30:54.0328 3212 asc3550 - ok
00:30:54.0421 3212 ASWFilt (1ac23aedb2f90e80b8ee4c7c327bec94) C:\WINDOWS\system32\Filt\ASWFilt.dll
00:30:54.0421 3212 ASWFilt - ok
00:30:54.0468 3212 aswFsBlk (581b82df5dbcc1dda6b775fac0d92472) C:\WINDOWS\system32\drivers\aswFsBlk.sys
00:30:54.0468 3212 aswFsBlk - ok
00:30:54.0484 3212 aswMon2 (4310e0977b48ec9bc5cca6931f806e6d) C:\WINDOWS\system32\drivers\aswMon2.sys
00:30:54.0500 3212 aswMon2 - ok
00:30:54.0531 3212 aswRdr (0b44ee90b3db93582b260a80b28b7ffd) C:\WINDOWS\system32\drivers\aswRdr.sys
00:30:54.0531 3212 aswRdr - ok
00:30:54.0593 3212 aswSnx (ca9601cd277a1e510b80422a40240a95) C:\WINDOWS\system32\drivers\aswSnx.sys
00:30:54.0593 3212 aswSnx - ok
00:30:54.0656 3212 aswSP (05ea22dde5ca7ee3a865046aff2f0229) C:\WINDOWS\system32\drivers\aswSP.sys
00:30:54.0656 3212 aswSP - ok
00:30:54.0671 3212 aswTdi (3ac73a9e7378848d1bde174b4bb39212) C:\WINDOWS\system32\drivers\aswTdi.sys
00:30:54.0687 3212 aswTdi - ok
00:30:54.0718 3212 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:30:54.0718 3212 AsyncMac - ok
00:30:54.0765 3212 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:30:54.0765 3212 atapi - ok
00:30:54.0765 3212 Atdisk - ok
00:30:54.0812 3212 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:30:54.0812 3212 Atmarpc - ok
00:30:54.0843 3212 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
00:30:54.0843 3212 AudioSrv - ok
00:30:54.0875 3212 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:30:54.0875 3212 audstub - ok
00:30:54.0968 3212 avast! Antivirus (a45aa986d9490a4e5b87563d9cd7b175) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
00:30:54.0968 3212 avast! Antivirus - ok
00:30:54.0984 3212 avast! Firewall - ok
00:30:55.0031 3212 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:30:55.0031 3212 Beep - ok
00:30:55.0078 3212 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
00:30:55.0093 3212 BITS - ok
00:30:55.0171 3212 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
00:30:55.0187 3212 Bonjour Service - ok
00:30:55.0218 3212 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
00:30:55.0218 3212 Browser - ok
00:30:55.0312 3212 catchme - ok
00:30:55.0359 3212 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:30:55.0359 3212 cbidf2k - ok
00:30:55.0375 3212 cd20xrnt - ok
00:30:55.0421 3212 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:30:55.0421 3212 Cdaudio - ok
00:30:55.0453 3212 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:30:55.0453 3212 Cdfs - ok
00:30:55.0484 3212 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:30:55.0484 3212 Cdrom - ok
00:30:55.0500 3212 Changer - ok
00:30:55.0546 3212 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
00:30:55.0546 3212 CiSvc - ok
00:30:55.0578 3212 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
00:30:55.0593 3212 ClipSrv - ok
00:30:55.0609 3212 CmdIde - ok
00:30:55.0625 3212 COMSysApp - ok
00:30:55.0687 3212 Cpqarray - ok
00:30:55.0718 3212 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
00:30:55.0718 3212 CryptSvc - ok
00:30:55.0734 3212 dac2w2k - ok
00:30:55.0765 3212 dac960nt - ok
00:30:55.0828 3212 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
00:30:55.0843 3212 DcomLaunch - ok
00:30:55.0875 3212 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
00:30:55.0875 3212 Dhcp - ok
00:30:55.0906 3212 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:30:55.0906 3212 Disk - ok
00:30:55.0921 3212 dmadmin - ok
00:30:55.0984 3212 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:30:56.0000 3212 dmboot - ok
00:30:56.0031 3212 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:30:56.0031 3212 dmio - ok
00:30:56.0046 3212 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:30:56.0062 3212 dmload - ok
00:30:56.0093 3212 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
00:30:56.0093 3212 dmserver - ok
00:30:56.0140 3212 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:30:56.0140 3212 DMusic - ok
00:30:56.0187 3212 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
00:30:56.0187 3212 DNINDIS5 - ok
00:30:56.0234 3212 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
00:30:56.0234 3212 Dnscache - ok
00:30:56.0281 3212 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
00:30:56.0281 3212 Dot3svc - ok
00:30:56.0296 3212 dpti2o - ok
00:30:56.0343 3212 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:30:56.0343 3212 drmkaud - ok
00:30:56.0375 3212 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:30:56.0390 3212 E100B - ok
00:30:56.0406 3212 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
00:30:56.0421 3212 EapHost - ok
00:30:56.0453 3212 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
00:30:56.0453 3212 ERSvc - ok
00:30:56.0500 3212 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:30:56.0500 3212 Eventlog - ok
00:30:56.0546 3212 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
00:30:56.0546 3212 EventSystem - ok
00:30:56.0578 3212 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:30:56.0593 3212 Fastfat - ok
00:30:56.0625 3212 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:30:56.0640 3212 FastUserSwitchingCompatibility - ok
00:30:56.0656 3212 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:30:56.0656 3212 Fdc - ok
00:30:56.0687 3212 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:30:56.0687 3212 Fips - ok
00:30:56.0703 3212 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:30:56.0718 3212 Flpydisk - ok
00:30:56.0750 3212 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:30:56.0750 3212 FltMgr - ok
00:30:56.0781 3212 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:30:56.0796 3212 Fs_Rec - ok
00:30:56.0812 3212 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:30:56.0812 3212 Ftdisk - ok
00:30:56.0859 3212 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:30:56.0859 3212 GEARAspiWDM - ok
00:30:56.0890 3212 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:30:56.0890 3212 Gpc - ok
00:30:56.0921 3212 gupdate - ok
00:30:56.0953 3212 gupdatem - ok
00:30:57.0015 3212 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:30:57.0031 3212 helpsvc - ok
00:30:57.0031 3212 HidServ - ok
00:30:57.0078 3212 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:30:57.0078 3212 hidusb - ok
00:30:57.0109 3212 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
00:30:57.0109 3212 hkmsvc - ok
00:30:57.0125 3212 hpn - ok
00:30:57.0187 3212 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:30:57.0187 3212 HTTP - ok
00:30:57.0218 3212 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
00:30:57.0234 3212 HTTPFilter - ok
00:30:57.0250 3212 i2omgmt - ok
00:30:57.0265 3212 i2omp - ok
00:30:57.0312 3212 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:30:57.0312 3212 i8042prt - ok
00:30:57.0343 3212 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:30:57.0359 3212 Imapi - ok
00:30:57.0406 3212 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
00:30:57.0406 3212 ImapiService - ok
00:30:57.0437 3212 ini910u - ok
00:30:57.0546 3212 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
00:30:57.0546 3212 IntelC51 - ok
00:30:57.0609 3212 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
00:30:57.0609 3212 IntelC52 - ok
00:30:57.0625 3212 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
00:30:57.0640 3212 IntelC53 - ok
00:30:57.0656 3212 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:30:57.0671 3212 IntelIde - ok
00:30:57.0703 3212 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:30:57.0703 3212 intelppm - ok
00:30:57.0734 3212 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:30:57.0734 3212 Ip6Fw - ok
00:30:57.0765 3212 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:30:57.0765 3212 IpFilterDriver - ok
00:30:57.0781 3212 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:30:57.0796 3212 IpInIp - ok
00:30:57.0828 3212 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:30:57.0843 3212 IpNat - ok
00:30:57.0937 3212 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
00:30:57.0953 3212 iPod Service - ok
00:30:57.0984 3212 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:30:57.0984 3212 IPSec - ok
00:30:58.0015 3212 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:30:58.0015 3212 IRENUM - ok
00:30:58.0062 3212 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:30:58.0062 3212 isapnp - ok
00:30:58.0093 3212 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
00:30:58.0093 3212 JSWSCIMD - ok
00:30:58.0109 3212 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:30:58.0125 3212 Kbdclass - ok
00:30:58.0171 3212 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:30:58.0171 3212 kmixer - ok
00:30:58.0218 3212 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:30:58.0218 3212 KSecDD - ok
00:30:58.0250 3212 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
00:30:58.0265 3212 lanmanserver - ok
00:30:58.0312 3212 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
00:30:58.0328 3212 lanmanworkstation - ok
00:30:58.0328 3212 lbrtfdc - ok
00:30:58.0390 3212 LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
00:30:58.0390 3212 LHidFlt2 - ok
00:30:58.0406 3212 LHidUsb (ffb851b1b2f6596b7d3182b977a85206) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
00:30:58.0421 3212 LHidUsb - ok
00:30:58.0468 3212 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
00:30:58.0484 3212 LmHosts - ok
00:30:58.0500 3212 LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
00:30:58.0500 3212 LMouFlt2 - ok
00:30:58.0531 3212 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys
00:30:58.0546 3212 mbamchameleon - ok
00:30:58.0562 3212 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
00:30:58.0578 3212 Messenger - ok
00:30:58.0609 3212 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:30:58.0609 3212 mnmdd - ok
00:30:58.0640 3212 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
00:30:58.0656 3212 mnmsrvc - ok
00:30:58.0703 3212 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:30:58.0703 3212 Modem - ok
00:30:58.0734 3212 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
00:30:58.0734 3212 MODEMCSA - ok
00:30:58.0781 3212 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
00:30:58.0796 3212 mohfilt - ok
00:30:58.0828 3212 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:30:58.0828 3212 Mouclass - ok
00:30:58.0859 3212 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:30:58.0859 3212 mouhid - ok
00:30:58.0890 3212 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:30:58.0906 3212 MountMgr - ok
00:30:58.0906 3212 mraid35x - ok
00:30:58.0953 3212 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:30:58.0953 3212 MRxDAV - ok
00:30:59.0015 3212 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:30:59.0015 3212 MRxSmb - ok
00:30:59.0062 3212 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
00:30:59.0062 3212 MSDTC - ok
00:30:59.0093 3212 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:30:59.0093 3212 Msfs - ok
00:30:59.0109 3212 MSIServer - ok
00:30:59.0156 3212 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:30:59.0156 3212 MSKSSRV - ok
00:30:59.0171 3212 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:30:59.0187 3212 MSPCLOCK - ok
00:30:59.0218 3212 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:30:59.0234 3212 mssmbios - ok
00:30:59.0265 3212 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
00:30:59.0265 3212 ms_mpu401 - ok
00:30:59.0312 3212 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:30:59.0312 3212 Mup - ok
00:30:59.0375 3212 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
00:30:59.0375 3212 napagent - ok
00:30:59.0421 3212 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:30:59.0421 3212 NDIS - ok
00:30:59.0468 3212 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:30:59.0468 3212 NdisTapi - ok
00:30:59.0500 3212 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:30:59.0500 3212 Ndisuio - ok
00:30:59.0531 3212 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:30:59.0531 3212 NdisWan - ok
00:30:59.0562 3212 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:30:59.0562 3212 NDProxy - ok
00:30:59.0593 3212 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:30:59.0609 3212 NetBIOS - ok
00:30:59.0625 3212 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:30:59.0640 3212 NetBT - ok
00:30:59.0687 3212 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:30:59.0703 3212 NetDDE - ok
00:30:59.0718 3212 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:30:59.0734 3212 NetDDEdsdm - ok
00:30:59.0765 3212 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:30:59.0765 3212 Netlogon - ok
00:30:59.0812 3212 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
00:30:59.0812 3212 Netman - ok
00:30:59.0859 3212 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
00:30:59.0875 3212 Nla - ok
00:30:59.0906 3212 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:30:59.0906 3212 Npfs - ok
00:30:59.0953 3212 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:30:59.0953 3212 Ntfs - ok
00:30:59.0968 3212 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:30:59.0984 3212 NtLmSsp - ok
00:31:00.0031 3212 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
00:31:00.0046 3212 NtmsSvc - ok
00:31:00.0078 3212 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:31:00.0078 3212 Null - ok
00:31:00.0109 3212 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:31:00.0125 3212 NwlnkFlt - ok
00:31:00.0140 3212 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:31:00.0140 3212 NwlnkFwd - ok
00:31:00.0171 3212 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:31:00.0171 3212 Parport - ok
00:31:00.0203 3212 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:31:00.0203 3212 PartMgr - ok
00:31:00.0250 3212 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:31:00.0250 3212 ParVdm - ok
00:31:00.0265 3212 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:31:00.0281 3212 PCI - ok
00:31:00.0296 3212 PCIDump - ok
00:31:00.0312 3212 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
00:31:00.0328 3212 PCIIde - ok
00:31:00.0359 3212 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:31:00.0359 3212 Pcmcia - ok
00:31:00.0375 3212 PDCOMP - ok
00:31:00.0406 3212 PDFRAME - ok
00:31:00.0421 3212 PDRELI - ok
00:31:00.0453 3212 PDRFRAME - ok
00:31:00.0468 3212 perc2 - ok
00:31:00.0500 3212 perc2hib - ok
00:31:00.0593 3212 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:31:00.0609 3212 PlugPlay - ok
00:31:00.0625 3212 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:31:00.0640 3212 PolicyAgent - ok
00:31:00.0656 3212 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:31:00.0656 3212 PptpMiniport - ok
00:31:00.0671 3212 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:31:00.0687 3212 ProtectedStorage - ok
00:31:00.0718 3212 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:31:00.0734 3212 PSched - ok
00:31:00.0765 3212 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:31:00.0765 3212 Ptilink - ok
00:31:00.0781 3212 ql1080 - ok
00:31:00.0812 3212 Ql10wnt - ok
00:31:00.0828 3212 ql12160 - ok
00:31:00.0859 3212 ql1240 - ok
00:31:00.0875 3212 ql1280 - ok
00:31:00.0906 3212 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:31:00.0906 3212 RasAcd - ok
00:31:00.0953 3212 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
00:31:00.0968 3212 RasAuto - ok
00:31:01.0000 3212 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:31:01.0000 3212 Rasl2tp - ok
00:31:01.0046 3212 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
00:31:01.0062 3212 RasMan - ok
00:31:01.0078 3212 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:31:01.0093 3212 RasPppoe - ok
00:31:01.0109 3212 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:31:01.0109 3212 Raspti - ok
00:31:01.0140 3212 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:31:01.0140 3212 Rdbss - ok
00:31:01.0171 3212 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:31:01.0171 3212 RDPCDD - ok
00:31:01.0218 3212 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:31:01.0218 3212 rdpdr - ok
00:31:01.0281 3212 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
00:31:01.0281 3212 RDPWD - ok
00:31:01.0328 3212 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
00:31:01.0343 3212 RDSessMgr - ok
00:31:01.0390 3212 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:31:01.0390 3212 redbook - ok
00:31:01.0421 3212 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
00:31:01.0437 3212 RemoteAccess - ok
00:31:01.0484 3212 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
00:31:01.0484 3212 RemoteRegistry - ok
00:31:01.0531 3212 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
00:31:01.0546 3212 RpcLocator - ok
00:31:01.0609 3212 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
00:31:01.0625 3212 RpcSs - ok
00:31:01.0671 3212 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
00:31:01.0687 3212 RSVP - ok
00:31:01.0734 3212 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:31:01.0734 3212 SamSs - ok
00:31:01.0812 3212 SandBox (9f5ca7b63e3a16b03e8596e6b782f498) C:\WINDOWS\system32\drivers\SandBox.sys
00:31:01.0812 3212 SandBox - ok
00:31:01.0859 3212 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
00:31:01.0875 3212 SCardSvr - ok
00:31:01.0921 3212 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
00:31:01.0937 3212 Schedule - ok
00:31:01.0984 3212 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:31:02.0000 3212 Secdrv - ok
00:31:02.0031 3212 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
00:31:02.0046 3212 seclogon - ok
00:31:02.0109 3212 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
00:31:02.0109 3212 senfilt - ok
00:31:02.0156 3212 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
00:31:02.0171 3212 SENS - ok
00:31:02.0187 3212 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:31:02.0187 3212 serenum - ok
00:31:02.0218 3212 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:31:02.0218 3212 Serial - ok
00:31:02.0250 3212 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:31:02.0265 3212 Sfloppy - ok
00:31:02.0312 3212 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
00:31:02.0312 3212 SharedAccess - ok
00:31:02.0359 3212 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:31:02.0375 3212 ShellHWDetection - ok
00:31:02.0375 3212 Simbad - ok
00:31:02.0437 3212 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
00:31:02.0453 3212 smwdm - ok
00:31:02.0468 3212 Sparrow - ok
00:31:02.0500 3212 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:31:02.0515 3212 splitter - ok
00:31:02.0546 3212 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
00:31:02.0562 3212 Spooler - ok
00:31:02.0578 3212 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:31:02.0593 3212 sr - ok
00:31:02.0640 3212 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
00:31:02.0640 3212 srservice - ok
00:31:02.0703 3212 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:31:02.0703 3212 Srv - ok
00:31:02.0750 3212 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
00:31:02.0765 3212 SSDPSRV - ok
00:31:02.0812 3212 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
00:31:02.0828 3212 stisvc - ok
00:31:02.0875 3212 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:31:02.0875 3212 swenum - ok
00:31:02.0906 3212 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:31:02.0921 3212 swmidi - ok
00:31:02.0921 3212 SwPrv - ok
00:31:02.0968 3212 symc810 - ok
00:31:02.0984 3212 symc8xx - ok
00:31:03.0015 3212 sym_hi - ok
00:31:03.0046 3212 sym_u3 - ok
00:31:03.0093 3212 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:31:03.0093 3212 sysaudio - ok
00:31:03.0140 3212 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
00:31:03.0156 3212 SysmonLog - ok
00:31:03.0203 3212 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
00:31:03.0218 3212 TapiSrv - ok
00:31:03.0265 3212 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:31:03.0265 3212 Tcpip - ok
00:31:03.0312 3212 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:31:03.0312 3212 TDPIPE - ok
00:31:03.0343 3212 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:31:03.0343 3212 TDTCP - ok
00:31:03.0390 3212 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:31:03.0390 3212 TermDD - ok
00:31:03.0437 3212 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
00:31:03.0453 3212 TermService - ok
00:31:03.0484 3212 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:31:03.0500 3212 Themes - ok
00:31:03.0562 3212 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
00:31:03.0562 3212 TlntSvr - ok
00:31:03.0578 3212 TosIde - ok
00:31:03.0640 3212 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
00:31:03.0640 3212 TrkWks - ok
00:31:03.0718 3212 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:31:03.0718 3212 Udfs - ok
00:31:03.0734 3212 ultra - ok
00:31:03.0796 3212 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:31:03.0796 3212 Update - ok
00:31:03.0859 3212 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
00:31:03.0875 3212 upnphost - ok
00:31:03.0890 3212 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
00:31:03.0906 3212 UPS - ok
00:31:03.0953 3212 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:31:03.0953 3212 usbccgp - ok
00:31:04.0000 3212 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:31:04.0000 3212 usbehci - ok
00:31:04.0046 3212 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:31:04.0046 3212 usbhub - ok
00:31:04.0093 3212 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:31:04.0093 3212 usbprint - ok
00:31:04.0125 3212 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:31:04.0125 3212 usbscan - ok
00:31:04.0156 3212 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:31:04.0171 3212 USBSTOR - ok
00:31:04.0187 3212 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:31:04.0187 3212 usbuhci - ok
00:31:04.0250 3212 VBEngNT (66aeeb2e471b88628c11f4cabe68a7c4) C:\WINDOWS\system32\drivers\VBEngNT.sys
00:31:04.0250 3212 VBEngNT - ok
00:31:04.0312 3212 VBFilt (ac3dcee82ff6bd7d902b054fcdfb0baa) C:\WINDOWS\system32\Filt\VBFilt.dll
00:31:04.0312 3212 VBFilt - ok
00:31:04.0359 3212 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:31:04.0375 3212 VgaSave - ok
00:31:04.0375 3212 ViaIde - ok
00:31:04.0437 3212 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:31:04.0437 3212 VolSnap - ok
00:31:04.0500 3212 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
00:31:04.0515 3212 VSS - ok
00:31:04.0562 3212 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
00:31:04.0578 3212 W32Time - ok
00:31:04.0609 3212 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:31:04.0625 3212 Wanarp - ok
00:31:04.0640 3212 WDICA - ok
00:31:04.0687 3212 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:31:04.0687 3212 wdmaud - ok
00:31:04.0734 3212 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
00:31:04.0750 3212 WebClient - ok
00:31:04.0812 3212 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:31:04.0812 3212 winmgmt - ok
00:31:04.0890 3212 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
00:31:04.0906 3212 WmdmPmSN - ok
00:31:04.0984 3212 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
00:31:04.0984 3212 Wmi - ok
00:31:05.0046 3212 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:31:05.0046 3212 WmiApSrv - ok
00:31:05.0062 3212 WN111v2 - ok
00:31:05.0109 3212 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:31:05.0109 3212 WS2IFSL - ok
00:31:05.0156 3212 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
00:31:05.0156 3212 wscsvc - ok
00:31:05.0203 3212 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
00:31:05.0203 3212 WSIMD - ok
00:31:05.0250 3212 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
00:31:05.0265 3212 wuauserv - ok
00:31:05.0328 3212 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
00:31:05.0343 3212 WZCSVC - ok
00:31:05.0390 3212 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
00:31:05.0406 3212 xmlprov - ok
00:31:05.0453 3212 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:31:05.0875 3212 \Device\Harddisk0\DR0 - ok
00:31:05.0937 3212 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
00:31:06.0000 3212 \Device\Harddisk1\DR2 - ok
00:31:06.0031 3212 Boot (0x1200) (8d36e95eb4fe24b290839e8ab5683fd0) \Device\Harddisk0\DR0\Partition0
00:31:06.0031 3212 \Device\Harddisk0\DR0\Partition0 - ok
00:31:06.0046 3212 Boot (0x1200) (085bb6cba4978d5d8db93bbf07e985a1) \Device\Harddisk1\DR2\Partition0
00:31:06.0062 3212 \Device\Harddisk1\DR2\Partition0 - ok
00:31:06.0062 3212 ============================================================
00:31:06.0062 3212 Scan finished
00:31:06.0062 3212 ============================================================
00:31:06.0093 3204 Detected object count: 0
00:31:06.0093 3204 Actual detected object count: 0

--------------------------------------------

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-30 00:33:05
-----------------------------
00:33:05.578 OS Version: Windows 5.1.2600 Service Pack 3
00:33:05.578 Number of processors: 2 586 0x401
00:33:05.578 ComputerName: WKHENDER UserName: Keith
00:33:06.750 Initialize success
00:33:09.453 AVAST engine defs: 12052901
00:33:54.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
00:33:54.890 Disk 0 Vendor: WDC_WD400BD-75JMA0 05.01C05 Size: 38146MB BusType: 3
00:33:54.921 Disk 0 MBR read successfully
00:33:54.921 Disk 0 MBR scan
00:33:55.265 Disk 0 Windows XP default MBR code
00:33:55.281 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38138 MB offset 63
00:33:55.453 Disk 0 scanning sectors +78108030
00:33:55.671 Disk 0 scanning C:\WINDOWS\system32\drivers
00:34:16.890 Service scanning
00:34:32.828 Modules scanning
00:34:42.437 Disk 0 trace - called modules:
00:34:42.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
00:34:42.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x823a0ab8]
00:34:42.546 3 CLASSPNP.SYS[f84ebfd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x823a1d98]
00:34:42.843 AVAST engine scan C:\WINDOWS
00:34:56.921 AVAST engine scan C:\WINDOWS\system32
00:36:32.578 AVAST engine scan C:\WINDOWS\system32\drivers
00:36:53.890 AVAST engine scan C:\Documents and Settings\Keith
00:38:04.703 AVAST engine scan C:\Documents and Settings\All Users
00:38:14.546 Scan finished successfully
00:38:46.421 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
00:38:46.484 The log file has been saved successfully to "F:\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 PM

Posted 30 May 2012 - 03:46 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 lynh

lynh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 30 May 2012 - 11:11 PM

Hi Gringo,

Here is the OTL log. I have the extras.txt in case you need it. Odd thing of the day. Notepad wouldn't let me do a file -> Save As. I got a Common Dialog Error message box. I had to select and copy the text and paste it into wordpad and save it to my thumbdrive that way.

The log is below.

Thanks!
--lyn

OTL logfile created on: 5/30/2012 8:54:42 PM - Run 2
OTL by OldTimer - Version 3.2.44.0 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 203.16 Mb Available Physical Memory | 40.46% Memory free
1.21 Gb Paging File | 0.95 Gb Available in Paging File | 78.81% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 27.68 Gb Free Space | 74.32% Space Free | Partition Type: NTFS
Drive F: | 1.89 Gb Total Space | 1.87 Gb Free Space | 98.86% Space Free | Partition Type: FAT

Computer Name: WKHENDER | User Name: Keith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\24x7Help\App24x7Svc.exe (PCRx.com, LLC)
PRC - C:\Program Files\24x7Help\App24x7Hook.exe (PCRx.com, LLC)
PRC - C:\Program Files\24x7Help\App24x7Help.exe (PCRx.com, LLC)
PRC - C:\Program Files\SiteRanker\SiteRankTray.exe (Crawler, LLC)
PRC - C:\Program Files\PCPowerSpeed\PCPowerTray.exe (Crawler.com)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Agnitum\Outpost Security Suite Free\acs.exe (Agnitum Ltd.)
PRC - C:\Program Files\Agnitum\Outpost Security Suite Free\op_mon.exe (Agnitum Ltd.)
PRC - C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe (Agnitum Ltd.)
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12053002\algo.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Agnitum\Outpost Security Suite Free\zlib.dll ()
MOD - C:\Program Files\Agnitum\Outpost Security Suite Free\unrar.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (gupdatem) Google Update Service (gupdatem) -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc File not found
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc File not found
SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe File not found
SRV - (24x7HelpSvc) -- C:\Program Files\24x7Help\App24x7Svc.exe (PCRx.com, LLC)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (acssrv) -- C:\Program Files\Agnitum\Outpost Security Suite Free\acs.exe (Agnitum Ltd.)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)
SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (TermService) -- C:\WINDOWS\system32\termsrv.dll (Microsoft Corporation)
SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\WINDOWS\system32\mprdim.dll (Microsoft Corporation)
SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WN111v2) -- system32\DRIVERS\WN111v2.sys File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Keith\LOCALS~1\Temp\catchme.sys File not found
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys ()
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (SandBox) -- C:\WINDOWS\system32\drivers\SandBox.sys (Agnitum Ltd.)
DRV - (VBFilt) -- C:\WINDOWS\system32\Filt\VBFilt.dll (Agnitum Ltd.)
DRV - (ASWFilt) -- C:\WINDOWS\system32\Filt\ASWFilt.dll (Agnitum Ltd.)
DRV - (afwcore) -- C:\WINDOWS\system32\drivers\afwcore.sys (Agnitum Ltd.)
DRV - (VBEngNT) -- C:\WINDOWS\system32\drivers\VBEngNT.sys (VirusBuster Kft.)
DRV - (afw) -- C:\WINDOWS\system32\drivers\afw.sys (Agnitum Ltd.)
DRV - (JSWSCIMD) -- C:\WINDOWS\system32\drivers\jswscimd.sys (Atheros Communications, Inc.)
DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
DRV - (Pcmcia) -- C:\WINDOWS\System32\drivers\pcmcia.sys (Microsoft Corporation)
DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys (Microsoft Corporation)
DRV - (ACPIEC) -- C:\WINDOWS\System32\drivers\acpiec.sys (Microsoft Corporation)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys (Logitech, Inc.)
DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {DF93E4C5-754E-4DC3-AA29-873C4E4BED30}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{DF93E4C5-754E-4DC3-AA29-873C4E4BED30}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1214440339-117609710-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80114&lng=en
IE - HKU\S-1-5-21-1214440339-117609710-725345543-1003\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\S-1-5-21-1214440339-117609710-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1214440339-117609710-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1214440339-117609710-725345543-1003\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80114&lng=en
IE - HKU\S-1-5-21-1214440339-117609710-725345543-1003\..\SearchScopes\{DF93E4C5-754E-4DC3-AA29-873C4E4BED30}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-1214440339-117609710-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214440339-117609710-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012/02/17 09:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Keith\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2012/05/29 00:18:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files\SiteRanker\SiteRank.dll (Crawler, LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-1214440339-117609710-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-117609710-725345543-1003\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [24x7HELP] C:\Program Files\24x7Help\App24x7Help.exe (PCRx.com, LLC)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Security Suite Free\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [PCPowerSpeed] C:\Program Files\PCPowerSpeed\PCPowerTray.exe (Crawler.com)
O4 - HKLM..\Run: [SiteRanker] C:\Program Files\SiteRanker\SiteRankTray.exe (Crawler, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-117609710-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1214440339-117609710-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1214440339-117609710-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1214440339-117609710-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Keith\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Keith\Desktop\PartyPoker.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296451797743 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1314306493359 (MUWebControl Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{002FE72C-D299-43B1-BAA1-2BE751D795F9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3997565B-E7ED-4EDD-A913-7EB2468DE58F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Keith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Keith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/26 20:42:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/29 22:40:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/05/28 23:52:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/28 23:52:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/28 23:52:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/28 23:52:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/28 23:52:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/28 23:52:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/27 18:33:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Keith\My Documents\My Videos
[2012/05/27 18:33:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Keith\Start Menu\Programs\Administrative Tools
[2012/05/24 20:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2012/05/18 08:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\PCPowerSpeed
[2012/05/18 08:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPowerSpeed
[2012/05/18 08:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Power Speed
[2012/05/18 08:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\PCPowerSpeed
[2012/05/18 08:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\SiteRanker
[2012/05/18 08:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SiteRanker
[2012/05/18 08:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\SiteRanker
[2012/05/18 08:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\24x7 Help
[2012/05/18 08:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\24x7Help
[2012/05/18 08:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\Inbox Toolbar
[2012/05/18 08:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
[2012/05/18 08:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\Inbox Toolbar
[2012/05/18 04:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Local Settings\Application Data\Apple Computer
[2012/05/18 04:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\Apple Computer
[2012/05/18 04:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/05/18 04:04:35 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2012/05/18 04:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/18 04:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/18 04:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/18 04:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/05/18 04:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Local Settings\Application Data\Apple
[2012/05/18 03:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/05/18 03:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012/05/18 03:58:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/05/18 03:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/05/18 03:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/05/18 03:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2012/05/01 11:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/30 20:46:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/30 20:46:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/29 00:18:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/27 12:57:01 | 000,024,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/05/24 20:21:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/24 10:23:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/18 08:57:02 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Keith\Application Data\Microsoft\Internet Explorer\Quick Launch\Optimize Your PC.lnk
[2012/05/18 08:57:02 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Optimize Your PC.lnk
[2012/05/18 08:54:41 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\Keith\Application Data\Microsoft\Internet Explorer\Quick Launch\24x7 Help.lnk
[2012/05/18 08:54:41 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\24x7 Help.lnk
[2012/05/18 04:05:08 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/05/08 16:57:04 | 000,111,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/08 16:24:28 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/28 23:52:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/28 23:52:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/28 23:52:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/28 23:52:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/28 23:52:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/18 08:57:02 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Keith\Application Data\Microsoft\Internet Explorer\Quick Launch\Optimize Your PC.lnk
[2012/05/18 08:57:02 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Optimize Your PC.lnk
[2012/05/18 08:54:41 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\Keith\Application Data\Microsoft\Internet Explorer\Quick Launch\24x7 Help.lnk
[2012/05/18 08:54:41 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\24x7 Help.lnk
[2012/05/18 04:05:08 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/05/18 04:00:13 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/18 03:59:45 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/03/03 12:41:03 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/02/15 00:58:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/17 20:12:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/14 11:42:38 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6h.DLL
[2011/08/14 11:37:39 | 000,000,398 | ---- | C] () -- C:\WINDOWS\System32\CNCMP60.INI
[2010/12/26 21:19:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/12/26 20:44:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/12/26 20:38:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/26 12:29:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/26 12:28:21 | 000,111,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 PM

Posted 31 May 2012 - 01:10 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    SRV - (24x7HelpSvc) -- C:\Program Files\24x7Help\App24x7Svc.exe (PCRx.com, LLC)
    IE - HKU\S-1-5-21-1214440339-117609710-725345543-1003\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    IE - HKU\S-1-5-21-1214440339-117609710-725345543-1003\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = <http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80114&lng=en>
    O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O3 - HKU\S-1-5-21-1214440339-117609710-725345543-1003\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O4 - HKLM..\Run: [24x7HELP] C:\Program Files\24x7Help\App24x7Help.exe (PCRx.com, LLC)
    O4 - HKLM..\Run: [PCPowerSpeed] C:\Program Files\PCPowerSpeed\PCPowerTray.exe (Crawler.com)
    O4 - HKLM..\Run: [SiteRanker] C:\Program Files\SiteRanker\SiteRankTray.exe (Crawler, LLC)
    [2012/05/18 08:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\PCPowerSpeed
    [2012/05/18 08:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPowerSpeed
    [2012/05/18 08:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Power Speed
    [2012/05/18 08:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\PCPowerSpeed
    [2012/05/18 08:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\SiteRanker
    [2012/05/18 08:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SiteRanker
    [2012/05/18 08:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\SiteRanker
    [2012/05/18 08:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\24x7 Help
    [2012/05/18 08:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\24x7Help
    [2012/05/18 08:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\Inbox Toolbar
    [2012/05/18 08:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
    [2012/05/18 08:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\Inbox Toolbar
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 lynh

lynh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 31 May 2012 - 02:10 AM

Hi Gringo,

I think you've made progress. After the requested reboot, the PC Speed blah blah pop up appears to be gone and so does the graphic of the lady with the headset that was on all the windows. There are still shortcuts on the desktop for PC Speed and 24X7Help, but they are not the normal program icons -- they just look like a generic DOS window shortcut. I didn't check to see if the target of the shortcut was there or not, but I'm guessing not since the programs don't appear to be running.
There is another pop up that has been there all along that gives some generic message about a free update period that has expired. That one is still there. I don't know what that goes with as it doesn't show any signs of any program name on it, just a red X/cross and the message and a link "to renew". The Inbox toolbar is still there in IE.

The bad news is that Notepad is still acting weird. When I went to click in the window so I could save the OTL fix log, the Notepad buffer was wiped slick and the contents of the log are gone. There is a small chance that dragged the mouse a tiny bit just before I clicked that maybe would have resulted in deleting a couple of words or something in a normal situation, but I can't imagine how it would cause the entire buffer to be deleted... Do you want me to do another scan with OTL? Or?

THanks so much for your time...

--lyn

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 PM

Posted 31 May 2012 - 02:18 AM

yes lets do another scan with otl and lets see what I can find


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 lynh

lynh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 31 May 2012 - 04:04 AM

Hi Gringo,

Here's the log:

OTL logfile created on: 5/31/2012 1:26:03 AM - Run 3
OTL by OldTimer - Version 3.2.44.0 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 258.38 Mb Available Physical Memory | 51.46% Memory free
1.21 Gb Paging File | 0.98 Gb Available in Paging File | 81.06% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 27.31 Gb Free Space | 73.32% Space Free | Partition Type: NTFS
Drive F: | 1.89 Gb Total Space | 1.85 Gb Free Space | 98.04% Space Free | Partition Type: FAT

Computer Name: WKHENDER | User Name: Keith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12053100\algo.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (gupdatem) Google Update Service (gupdatem) -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc File not found
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc File not found
SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (acssrv) -- C:\Program Files\Agnitum\Outpost Security Suite Free\acs.exe (Agnitum Ltd.)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)
SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (TermService) -- C:\WINDOWS\system32\termsrv.dll (Microsoft Corporation)
SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\WINDOWS\system32\mprdim.dll (Microsoft Corporation)
SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WN111v2) -- system32\DRIVERS\WN111v2.sys File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Keith\LOCALS~1\Temp\catchme.sys File not found
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys ()
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (SandBox) -- C:\WINDOWS\system32\drivers\SandBox.sys (Agnitum Ltd.)
DRV - (VBFilt) -- C:\WINDOWS\system32\Filt\VBFilt.dll (Agnitum Ltd.)
DRV - (ASWFilt) -- C:\WINDOWS\system32\Filt\ASWFilt.dll (Agnitum Ltd.)
DRV - (afwcore) -- C:\WINDOWS\system32\drivers\afwcore.sys (Agnitum Ltd.)
DRV - (VBEngNT) -- C:\WINDOWS\system32\drivers\VBEngNT.sys (VirusBuster Kft.)
DRV - (afw) -- C:\WINDOWS\system32\drivers\afw.sys (Agnitum Ltd.)
DRV - (JSWSCIMD) -- C:\WINDOWS\system32\drivers\jswscimd.sys (Atheros Communications, Inc.)
DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
DRV - (Pcmcia) -- C:\WINDOWS\System32\drivers\pcmcia.sys (Microsoft Corporation)
DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys (Microsoft Corporation)
DRV - (ACPIEC) -- C:\WINDOWS\System32\drivers\acpiec.sys (Microsoft Corporation)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys (Logitech, Inc.)
DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {DF93E4C5-754E-4DC3-AA29-873C4E4BED30}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{DF93E4C5-754E-4DC3-AA29-873C4E4BED30}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1214440339-117609710-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80114&lng=en
IE - HKU\S-1-5-21-1214440339-117609710-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1214440339-117609710-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1214440339-117609710-725345543-1003\..\SearchScopes\{DF93E4C5-754E-4DC3-AA29-873C4E4BED30}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-1214440339-117609710-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214440339-117609710-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012/02/17 09:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Keith\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2012/05/29 00:18:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1214440339-117609710-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Security Suite Free\op_mon.exe (Agnitum Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-117609710-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1214440339-117609710-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1214440339-117609710-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1214440339-117609710-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Keith\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Keith\Desktop\PartyPoker.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296451797743 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1314306493359 (MUWebControl Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{002FE72C-D299-43B1-BAA1-2BE751D795F9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3997565B-E7ED-4EDD-A913-7EB2468DE58F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Keith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Keith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/26 20:42:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/29 22:40:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/05/28 23:52:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/28 23:52:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/28 23:52:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/28 23:52:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/28 23:52:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/28 23:52:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/27 18:33:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Keith\My Documents\My Videos
[2012/05/27 18:33:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Keith\Start Menu\Programs\Administrative Tools
[2012/05/24 20:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2012/05/18 04:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Local Settings\Application Data\Apple Computer
[2012/05/18 04:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Application Data\Apple Computer
[2012/05/18 04:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/05/18 04:04:35 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2012/05/18 04:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/18 04:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/18 04:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/18 04:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/05/18 04:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith\Local Settings\Application Data\Apple
[2012/05/18 03:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/05/18 03:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012/05/18 03:58:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/05/18 03:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/05/18 03:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/05/18 03:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2012/05/01 11:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/30 23:42:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/30 23:42:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/29 00:18:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/27 12:57:01 | 000,024,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/05/24 20:21:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/24 10:23:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/18 08:57:02 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Keith\Application Data\Microsoft\Internet Explorer\Quick Launch\Optimize Your PC.lnk
[2012/05/18 08:57:02 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Optimize Your PC.lnk
[2012/05/18 08:54:41 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\Keith\Application Data\Microsoft\Internet Explorer\Quick Launch\24x7 Help.lnk
[2012/05/18 08:54:41 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\24x7 Help.lnk
[2012/05/18 04:05:08 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/05/08 16:57:04 | 000,111,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/08 16:24:28 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/28 23:52:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/28 23:52:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/28 23:52:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/28 23:52:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/28 23:52:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/18 08:57:02 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Keith\Application Data\Microsoft\Internet Explorer\Quick Launch\Optimize Your PC.lnk
[2012/05/18 08:57:02 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Optimize Your PC.lnk
[2012/05/18 08:54:41 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\Keith\Application Data\Microsoft\Internet Explorer\Quick Launch\24x7 Help.lnk
[2012/05/18 08:54:41 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\24x7 Help.lnk
[2012/05/18 04:05:08 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/05/18 04:00:13 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/18 03:59:45 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/03/03 12:41:03 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/02/15 00:58:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/17 20:12:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/14 11:42:38 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6h.DLL
[2011/08/14 11:37:39 | 000,000,398 | ---- | C] () -- C:\WINDOWS\System32\CNCMP60.INI
[2010/12/26 21:19:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/12/26 20:44:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/12/26 20:38:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/26 12:29:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/26 12:28:21 | 000,111,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 PM

Posted 31 May 2012 - 07:23 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    F - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll File not found
    O3 - HKU\S-1-5-21-1214440339-117609710-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll File not found
    [2012/05/18 08:57:02 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Keith\Application Data\Microsoft\Internet Explorer\Quick Launch\Optimize Your PC.lnk
    [2012/05/18 08:57:02 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Optimize Your PC.lnk
    [2012/05/18 08:54:41 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\Keith\Application Data\Microsoft\Internet Explorer\Quick Launch\24x7 Help.lnk
    [2012/05/18 08:54:41 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\24x7 Help.lnk
     
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 lynh

lynh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 31 May 2012 - 11:03 PM

Hi Gringo,

When running the custom fix in OTL, I was not prompted to reboot. I did however reboot after it was finished and I had captured the log. No signs of the PC Speed thing or 24X7 that I can see anymore. The red "your protection has expired" popup is still there and the Inbox toolbar/homepage is still there in IE. THere was also a popup that appeared to be from AVAST tonight when I went to run the fix in OTL. I'm feel rather sure that it wasn't authentic though -- not the same colors as their stuff and the graphics weren't very good. It did not reappear after the reboot -- at least not in the few minutes I waited.

One other thing I think I never mentioned because I hadn't really known if there was a connection -- Everytime the machine boots, there are 2 or 3 New Hardware found dialogs that come up. One is for the video controller and I forget what the others want to install. THat all seems pretty weird, but still not sure if it's related to the bad stuff or not...

Oh, and one more thing -- OTL wrote some stuff to my thumb drive -- looks like some shortcuts it removed the hard drive on the computer you're working on. Amongst those files seem to be the "fix" logs, including the one I thought I had lost last night. Please let me know if you want to see it.

The log that resulted from the latest custom fix in OTL (tonight) is below.

Thanks!

--lyn

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1214440339-117609710-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\inbox\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}\ deleted successfully.
File {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll File not found not found.
C:\Documents and Settings\Keith\Application Data\Microsoft\Internet Explorer\Quick Launch\Optimize Your PC.lnk moved successfully.
C:\Documents and Settings\All Users\Desktop\Optimize Your PC.lnk moved successfully.
C:\Documents and Settings\Keith\Application Data\Microsoft\Internet Explorer\Quick Launch\24x7 Help.lnk moved successfully.
C:\Documents and Settings\All Users\Desktop\24x7 Help.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
F:\cmd.bat deleted successfully.
F:\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Keith

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Keith
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.44.0 log created on 05312012_203617




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users