Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects, Blue Screen of Death and general weirdness


  • This topic is locked This topic is locked
28 replies to this topic

#1 NeedaNewComputer

NeedaNewComputer

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 05 October 2012 - 06:36 PM

I am running windows XP. I was having problems with Blue screen of death which I attributed to the age of my computer but then started having google redirects which I know from previous experience means I am infected. I ran Malewarebytes and got one hit - Happili trojan and my Nod32 has since found two BHO.OEI and Kryptik.AMNF. Both are coming up clean now but I was still having google redirects.

I attempted to run dds.com and it just hangs in the DOS window. I have attached by GMER log and last malewarebytes log.

Attached File  mbam-log-2012-10-02 (16-15-03).txt   1.84KB   3 downloads
Attached File  ark.txt   153.93KB   2 downloads

Any help in cleaning up this mess and protecting it better in the future would be appreciated!!

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:34 PM

Posted 06 October 2012 - 03:20 PM

Greetings NeedaNewComputer and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. If you would allow me to call you by your first name I would prefer to do so. :thumbup2:


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps are a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================


Helping me Help You

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.


===================================================


Additional Information

  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and I will guide you.
    • Explain as best you can what happens with your computer, i.e. it beeps three times, the the black screen starts then goes blank, etc
  • Please tell me if you have your original Windows CD/DVD available.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.

===================================================


OTL

--------------------

Please download OTL here.

  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Copy and paste the two reports in your next reply.

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • OTL.txt
  • Extra.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 NeedaNewComputer

NeedaNewComputer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 07 October 2012 - 11:26 AM

Hi Gary,

Thanks for the quick response. My first name is Cindy. Here are the results of the OTL.txt:

OTL logfile created on: 10/7/2012 10:59:53 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Cindy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 538.03 Mb Available Physical Memory | 52.64% Memory free
2.40 Gb Paging File | 1.89 Gb Available in Paging File | 78.80% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.13 Gb Total Space | 53.14 Gb Free Space | 36.61% Space Free | Partition Type: NTFS
Drive E: | 589.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KAPSTUDY | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/07 10:59:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cindy\Desktop\OTL.exe
PRC - [2012/07/12 17:50:08 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/07/12 17:49:11 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/09/22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011/03/18 09:55:00 | 000,404,664 | ---- | M] () -- C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe
PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/05 11:19:18 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/03 15:09:34 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/08 00:30:06 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2005/05/28 14:41:37 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/12/17 09:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2004/09/09 17:35:38 | 001,597,440 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2004/03/23 13:16:16 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/03/23 13:15:40 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2003/07/30 03:52:00 | 000,217,195 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2003/06/17 14:43:42 | 000,208,896 | ---- | M] (ACD Systems, Ltd.) -- C:\Program Files\ACD Systems\DevDetect\DevDetect.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/18 09:55:00 | 000,404,664 | ---- | M] () -- C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/03/02 19:49:14 | 000,051,716 | ---- | M] () -- C:\WINDOWS\SYSTEM32\pdf995mon.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Cindy\LOCALS~1\Temp\DX9\SessionLauncher.exe -- (SessionLauncher)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/01 17:07:49 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/12 17:50:08 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/07/12 17:49:11 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011/06/26 02:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2004/03/23 13:15:40 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\zumbus.sys -- (zumbus)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ntcdrdrv.sys -- (ntcdrdrv)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5FE47512-9B3E-4C40-B1A2-2D90DB69FEEF}\MpKslfea6b2b0.sys -- (MpKslfea6b2b0)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{35F46DC2-AFA1-452E-911A-0D0A12C93F0F}\MpKslfe8c27e8.sys -- (MpKslfe8c27e8)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4C172E96-EC3C-4F7E-ADC6-4BA48E1AC7C5}\MpKslfc743d01.sys -- (MpKslfc743d01)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6E6B3A8-7C06-4327-A14E-C35035725D52}\MpKslf948119f.sys -- (MpKslf948119f)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A51ED8C3-4252-4DBB-B422-61C39A192646}\MpKslee6a3a5f.sys -- (MpKslee6a3a5f)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FD3D59D7-A002-4BF5-B750-4F3961DACDFD}\MpKsle3c7431e.sys -- (MpKsle3c7431e)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40E8D30F-B4DB-40C2-9FA6-81F10B828F49}\MpKsldff60cff.sys -- (MpKsldff60cff)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C1C83A08-FA18-482B-A254-9E52E3B76722}\MpKsldd4f9e7b.sys -- (MpKsldd4f9e7b)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ADFACF4B-4DC1-497C-B82E-CCD10F251AEE}\MpKsld6423f7b.sys -- (MpKsld6423f7b)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F1FF5B2-FFD6-4C84-8C7A-AA0D84C43CCB}\MpKsld0fb898d.sys -- (MpKsld0fb898d)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62445928-C11F-4787-9B82-B235C6A5B5C5}\MpKslcf2bebd0.sys -- (MpKslcf2bebd0)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E586F525-EF59-4DED-A447-37A32EF67E1F}\MpKslcef587c9.sys -- (MpKslcef587c9)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{865AD9B7-ACA5-4CAA-96EB-A6B0CE500D75}\MpKslbdb1807d.sys -- (MpKslbdb1807d)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F85B5CC-94F5-4A12-A99C-33B0C793270A}\MpKsl9a742427.sys -- (MpKsl9a742427)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A76184ED-8B90-454E-9AD0-A499D77FB518}\MpKsl90c331c3.sys -- (MpKsl90c331c3)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13871755-34A6-4CFE-BD21-82C9D9D5E872}\MpKsl8f5f21de.sys -- (MpKsl8f5f21de)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{39E2B735-0BA9-48FF-A78F-56D6582074FC}\MpKsl8e00a2ed.sys -- (MpKsl8e00a2ed)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7319499-EE4B-47A0-B2A1-F88D8DC59B13}\MpKsl7e65034a.sys -- (MpKsl7e65034a)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28E28A2E-45E8-433C-B798-D98FF0E5C3F5}\MpKsl6dfaef63.sys -- (MpKsl6dfaef63)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E4CB09E2-280C-439D-B0E3-ED490960CA46}\MpKsl6cddef3e.sys -- (MpKsl6cddef3e)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F545262-E45A-4A25-8DC8-A06D06828A0C}\MpKsl6bfe06f3.sys -- (MpKsl6bfe06f3)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2BDB9806-8813-4B9B-A470-2BB1A79FD43E}\MpKsl65626b21.sys -- (MpKsl65626b21)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC514316-C60A-4B3B-95FB-5528C5FA32F0}\MpKsl6365886d.sys -- (MpKsl6365886d)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20AC0C3F-6A98-4A56-8634-EE5198A47825}\MpKsl5ce42412.sys -- (MpKsl5ce42412)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E3F3BADC-4C45-446C-89DF-F5AF33ADE4BC}\MpKsl53cbc0b2.sys -- (MpKsl53cbc0b2)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4C172E96-EC3C-4F7E-ADC6-4BA48E1AC7C5}\MpKsl45ac8cbb.sys -- (MpKsl45ac8cbb)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{865AD9B7-ACA5-4CAA-96EB-A6B0CE500D75}\MpKsl451ee1ad.sys -- (MpKsl451ee1ad)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{412FFCF3-7908-464F-AECB-FE07732EB8BA}\MpKsl42346339.sys -- (MpKsl42346339)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EE8653E-B91B-492A-B6FE-4191AFEC8F0C}\MpKsl364806d3.sys -- (MpKsl364806d3)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{412FFCF3-7908-464F-AECB-FE07732EB8BA}\MpKsl33789bd8.sys -- (MpKsl33789bd8)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D32CBA4-B1F3-4FB1-8AF2-0EE5C182626C}\MpKsl26df50c5.sys -- (MpKsl26df50c5)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC32958A-58AF-49DE-9F3C-D39EFF8E084B}\MpKsl2330ab70.sys -- (MpKsl2330ab70)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FF78E95-EF66-476F-824E-2CCB68635FDA}\MpKsl1e056dee.sys -- (MpKsl1e056dee)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{84776499-9BE1-48D6-8877-5D41C3D019D2}\MpKsl189ffec3.sys -- (MpKsl189ffec3)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC1F862F-42A9-44BE-889A-07AFD99C3ADA}\MpKsl17587f54.sys -- (MpKsl17587f54)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FEF5C37D-331B-49BF-A752-420336BADA1E}\MpKsl08dc9839.sys -- (MpKsl08dc9839)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\ifp800.sys -- (IFP800)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- -- (Cdralw2k)
DRV - File not found [Kernel | System | Stopped] -- -- (Cdr4_xp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Cindy\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2012/07/12 17:49:14 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/08/09 14:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\eamon.sys -- (eamon)
DRV - [2011/08/04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\epfwtdir.sys -- (epfwtdir)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ehdrv.sys -- (ehdrv)
DRV - [2010/06/06 23:12:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/10/17 15:18:21 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/02/28 15:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/04/16 13:28:02 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\windrvr6.sys -- (WinDriver6)
DRV - [2007/02/25 12:10:48 | 000,005,376 | ---- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\winusb.sys -- (WinUSB)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/25 14:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/06/15 23:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/06/09 09:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DDMI2.sys -- (SDDMI2)
DRV - [2004/05/29 18:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PfModNT.sys -- (PfModNT)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-36742239-1323464194-415680248-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-36742239-1323464194-415680248-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
IE - HKU\S-1-5-21-36742239-1323464194-415680248-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.net/
IE - HKU\S-1-5-21-36742239-1323464194-415680248-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-36742239-1323464194-415680248-1006\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKU\S-1-5-21-36742239-1323464194-415680248-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-36742239-1323464194-415680248-1006\..\SearchScopes\{B9401427-DB36-465F-AE92-B02D4BA50BC9}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-36742239-1323464194-415680248-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-36742239-1323464194-415680248-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Cindy\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1069: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Cindy\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/11/03 19:18:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Cindy\Application Data\Move Networks [2009/09/29 19:41:14 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/07/22 19:47:42 | 000,000,797 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {5CA3D70E-1895-11CF-8E15-001234567890} - Reg Error: Value error. File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AIM Search) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-36742239-1323464194-415680248-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-36742239-1323464194-415680248-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-36742239-1323464194-415680248-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-36742239-1323464194-415680248-1006\..\Toolbar\WebBrowser: (no name) - {2D51D869-C36B-42BD-AE68-0A81BC771FA5} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Camera Detector] C:\Program Files\ACD Systems\DevDetect\DevDetect.exe (ACD Systems, Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [Adobe] rundll32.exe "C:\Documents and Settings\Aubrey\Local Settings\Application Data\Apple\Adobe\ijarbb.dll",CompressFramesInfoW File not found
O4 - HKU\S-1-5-18..\Run: [Adobe] rundll32.exe "C:\Documents and Settings\Aubrey\Local Settings\Application Data\Apple\Adobe\ijarbb.dll",CompressFramesInfoW File not found
O4 - HKU\S-1-5-21-36742239-1323464194-415680248-1006..\Run: [Device Detection] C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe ()
O4 - HKU\S-1-5-21-36742239-1323464194-415680248-1006..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\Cindy\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-36742239-1323464194-415680248-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-36742239-1323464194-415680248-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Search - ?p=ZUxdm080YYUS File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-36742239-1323464194-415680248-1006\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB (SFImageUpload1_10.ImageUpload)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116958592765 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261448354875 (MUWebControl Class)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB (Wizard101GameLauncher)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab (CPlayFirstDinerDashControl Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A83E11D-919D-44FA-9233-6A56A867E9FB}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Cindy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cindy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/06/17 22:30:06 | 000,000,137 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{d42963be-9446-11e0-9206-00132018ac5d}\Shell - "" = AutoRun
O33 - MountPoints2\{d42963be-9446-11e0-9206-00132018ac5d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d42963be-9446-11e0-9206-00132018ac5d}\Shell\AutoRun\command - "" = F:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\{e4903c9d-0a1e-11dd-80b0-00132018ac5d}\Shell - "" = AutoRun
O33 - MountPoints2\{e4903c9d-0a1e-11dd-80b0-00132018ac5d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e4903c9d-0a1e-11dd-80b0-00132018ac5d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/07 10:58:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cindy\Desktop\OTL.exe
[2012/10/01 17:33:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Cindy\Desktop\dds.com
[2012/10/01 17:07:45 | 000,696,240 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/09/26 20:14:23 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/09/26 16:22:22 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/09/26 16:22:22 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/09/26 16:22:22 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/09/26 16:22:22 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/09/26 16:22:22 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/09/26 16:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/09/26 16:13:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cindy\Recent
[2012/09/26 12:39:52 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cindy\Desktop\tdsskiller.exe
[2012/09/26 10:13:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/09/26 10:09:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/09/26 10:09:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/09/26 10:09:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/09/26 10:09:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/09/26 10:09:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/26 10:09:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/09/26 10:08:12 | 004,756,346 | R--- | C] (Swearware) -- C:\Documents and Settings\Cindy\Desktop\ComboFix.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Cindy\My Documents\*.tmp files -> C:\Documents and Settings\Cindy\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/07 11:00:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CC0EF3FD-6E30-4BB0-8E8B-C37ED16B046A}.job
[2012/10/07 10:59:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cindy\Desktop\OTL.exe
[2012/10/07 10:32:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/07 10:10:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/10/07 00:05:01 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Cindy.job
[2012/10/06 23:52:01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/06 20:40:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/10/06 19:17:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/10/06 17:28:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/10/06 14:00:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/10/05 20:02:04 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Cindy.job
[2012/10/03 22:13:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/10/03 22:13:27 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Cindy.job
[2012/10/03 21:16:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/10/03 21:16:49 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/01 21:18:04 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Cindy\Desktop\gmer.zip
[2012/10/01 17:33:13 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Cindy\Desktop\dds.com
[2012/10/01 17:31:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cindy\defogger_reenable
[2012/10/01 17:31:30 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Cindy\Desktop\Defogger.exe
[2012/10/01 17:07:46 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/01 17:07:45 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/09/26 16:22:06 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/09/26 16:22:06 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/09/26 16:22:06 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/09/26 16:22:06 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/09/26 16:22:05 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/09/26 16:22:05 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/09/26 16:06:06 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Cindy\Desktop\HiJackThis.lnk
[2012/09/26 12:39:52 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cindy\Desktop\tdsskiller.exe
[2012/09/26 10:13:51 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2012/09/26 10:08:27 | 004,756,346 | R--- | M] (Swearware) -- C:\Documents and Settings\Cindy\Desktop\ComboFix.exe
[2012/09/24 08:11:29 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Cindy\Desktop\Microsoft Word.lnk
[2012/09/21 11:23:30 | 000,148,166 | ---- | M] () -- C:\Documents and Settings\Cindy\Desktop\cc_20120921_112309.reg
[2012/09/20 21:00:27 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/18 16:13:37 | 000,726,435 | ---- | M] () -- C:\Documents and Settings\Cindy\My Documents\SkyZoneWaiverFormAK.pdf
[2012/09/15 01:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Cindy\My Documents\*.tmp files -> C:\Documents and Settings\Cindy\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/01 21:18:02 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Cindy\Desktop\gmer.zip
[2012/10/01 17:31:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cindy\defogger_reenable
[2012/10/01 17:31:30 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Cindy\Desktop\Defogger.exe
[2012/10/01 17:07:50 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/01 17:00:48 | 1071,812,608 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/26 10:13:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/09/26 10:13:48 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/09/26 10:09:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/09/26 10:09:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/09/26 10:09:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/09/26 10:09:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/09/26 10:09:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/21 11:23:15 | 000,148,166 | ---- | C] () -- C:\Documents and Settings\Cindy\Desktop\cc_20120921_112309.reg
[2012/09/20 23:57:01 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Cindy.job
[2012/09/20 23:57:01 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Cindy.job
[2012/09/20 23:57:01 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Cindy.job
[2012/09/18 16:13:36 | 000,726,435 | ---- | C] () -- C:\Documents and Settings\Cindy\My Documents\SkyZoneWaiverFormAK.pdf
[2012/02/15 18:55:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/26 21:28:30 | 000,296,636 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2011/09/15 21:12:30 | 000,000,860 | -HS- | C] () -- C:\Documents and Settings\Cindy\Local Settings\Application Data\5b5s8f0nhi1
[2011/09/15 21:12:30 | 000,000,860 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5b5s8f0nhi1
[2011/04/18 21:10:05 | 000,090,736 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/01/27 00:27:25 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Cindy\Application Data\DMX.bmk
[2009/01/26 22:33:04 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Cindy\Local Settings\Application Data\fusioncache.dat
[2009/01/12 18:53:04 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Cindy\Application Data\deskjet
[2009/01/12 18:53:04 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\howto
[2009/01/12 18:53:04 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\vhosts
[2009/01/12 18:53:03 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2006/04/26 19:52:01 | 000,775,906 | ---- | C] () -- C:\Documents and Settings\Cindy\chap1.rtf
[2006/04/03 20:09:04 | 000,002,974 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/05/31 23:21:01 | 000,129,024 | ---- | C] () -- C:\Documents and Settings\Cindy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2004/08/10 14:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\Zipper.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\ToothReport.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\toby2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\toby1sthc.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\toby1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\Sept. 07 AGENDA.dat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\Production 1.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\Production 1.dat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\Kirk Christmas 08.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\karen1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\kapxmas08.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\kapalakids.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\ifreddy.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\house1-2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\house1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\happybday.MP3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\girlsatschool2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\girlsatschool1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\FAYGODETROIT.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\detroit-lions-2.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\detroit_tigers.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\deanpic.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\campusmap.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\camille1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\baseball2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\baseball1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\bananabread.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\auntjofarm.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\aub&mrsaustin.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\Anthonypic1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\2737SantiaDeed.jpg:Roxio EMC Stream
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Here is the Extras.txt

OTL Extras logfile created on: 10/7/2012 10:59:53 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Cindy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 538.03 Mb Available Physical Memory | 52.64% Memory free
2.40 Gb Paging File | 1.89 Gb Available in Paging File | 78.80% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.13 Gb Total Space | 53.14 Gb Free Space | 36.61% Space Free | Partition Type: NTFS
Drive E: | 589.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KAPSTUDY | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-36742239-1323464194-415680248-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"56686:TCP" = 56686:TCP:*:Enabled:Pando Media Booster
"56686:UDP" = 56686:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\All Users\Application Data\0cdf333\MS0cdf.exe" = C:\Documents and Settings\All Users\Application Data\0cdf333\MS0cdf.exe:*:Enabled:My Security Engine
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Hp\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe" = C:\Program Files\Hp\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe" = C:\Program Files\Hp\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1B626AE0-EE88-4412-AAC0-FB21995A0C57}" = H&R Block Michigan 2009
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java™ 6 Update 35
"{2DFC6D71-EBEC-4236-A13C-2E62307F4C3A}" = H&R Block Michigan 2010
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3BCA7D1F-0349-4E7D-BD87-EFB539E95E6E}" = TaxCut Michigan 2008
"{3CFC16D1-C831-4CEB-B27D-342E7E2D5603}" = ESET NOD32 Antivirus
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}" = StuffIt Standard
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{600AB648-F79B-41EC-B426-A49A7DB121EA}" = HP Officejet 6500 E710n-z Basic Device Software
"{624D19C3-D55D-4368-BC10-9B53036D8358}" = HP Driver Diagnostics
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}" = LogMeIn
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80D8662E-1EAD-4036-844B-0374F39E4C81}" = TaxCut Michigan 2007
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{91190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F153AD3-3523-4542-818E-AE2F92249667}" = SAMSUNG USB Driver for Mobile Phones
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}" = H&R Block Deluxe + Efile + State 2011
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9A795B-2E4A-42D3-A4C4-333D5BF39350}" = TaxCut Premium + State + Efile 2007
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E5E6E687-1033-BA7E-6000-000000000001}" = Adobe Acrobat Elements 6.0
"{E6B43401-E818-4961-AFED-118DD8E87642}" = RAF
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{EED5156C-4BA8-4105-A506-DB9D00F8B68D}" = ACDSee for PENTAX
"{FAABDC10-41B3-4A4C-A76E-C02CB9BE2A5E}" = HP Officejet 6500 E710n-z Product Improvement Study
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FEF7DCAB-7F2C-4EB1-93B8-96BDC4B5C8DD}" = H&R Block Michigan 2011
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3DGroove" = 3D Groove Playback Engine
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AIMToolbar" = AIM Toolbar
"Apollo iPod Video Converter_is1" = Apollo iPod Video Converter 3.1.8
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative MuVo N200 Media Explorer" = Creative MuVo N200 Media Explorer
"DeductionPro 2006" = DeductionPro 2006
"Defraggler" = Defraggler
"Easy Video to iPod/MP4/PSP/3GP Converter_is1" = Easy Video to iPod/MP4/PSP/3GP Converter 1.3.6
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FinePix Genie_is1" = FUJIFILM MyFinePix Studio 1.1
"Free Realms Installer" = Free Realms Installer
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}" = StuffIt Standard
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.70 Full
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSNINST" = MSN
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MuVo Driver" = MuVo Driver
"MyPublisher BookMaker" = MyPublisher BookMaker
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"Pet Vet" = Pet Vet (remove only)
"PST Walker_is1" = PST Walker Evaluation 4.07
"Reader Rabbit 1st Grade" = Reader Rabbit 1st Grade
"RealPlayer 6.0" = RealPlayer
"Recovery Toolbox for Outlook_is1" = Recovery Toolbox for Outlook 1.0
"RiddleMe" = Riddle Me
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TaxCut Deluxe 2005" = TaxCut Deluxe 2005
"TaxCut Premium 2006" = TaxCut Premium 2006
"TradeDominator_is1" = TradeDominator version 3.0b
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"U.B. Funkeys" = U.B. Funkeys
"UnityWebPlayer" = Unity Web Player
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WeatherBug" = WeatherBug
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Photos Drag-Drop Uploader 1v6" = Yahoo! Photos Easy Upload Tool 1v6
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-36742239-1323464194-415680248-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Move Media Player" = Move Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/17/2012 7:47:26 PM | Computer Name = KAPSTUDY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17112, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/21/2012 4:26:20 PM | Computer Name = KAPSTUDY | Source = Application Hang | ID = 1002
Description = Hanging application Weather.exe, version 6.4.0.9, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/28/2012 5:36:45 PM | Computer Name = KAPSTUDY | Source = Application Hang | ID = 1002
Description = Hanging application MyFinePixStudio.exe, version 4.3.1.11, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2012 1:31:37 PM | Computer Name = KAPSTUDY | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/17/2012 8:37:20 PM | Computer Name = KAPSTUDY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17112, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/17/2012 8:37:20 PM | Computer Name = KAPSTUDY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17112, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/18/2012 5:33:13 PM | Computer Name = KAPSTUDY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17112, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/18/2012 5:33:13 PM | Computer Name = KAPSTUDY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17112, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/18/2012 5:33:13 PM | Computer Name = KAPSTUDY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17112, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/1/2012 5:16:30 PM | Computer Name = KAPSTUDY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17114, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/3/2012 3:51:15 PM | Computer Name = KAPSTUDY | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 10/3/2012 3:52:30 PM | Computer Name = KAPSTUDY | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 10/3/2012 3:52:30 PM | Computer Name = KAPSTUDY | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 10/3/2012 3:52:30 PM | Computer Name = KAPSTUDY | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 10/3/2012 3:52:31 PM | Computer Name = KAPSTUDY | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 10/3/2012 4:12:42 PM | Computer Name = KAPSTUDY | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%2

Error - 10/3/2012 4:12:42 PM | Computer Name = KAPSTUDY | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 10/3/2012 4:38:25 PM | Computer Name = KAPSTUDY | Source = System Error | ID = 1003
Description = Error code 100000d4, parameter1 b767a038, parameter2 0000001c, parameter3
00000001, parameter4 80502cf2.

Error - 10/3/2012 9:17:12 PM | Computer Name = KAPSTUDY | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%2

Error - 10/3/2012 9:17:12 PM | Computer Name = KAPSTUDY | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3


< End of report >

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:34 PM

Posted 07 October 2012 - 04:20 PM

Hi Cindy,

Thank you for your quick reply as well. Lots to do this first post so let's jump right on in.


===================================================


Obtaining Current ComboFix.txt

--------------------

Please copy and paste the contents of the following file in your reply.

C:\ComboFix.txt


===================================================


Posting Previous TDSSKiller log

--------------------

  • Using Windows Explorer navigate to the root directory (normally c:\)
  • Locate the TDSSKiller log which will be named similar to:

    TDSSKiller_version_date_time_log.txt
  • Copy and paste the contents of that document in your reply

===================================================


BlueScreenView

----------

  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
More information about the program can be found here


===================================================


Run OTL Fix

--------------------

  • Double click on the Posted Image icon on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Cindy\LOCALS~1\Temp\DX9\SessionLauncher.exe -- (SessionLauncher)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\zumbus.sys -- (zumbus)
    DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
    DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ntcdrdrv.sys -- (ntcdrdrv)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5FE47512-9B3E-4C40-B1A2-2D90DB69FEEF}\MpKslfea6b2b0.sys -- (MpKslfea6b2b0)
    DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{35F46DC2-AFA1-452E-911A-0D0A12C93F0F}\MpKslfe8c27e8.sys -- (MpKslfe8c27e8)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4C172E96-EC3C-4F7E-ADC6-4BA48E1AC7C5}\MpKslfc743d01.sys -- (MpKslfc743d01)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6E6B3A8-7C06-4327-A14E-C35035725D52}\MpKslf948119f.sys -- (MpKslf948119f)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A51ED8C3-4252-4DBB-B422-61C39A192646}\MpKslee6a3a5f.sys -- (MpKslee6a3a5f)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FD3D59D7-A002-4BF5-B750-4F3961DACDFD}\MpKsle3c7431e.sys -- (MpKsle3c7431e)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40E8D30F-B4DB-40C2-9FA6-81F10B828F49}\MpKsldff60cff.sys -- (MpKsldff60cff)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C1C83A08-FA18-482B-A254-9E52E3B76722}\MpKsldd4f9e7b.sys -- (MpKsldd4f9e7b)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ADFACF4B-4DC1-497C-B82E-CCD10F251AEE}\MpKsld6423f7b.sys -- (MpKsld6423f7b)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F1FF5B2-FFD6-4C84-8C7A-AA0D84C43CCB}\MpKsld0fb898d.sys -- (MpKsld0fb898d)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62445928-C11F-4787-9B82-B235C6A5B5C5}\MpKslcf2bebd0.sys -- (MpKslcf2bebd0)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E586F525-EF59-4DED-A447-37A32EF67E1F}\MpKslcef587c9.sys -- (MpKslcef587c9)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{865AD9B7-ACA5-4CAA-96EB-A6B0CE500D75}\MpKslbdb1807d.sys -- (MpKslbdb1807d)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F85B5CC-94F5-4A12-A99C-33B0C793270A}\MpKsl9a742427.sys -- (MpKsl9a742427)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A76184ED-8B90-454E-9AD0-A499D77FB518}\MpKsl90c331c3.sys -- (MpKsl90c331c3)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13871755-34A6-4CFE-BD21-82C9D9D5E872}\MpKsl8f5f21de.sys -- (MpKsl8f5f21de)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{39E2B735-0BA9-48FF-A78F-56D6582074FC}\MpKsl8e00a2ed.sys -- (MpKsl8e00a2ed)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7319499-EE4B-47A0-B2A1-F88D8DC59B13}\MpKsl7e65034a.sys -- (MpKsl7e65034a)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28E28A2E-45E8-433C-B798-D98FF0E5C3F5}\MpKsl6dfaef63.sys -- (MpKsl6dfaef63)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E4CB09E2-280C-439D-B0E3-ED490960CA46}\MpKsl6cddef3e.sys -- (MpKsl6cddef3e)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F545262-E45A-4A25-8DC8-A06D06828A0C}\MpKsl6bfe06f3.sys -- (MpKsl6bfe06f3)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2BDB9806-8813-4B9B-A470-2BB1A79FD43E}\MpKsl65626b21.sys -- (MpKsl65626b21)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC514316-C60A-4B3B-95FB-5528C5FA32F0}\MpKsl6365886d.sys -- (MpKsl6365886d)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20AC0C3F-6A98-4A56-8634-EE5198A47825}\MpKsl5ce42412.sys -- (MpKsl5ce42412)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E3F3BADC-4C45-446C-89DF-F5AF33ADE4BC}\MpKsl53cbc0b2.sys -- (MpKsl53cbc0b2)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4C172E96-EC3C-4F7E-ADC6-4BA48E1AC7C5}\MpKsl45ac8cbb.sys -- (MpKsl45ac8cbb)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{865AD9B7-ACA5-4CAA-96EB-A6B0CE500D75}\MpKsl451ee1ad.sys -- (MpKsl451ee1ad)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{412FFCF3-7908-464F-AECB-FE07732EB8BA}\MpKsl42346339.sys -- (MpKsl42346339)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EE8653E-B91B-492A-B6FE-4191AFEC8F0C}\MpKsl364806d3.sys -- (MpKsl364806d3)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{412FFCF3-7908-464F-AECB-FE07732EB8BA}\MpKsl33789bd8.sys -- (MpKsl33789bd8)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D32CBA4-B1F3-4FB1-8AF2-0EE5C182626C}\MpKsl26df50c5.sys -- (MpKsl26df50c5)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC32958A-58AF-49DE-9F3C-D39EFF8E084B}\MpKsl2330ab70.sys -- (MpKsl2330ab70)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FF78E95-EF66-476F-824E-2CCB68635FDA}\MpKsl1e056dee.sys -- (MpKsl1e056dee)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{84776499-9BE1-48D6-8877-5D41C3D019D2}\MpKsl189ffec3.sys -- (MpKsl189ffec3)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC1F862F-42A9-44BE-889A-07AFD99C3ADA}\MpKsl17587f54.sys -- (MpKsl17587f54)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FEF5C37D-331B-49BF-A752-420336BADA1E}\MpKsl08dc9839.sys -- (MpKsl08dc9839)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\ifp800.sys -- (IFP800)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | System | Stopped] -- -- (Cdralw2k)
    DRV - File not found [Kernel | System | Stopped] -- -- (Cdr4_xp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Cindy\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKU\S-1-5-21-36742239-1323464194-415680248-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.net/
    IE - HKU\S-1-5-21-36742239-1323464194-415680248-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Reg Error: Value error.) - {5CA3D70E-1895-11CF-8E15-001234567890} - Reg Error: Value error. File not found
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-36742239-1323464194-415680248-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-36742239-1323464194-415680248-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-21-36742239-1323464194-415680248-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-36742239-1323464194-415680248-1006\..\Toolbar\WebBrowser: (no name) - {2D51D869-C36B-42BD-AE68-0A81BC771FA5} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\.DEFAULT..\Run: [Adobe] rundll32.exe "C:\Documents and Settings\Aubrey\Local Settings\Application Data\Apple\Adobe\ijarbb.dll",CompressFramesInfoW File not found
    O4 - HKU\S-1-5-18..\Run: [Adobe] rundll32.exe "C:\Documents and Settings\Aubrey\Local Settings\Application Data\Apple\Adobe\ijarbb.dll",CompressFramesInfoW File not found
    O8 - Extra context menu item: &Search - ?p=ZUxdm080YYUS File not found
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
    [2012/10/07 10:10:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2012/10/06 20:40:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2012/10/06 17:28:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2012/10/06 14:00:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2011/09/15 21:12:30 | 000,000,860 | -HS- | C] () -- C:\Documents and Settings\Cindy\Local Settings\Application Data\5b5s8f0nhi1
    [2011/09/15 21:12:30 | 000,000,860 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5b5s8f0nhi1
    [2004/08/10 14:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\Zipper.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\ToothReport.dmsm:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\toby2.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\toby1sthc.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\toby1.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\Sept. 07 AGENDA.dat:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\Production 1.dmsm:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\Production 1.dat:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\Kirk Christmas 08.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\karen1.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\kapxmas08.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\kapalakids.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\ifreddy.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\house1-2.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\house1.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\happybday.MP3:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\girlsatschool2.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\girlsatschool1.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\FAYGODETROIT.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\detroit-lions-2.gif:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\detroit_tigers.gif:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\deanpic.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\campusmap.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\camille1.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\baseball2.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\baseball1.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\bananabread.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\auntjofarm.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\aub&mrsaustin.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\Anthonypic1.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Cindy\My Documents\2737SantiaDeed.jpg:Roxio EMC Stream
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix log
  • TDSSKiller log
  • BSOD.txt
  • OTL log
  • How is your computer running. Any difference?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 NeedaNewComputer

NeedaNewComputer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 07 October 2012 - 08:45 PM

Combofix.txt - I don't have one on my computer that I can find. I ran it about a week ago and it did run. I have a folder C:\combofix but when I double click it, it just takes me to a listing of Attached File  combofix.GIF   42.12KB   3 downloads


Here are the results of the latest TDSS log file.

20:10:58.0187 1028 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:10:58.0437 1028 ============================================================
20:10:58.0437 1028 Current date / time: 2012/09/26 20:10:58.0437
20:10:58.0437 1028 SystemInfo:
20:10:58.0437 1028
20:10:58.0437 1028 OS Version: 5.1.2600 ServicePack: 3.0
20:10:58.0437 1028 Product type: Workstation
20:10:58.0437 1028 ComputerName: KAPSTUDY
20:10:58.0437 1028 UserName: Cindy
20:10:58.0437 1028 Windows directory: C:\WINDOWS
20:10:58.0437 1028 System windows directory: C:\WINDOWS
20:10:58.0437 1028 Processor architecture: Intel x86
20:10:58.0437 1028 Number of processors: 2
20:10:58.0437 1028 Page size: 0x1000
20:10:58.0437 1028 Boot type: Safe boot
20:10:58.0437 1028 ============================================================
20:10:58.0953 1028 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:10:58.0953 1028 ============================================================
20:10:58.0953 1028 \Device\Harddisk0\DR0:
20:10:58.0953 1028 MBR partitions:
20:10:58.0953 1028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x12244782
20:10:58.0953 1028 ============================================================
20:10:58.0984 1028 C: <-> \Device\Harddisk0\DR0\Partition1
20:10:58.0984 1028 ============================================================
20:10:58.0984 1028 Initialize success
20:10:58.0984 1028 ============================================================
20:11:00.0750 0392 ============================================================
20:11:00.0750 0392 Scan started
20:11:00.0750 0392 Mode: Manual;
20:11:00.0750 0392 ============================================================
20:11:03.0562 0392 ================ Scan system memory ========================
20:11:03.0562 0392 System memory - ok
20:11:03.0562 0392 ================ Scan services =============================
20:11:03.0750 0392 [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883 C:\WINDOWS\system32\DRIVERS\61883.sys
20:11:03.0750 0392 61883 - ok
20:11:03.0765 0392 Abiosdsk - ok
20:11:04.0171 0392 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:11:04.0171 0392 abp480n5 - ok
20:11:04.0203 0392 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:11:04.0203 0392 ACPI - ok
20:11:04.0250 0392 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:11:04.0250 0392 ACPIEC - ok
20:11:04.0265 0392 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:11:04.0281 0392 adpu160m - ok
20:11:04.0343 0392 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:11:04.0343 0392 aec - ok
20:11:04.0421 0392 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:11:04.0421 0392 AFD - ok
20:11:04.0468 0392 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
20:11:04.0468 0392 agp440 - ok
20:11:04.0500 0392 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:11:04.0500 0392 agpCPQ - ok
20:11:04.0531 0392 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:11:04.0531 0392 Aha154x - ok
20:11:04.0546 0392 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:11:04.0546 0392 aic78u2 - ok
20:11:04.0593 0392 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:11:04.0593 0392 aic78xx - ok
20:11:04.0625 0392 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:11:04.0625 0392 Alerter - ok
20:11:04.0656 0392 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:11:04.0656 0392 ALG - ok
20:11:04.0671 0392 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
20:11:04.0671 0392 AliIde - ok
20:11:04.0703 0392 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:11:04.0703 0392 alim1541 - ok
20:11:04.0734 0392 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:11:04.0734 0392 amdagp - ok
20:11:04.0765 0392 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
20:11:04.0765 0392 amsint - ok
20:11:04.0906 0392 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:11:04.0906 0392 Apple Mobile Device - ok
20:11:04.0921 0392 AppMgmt - ok
20:11:04.0968 0392 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:11:04.0984 0392 Arp1394 - ok
20:11:05.0000 0392 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
20:11:05.0000 0392 asc - ok
20:11:05.0031 0392 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:11:05.0031 0392 asc3350p - ok
20:11:05.0062 0392 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:11:05.0062 0392 asc3550 - ok
20:11:05.0203 0392 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:11:05.0265 0392 aspnet_state - ok
20:11:05.0296 0392 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:11:05.0296 0392 AsyncMac - ok
20:11:05.0328 0392 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:11:05.0328 0392 atapi - ok
20:11:05.0343 0392 Atdisk - ok
20:11:05.0421 0392 [ 4DEAA162480367B232F3EE3A6D34084B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
20:11:05.0421 0392 Ati HotKey Poller - ok
20:11:05.0500 0392 [ F0D0B0CDEC0BE32D775F404CAC2604BF ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:11:05.0515 0392 ati2mtag - ok
20:11:05.0546 0392 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:11:05.0562 0392 Atmarpc - ok
20:11:05.0593 0392 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:11:05.0593 0392 AudioSrv - ok
20:11:05.0609 0392 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:11:05.0609 0392 audstub - ok
20:11:05.0656 0392 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys
20:11:05.0656 0392 Avc - ok
20:11:05.0687 0392 [ 4826FCF97C47B361A2E2F68CD487A19E ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:11:05.0687 0392 b57w2k - ok
20:11:05.0796 0392 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
20:11:05.0796 0392 BBSvc - ok
20:11:05.0843 0392 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
20:11:05.0843 0392 BBUpdate - ok
20:11:05.0906 0392 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:11:05.0906 0392 Beep - ok
20:11:05.0953 0392 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:11:05.0968 0392 BITS - ok
20:11:06.0046 0392 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:11:06.0046 0392 Bonjour Service - ok
20:11:06.0093 0392 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:11:06.0093 0392 Browser - ok
20:11:06.0125 0392 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
20:11:06.0125 0392 BVRPMPR5 - ok
20:11:06.0140 0392 bvrp_pci - ok
20:11:06.0281 0392 catchme - ok
20:11:06.0343 0392 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:11:06.0343 0392 cbidf - ok
20:11:06.0359 0392 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:11:06.0359 0392 cbidf2k - ok
20:11:06.0406 0392 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:11:06.0406 0392 CCDECODE - ok
20:11:06.0453 0392 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:11:06.0453 0392 cd20xrnt - ok
20:11:06.0484 0392 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:11:06.0484 0392 Cdaudio - ok
20:11:06.0500 0392 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:11:06.0500 0392 Cdfs - ok
20:11:06.0531 0392 Cdr4_xp - ok
20:11:06.0546 0392 Cdralw2k - ok
20:11:06.0609 0392 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:11:06.0625 0392 Cdrom - ok
20:11:06.0640 0392 Changer - ok
20:11:06.0718 0392 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:11:06.0718 0392 CiSvc - ok
20:11:06.0750 0392 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:11:06.0750 0392 ClipSrv - ok
20:11:06.0781 0392 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:11:06.0812 0392 clr_optimization_v2.0.50727_32 - ok
20:11:06.0875 0392 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:11:06.0875 0392 CmdIde - ok
20:11:06.0890 0392 COMSysApp - ok
20:11:06.0937 0392 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:11:06.0953 0392 Cpqarray - ok
20:11:06.0984 0392 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.EXE
20:11:07.0000 0392 Creative Service for CDROM Access - ok
20:11:07.0031 0392 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:11:07.0031 0392 CryptSvc - ok
20:11:07.0078 0392 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:11:07.0078 0392 dac2w2k - ok
20:11:07.0093 0392 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:11:07.0093 0392 dac960nt - ok
20:11:07.0156 0392 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:11:07.0156 0392 DcomLaunch - ok
20:11:07.0203 0392 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:11:07.0203 0392 Dhcp - ok
20:11:07.0234 0392 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:11:07.0234 0392 Disk - ok
20:11:07.0265 0392 dmadmin - ok
20:11:07.0328 0392 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:11:07.0328 0392 dmboot - ok
20:11:07.0359 0392 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:11:07.0359 0392 dmio - ok
20:11:07.0406 0392 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:11:07.0406 0392 dmload - ok
20:11:07.0453 0392 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:11:07.0453 0392 dmserver - ok
20:11:07.0468 0392 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:11:07.0468 0392 DMusic - ok
20:11:07.0515 0392 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:11:07.0515 0392 Dnscache - ok
20:11:07.0546 0392 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:11:07.0562 0392 Dot3svc - ok
20:11:07.0625 0392 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:11:07.0625 0392 dpti2o - ok
20:11:07.0640 0392 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:11:07.0640 0392 drmkaud - ok
20:11:07.0734 0392 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
20:11:07.0734 0392 DSBrokerService - ok
20:11:07.0828 0392 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
20:11:07.0828 0392 DSproct - ok
20:11:07.0875 0392 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
20:11:07.0875 0392 dsunidrv - ok
20:11:07.0906 0392 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:11:07.0906 0392 E100B - ok
20:11:07.0953 0392 [ 9309C5C9831203436E64CF2AE605C5D7 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
20:11:07.0953 0392 eamon - ok
20:11:07.0984 0392 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:11:07.0984 0392 EapHost - ok
20:11:08.0015 0392 [ DEFF87F04AB5F6DD5EDF2B80853BBE10 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
20:11:08.0015 0392 ehdrv - ok
20:11:08.0109 0392 [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
20:11:08.0156 0392 ekrn - ok
20:11:08.0203 0392 [ 06C65AC0A703CF8EEA4F284D901A1550 ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
20:11:08.0203 0392 epfwtdir - ok
20:11:08.0234 0392 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:11:08.0234 0392 ERSvc - ok
20:11:08.0281 0392 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:11:08.0281 0392 Eventlog - ok
20:11:08.0328 0392 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
20:11:08.0328 0392 EventSystem - ok
20:11:08.0375 0392 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:11:08.0375 0392 Fastfat - ok
20:11:08.0421 0392 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:11:08.0437 0392 FastUserSwitchingCompatibility - ok
20:11:08.0468 0392 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
20:11:08.0484 0392 Fax - ok
20:11:08.0546 0392 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:11:08.0546 0392 Fdc - ok
20:11:08.0562 0392 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:11:08.0578 0392 Fips - ok
20:11:08.0609 0392 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:11:08.0609 0392 Flpydisk - ok
20:11:08.0640 0392 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:11:08.0640 0392 FltMgr - ok
20:11:08.0718 0392 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:11:08.0718 0392 FontCache3.0.0.0 - ok
20:11:08.0734 0392 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:11:08.0734 0392 Fs_Rec - ok
20:11:08.0796 0392 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:11:08.0796 0392 Ftdisk - ok
20:11:08.0843 0392 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:11:08.0843 0392 GEARAspiWDM - ok
20:11:08.0906 0392 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:11:08.0906 0392 Gpc - ok
20:11:08.0984 0392 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:11:08.0984 0392 helpsvc - ok
20:11:09.0000 0392 HidServ - ok
20:11:09.0062 0392 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:11:09.0062 0392 hkmsvc - ok
20:11:09.0093 0392 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
20:11:09.0093 0392 hpn - ok
20:11:09.0171 0392 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:11:09.0171 0392 HTTP - ok
20:11:09.0250 0392 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:11:09.0250 0392 HTTPFilter - ok
20:11:09.0281 0392 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
20:11:09.0296 0392 i2omgmt - ok
20:11:09.0312 0392 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:11:09.0312 0392 i2omp - ok
20:11:09.0390 0392 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:11:09.0390 0392 i8042prt - ok
20:11:09.0453 0392 [ 3277CF101AE78C38B00702D688E37D44 ] IAANTMon C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
20:11:09.0453 0392 IAANTMon - ok
20:11:09.0531 0392 [ F26BFD48B1C314E0F23BF77ACFA75940 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
20:11:09.0531 0392 iaStor - ok
20:11:09.0625 0392 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:11:09.0625 0392 IDriverT - ok
20:11:09.0718 0392 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:11:09.0734 0392 idsvc - ok
20:11:09.0765 0392 IFP800 - ok
20:11:09.0796 0392 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:11:09.0812 0392 Imapi - ok
20:11:09.0843 0392 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:11:09.0843 0392 ImapiService - ok
20:11:09.0921 0392 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:11:09.0921 0392 ini910u - ok
20:11:10.0046 0392 [ 7509C548400F4C9E0211E3F6E66ABBE6 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys
20:11:10.0046 0392 IntelC51 - ok
20:11:10.0125 0392 [ 9584FFDD41D37F2C239681D0DAC2513E ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys
20:11:10.0125 0392 IntelC52 - ok
20:11:10.0171 0392 [ CF0B937710CEC6EF39416EDECD803CBB ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys
20:11:10.0171 0392 IntelC53 - ok
20:11:10.0203 0392 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
20:11:10.0203 0392 IntelIde - ok
20:11:10.0234 0392 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:11:10.0250 0392 intelppm - ok
20:11:10.0265 0392 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:11:10.0265 0392 Ip6Fw - ok
20:11:10.0328 0392 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:11:10.0328 0392 IpFilterDriver - ok
20:11:10.0359 0392 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:11:10.0359 0392 IpInIp - ok
20:11:10.0390 0392 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:11:10.0390 0392 IpNat - ok
20:11:10.0484 0392 [ CA9D4B998BFF311A539604ED87318FA0 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:11:10.0500 0392 iPod Service - ok
20:11:10.0546 0392 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:11:10.0546 0392 IPSec - ok
20:11:10.0593 0392 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:11:10.0593 0392 IRENUM - ok
20:11:10.0640 0392 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:11:10.0640 0392 isapnp - ok
20:11:10.0750 0392 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:11:10.0750 0392 JavaQuickStarterService - ok
20:11:10.0796 0392 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:11:10.0796 0392 Kbdclass - ok
20:11:10.0843 0392 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:11:10.0843 0392 kmixer - ok
20:11:10.0875 0392 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:11:10.0890 0392 KSecDD - ok
20:11:10.0921 0392 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:11:10.0921 0392 lanmanserver - ok
20:11:10.0968 0392 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:11:10.0968 0392 lanmanworkstation - ok
20:11:10.0984 0392 lbrtfdc - ok
20:11:11.0062 0392 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:11:11.0062 0392 LmHosts - ok
20:11:11.0156 0392 [ 63DAF163D1617DD611BD0AB8E41A43E8 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
20:11:11.0156 0392 LMIGuardianSvc - ok
20:11:11.0203 0392 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
20:11:11.0203 0392 LMIInfo - ok
20:11:11.0234 0392 [ 175F50F37EEAA1D4D744BCCCBB7CF68C ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
20:11:11.0234 0392 LMIMaint - ok
20:11:11.0250 0392 LMIRfsClientNP - ok
20:11:11.0296 0392 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
20:11:11.0296 0392 LMIRfsDriver - ok
20:11:11.0359 0392 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
20:11:11.0359 0392 LogMeIn - ok
20:11:11.0406 0392 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:11:11.0406 0392 Messenger - ok
20:11:11.0468 0392 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:11:11.0468 0392 mnmdd - ok
20:11:11.0500 0392 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:11:11.0500 0392 mnmsrvc - ok
20:11:11.0546 0392 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:11:11.0546 0392 Modem - ok
20:11:11.0578 0392 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:11:11.0578 0392 MODEMCSA - ok
20:11:11.0625 0392 [ 59B8B11FF70728EEC60E72131C58B716 ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys
20:11:11.0625 0392 mohfilt - ok
20:11:11.0640 0392 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:11:11.0656 0392 Mouclass - ok
20:11:11.0671 0392 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:11:11.0671 0392 MountMgr - ok
20:11:11.0812 0392 MpKsl08dc9839 - ok
20:11:11.0828 0392 MpKsl17587f54 - ok
20:11:11.0859 0392 MpKsl189ffec3 - ok
20:11:11.0890 0392 MpKsl1e056dee - ok
20:11:11.0906 0392 MpKsl2330ab70 - ok
20:11:11.0937 0392 MpKsl26df50c5 - ok
20:11:11.0968 0392 MpKsl33789bd8 - ok
20:11:12.0000 0392 MpKsl364806d3 - ok
20:11:12.0031 0392 MpKsl42346339 - ok
20:11:12.0062 0392 MpKsl451ee1ad - ok
20:11:12.0093 0392 MpKsl45ac8cbb - ok
20:11:12.0125 0392 MpKsl53cbc0b2 - ok
20:11:12.0156 0392 MpKsl5ce42412 - ok
20:11:12.0187 0392 MpKsl6365886d - ok
20:11:12.0218 0392 MpKsl65626b21 - ok
20:11:12.0250 0392 MpKsl6bfe06f3 - ok
20:11:12.0265 0392 MpKsl6cddef3e - ok
20:11:12.0296 0392 MpKsl6dfaef63 - ok
20:11:12.0328 0392 MpKsl7e65034a - ok
20:11:12.0359 0392 MpKsl8e00a2ed - ok
20:11:12.0390 0392 MpKsl8f5f21de - ok
20:11:12.0421 0392 MpKsl90c331c3 - ok
20:11:12.0453 0392 MpKsl9a742427 - ok
20:11:12.0484 0392 MpKslbdb1807d - ok
20:11:12.0500 0392 MpKslcef587c9 - ok
20:11:12.0531 0392 MpKslcf2bebd0 - ok
20:11:12.0562 0392 MpKsld0fb898d - ok
20:11:12.0593 0392 MpKsld6423f7b - ok
20:11:12.0625 0392 MpKsldd4f9e7b - ok
20:11:12.0656 0392 MpKsldff60cff - ok
20:11:12.0687 0392 MpKsle3c7431e - ok
20:11:12.0718 0392 MpKslee6a3a5f - ok
20:11:12.0750 0392 MpKslf948119f - ok
20:11:12.0781 0392 MpKslfc743d01 - ok
20:11:12.0812 0392 MpKslfe8c27e8 - ok
20:11:12.0843 0392 MpKslfea6b2b0 - ok
20:11:12.0906 0392 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:11:12.0906 0392 mraid35x - ok
20:11:12.0921 0392 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:11:12.0937 0392 MRxDAV - ok
20:11:12.0984 0392 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:11:13.0000 0392 MRxSmb - ok
20:11:13.0031 0392 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:11:13.0031 0392 MSDTC - ok
20:11:13.0078 0392 [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV C:\WINDOWS\system32\DRIVERS\msdv.sys
20:11:13.0078 0392 MSDV - ok
20:11:13.0093 0392 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:11:13.0093 0392 Msfs - ok
20:11:13.0109 0392 MSIServer - ok
20:11:13.0156 0392 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:11:13.0156 0392 MSKSSRV - ok
20:11:13.0187 0392 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:11:13.0187 0392 MSPCLOCK - ok
20:11:13.0218 0392 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:11:13.0218 0392 MSPQM - ok
20:11:13.0265 0392 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:11:13.0265 0392 mssmbios - ok
20:11:13.0312 0392 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:11:13.0312 0392 MSTEE - ok
20:11:13.0375 0392 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:11:13.0375 0392 Mup - ok
20:11:13.0406 0392 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:11:13.0406 0392 NABTSFEC - ok
20:11:13.0453 0392 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:11:13.0468 0392 napagent - ok
20:11:13.0500 0392 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:11:13.0500 0392 NDIS - ok
20:11:13.0531 0392 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:11:13.0531 0392 NdisIP - ok
20:11:13.0593 0392 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:11:13.0609 0392 NdisTapi - ok
20:11:13.0625 0392 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:11:13.0625 0392 Ndisuio - ok
20:11:13.0656 0392 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:11:13.0656 0392 NdisWan - ok
20:11:13.0687 0392 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:11:13.0687 0392 NDProxy - ok
20:11:13.0718 0392 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:11:13.0718 0392 NetBIOS - ok
20:11:13.0750 0392 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:11:13.0750 0392 NetBT - ok
20:11:13.0796 0392 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:11:13.0796 0392 NetDDE - ok
20:11:13.0812 0392 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:11:13.0828 0392 NetDDEdsdm - ok
20:11:13.0859 0392 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:11:13.0859 0392 Netlogon - ok
20:11:13.0890 0392 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:11:13.0890 0392 Netman - ok
20:11:13.0937 0392 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:11:13.0937 0392 NetTcpPortSharing - ok
20:11:13.0984 0392 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:11:13.0984 0392 NIC1394 - ok
20:11:14.0046 0392 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:11:14.0046 0392 Nla - ok
20:11:14.0078 0392 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:11:14.0078 0392 Npfs - ok
20:11:14.0093 0392 ntcdrdrv - ok
20:11:14.0156 0392 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:11:14.0156 0392 Ntfs - ok
20:11:14.0187 0392 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:11:14.0187 0392 NtLmSsp - ok
20:11:14.0250 0392 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:11:14.0250 0392 NtmsSvc - ok
20:11:14.0281 0392 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:11:14.0296 0392 Null - ok
20:11:14.0390 0392 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:11:14.0406 0392 nv - ok
20:11:14.0453 0392 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:11:14.0453 0392 NwlnkFlt - ok
20:11:14.0468 0392 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:11:14.0484 0392 NwlnkFwd - ok
20:11:14.0515 0392 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:11:14.0515 0392 ohci1394 - ok
20:11:14.0562 0392 [ 53D5F1278D9EDB21689BBBCECC09108D ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
20:11:14.0562 0392 omci - ok
20:11:14.0640 0392 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:11:14.0640 0392 ose - ok
20:11:14.0671 0392 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:11:14.0671 0392 Parport - ok
20:11:14.0703 0392 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:11:14.0703 0392 PartMgr - ok
20:11:14.0734 0392 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:11:14.0734 0392 ParVdm - ok
20:11:14.0781 0392 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:11:14.0781 0392 PCI - ok
20:11:14.0796 0392 PCIDump - ok
20:11:14.0843 0392 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:11:14.0843 0392 PCIIde - ok
20:11:14.0875 0392 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:11:14.0875 0392 Pcmcia - ok
20:11:14.0890 0392 PDCOMP - ok
20:11:14.0921 0392 PDFRAME - ok
20:11:14.0937 0392 PDRELI - ok
20:11:14.0968 0392 PDRFRAME - ok
20:11:15.0031 0392 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
20:11:15.0031 0392 perc2 - ok
20:11:15.0078 0392 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:11:15.0078 0392 perc2hib - ok
20:11:15.0187 0392 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\ComboFix\pev.3XE
20:11:15.0203 0392 PEVSystemStart - ok
20:11:15.0234 0392 [ C8A2D6FF660AC601B7BB9A9B16A5C25E ] PfModNT C:\WINDOWS\system32\drivers\PfModNT.sys
20:11:15.0234 0392 PfModNT - ok
20:11:15.0265 0392 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:11:15.0281 0392 PlugPlay - ok
20:11:15.0296 0392 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:11:15.0296 0392 PolicyAgent - ok
20:11:15.0343 0392 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:11:15.0343 0392 PptpMiniport - ok
20:11:15.0359 0392 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:11:15.0359 0392 ProtectedStorage - ok
20:11:15.0375 0392 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:11:15.0375 0392 PSched - ok
20:11:15.0406 0392 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:11:15.0421 0392 Ptilink - ok
20:11:15.0453 0392 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:11:15.0453 0392 PxHelp20 - ok
20:11:15.0484 0392 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:11:15.0500 0392 ql1080 - ok
20:11:15.0515 0392 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:11:15.0515 0392 Ql10wnt - ok
20:11:15.0562 0392 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:11:15.0562 0392 ql12160 - ok
20:11:15.0578 0392 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:11:15.0578 0392 ql1240 - ok
20:11:15.0609 0392 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:11:15.0609 0392 ql1280 - ok
20:11:15.0640 0392 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:11:15.0640 0392 RasAcd - ok
20:11:15.0687 0392 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:11:15.0687 0392 RasAuto - ok
20:11:15.0718 0392 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:11:15.0718 0392 Rasl2tp - ok
20:11:15.0765 0392 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:11:15.0765 0392 RasMan - ok
20:11:15.0781 0392 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:11:15.0796 0392 RasPppoe - ok
20:11:15.0812 0392 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:11:15.0812 0392 Raspti - ok
20:11:15.0843 0392 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:11:15.0843 0392 Rdbss - ok
20:11:15.0859 0392 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:11:15.0859 0392 RDPCDD - ok
20:11:15.0921 0392 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:11:15.0921 0392 rdpdr - ok
20:11:15.0984 0392 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:11:15.0984 0392 RDPWD - ok
20:11:16.0031 0392 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:11:16.0031 0392 RDSessMgr - ok
20:11:16.0062 0392 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:11:16.0062 0392 redbook - ok
20:11:16.0140 0392 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:11:16.0140 0392 RemoteAccess - ok
20:11:16.0156 0392 RoxLiveShare10 - ok
20:11:16.0203 0392 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
20:11:16.0203 0392 RpcLocator - ok
20:11:16.0234 0392 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:11:16.0250 0392 RpcSs - ok
20:11:16.0296 0392 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:11:16.0296 0392 RSVP - ok
20:11:16.0328 0392 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:11:16.0328 0392 SamSs - ok
20:11:16.0375 0392 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:11:16.0375 0392 SCardSvr - ok
20:11:16.0421 0392 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:11:16.0421 0392 Schedule - ok
20:11:16.0500 0392 [ 8EDD7B9E4A4B4C16E2DAB9188CAA861B ] SDDMI2 C:\WINDOWS\system32\DDMI2.sys
20:11:16.0500 0392 SDDMI2 - ok
20:11:16.0562 0392 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:11:16.0562 0392 Secdrv - ok
20:11:16.0578 0392 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:11:16.0593 0392 seclogon - ok
20:11:16.0671 0392 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
20:11:16.0671 0392 senfilt - ok
20:11:16.0703 0392 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:11:16.0718 0392 SENS - ok
20:11:16.0765 0392 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:11:16.0765 0392 serenum - ok
20:11:16.0781 0392 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:11:16.0781 0392 Serial - ok
20:11:16.0921 0392 SessionLauncher - ok
20:11:16.0953 0392 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:11:16.0953 0392 Sfloppy - ok
20:11:17.0000 0392 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:11:17.0000 0392 SharedAccess - ok
20:11:17.0046 0392 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:11:17.0046 0392 ShellHWDetection - ok
20:11:17.0062 0392 Simbad - ok
20:11:17.0109 0392 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:11:17.0109 0392 sisagp - ok
20:11:17.0156 0392 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:11:17.0156 0392 SLIP - ok
20:11:17.0234 0392 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
20:11:17.0234 0392 smwdm - ok
20:11:17.0265 0392 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:11:17.0265 0392 Sparrow - ok
20:11:17.0281 0392 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:11:17.0296 0392 splitter - ok
20:11:17.0328 0392 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:11:17.0343 0392 Spooler - ok
20:11:17.0359 0392 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:11:17.0359 0392 sr - ok
20:11:17.0406 0392 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:11:17.0406 0392 srservice - ok
20:11:17.0468 0392 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:11:17.0468 0392 Srv - ok
20:11:17.0515 0392 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:11:17.0515 0392 SSDPSRV - ok
20:11:17.0562 0392 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
20:11:17.0562 0392 StillCam - ok
20:11:17.0609 0392 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:11:17.0609 0392 stisvc - ok
20:11:17.0656 0392 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:11:17.0656 0392 streamip - ok
20:11:17.0703 0392 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:11:17.0703 0392 swenum - ok
20:11:17.0734 0392 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:11:17.0734 0392 swmidi - ok
20:11:17.0750 0392 SwPrv - ok
20:11:17.0812 0392 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
20:11:17.0812 0392 symc810 - ok
20:11:17.0875 0392 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:11:17.0875 0392 symc8xx - ok
20:11:17.0890 0392 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:11:17.0890 0392 sym_hi - ok
20:11:17.0921 0392 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:11:17.0921 0392 sym_u3 - ok
20:11:17.0968 0392 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:11:17.0968 0392 sysaudio - ok
20:11:18.0015 0392 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:11:18.0015 0392 SysmonLog - ok
20:11:18.0078 0392 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:11:18.0093 0392 TapiSrv - ok
20:11:18.0140 0392 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:11:18.0140 0392 Tcpip - ok
20:11:18.0187 0392 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:11:18.0187 0392 TDPIPE - ok
20:11:18.0234 0392 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:11:18.0234 0392 TDTCP - ok
20:11:18.0281 0392 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:11:18.0281 0392 TermDD - ok
20:11:18.0328 0392 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:11:18.0343 0392 TermService - ok
20:11:18.0375 0392 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:11:18.0375 0392 Themes - ok
20:11:18.0437 0392 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
20:11:18.0437 0392 TosIde - ok
20:11:18.0468 0392 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:11:18.0484 0392 TrkWks - ok
20:11:18.0531 0392 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:11:18.0531 0392 Udfs - ok
20:11:18.0562 0392 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
20:11:18.0562 0392 ultra - ok
20:11:18.0609 0392 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:11:18.0609 0392 Update - ok
20:11:18.0656 0392 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:11:18.0656 0392 upnphost - ok
20:11:18.0703 0392 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:11:18.0718 0392 UPS - ok
20:11:18.0750 0392 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
20:11:18.0750 0392 USBAAPL - ok
20:11:18.0765 0392 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:11:18.0781 0392 usbehci - ok
20:11:18.0812 0392 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:11:18.0812 0392 usbhub - ok
20:11:18.0859 0392 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:11:18.0859 0392 usbscan - ok
20:11:18.0890 0392 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:11:18.0890 0392 USBSTOR - ok
20:11:18.0921 0392 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:11:18.0921 0392 usbuhci - ok
20:11:18.0953 0392 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:11:18.0953 0392 VgaSave - ok
20:11:18.0984 0392 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:11:18.0984 0392 viaagp - ok
20:11:19.0031 0392 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
20:11:19.0031 0392 ViaIde - ok
20:11:19.0078 0392 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files\Viewpoint\Common\ViewpointService.exe
20:11:19.0093 0392 Viewpoint Manager Service - ok
20:11:19.0109 0392 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:11:19.0109 0392 VolSnap - ok
20:11:19.0171 0392 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:11:19.0171 0392 VSS - ok
20:11:19.0218 0392 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
20:11:19.0218 0392 w32time - ok
20:11:19.0265 0392 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:11:19.0265 0392 Wanarp - ok
20:11:19.0281 0392 wanatw - ok
20:11:19.0359 0392 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
20:11:19.0359 0392 Wdf01000 - ok
20:11:19.0375 0392 WDICA - ok
20:11:19.0421 0392 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:11:19.0421 0392 wdmaud - ok
20:11:19.0453 0392 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:11:19.0468 0392 WebClient - ok
20:11:19.0531 0392 [ 097A8291DF541F9B9AF2C500797CDCAA ] WinDriver6 C:\WINDOWS\system32\drivers\windrvr6.sys
20:11:19.0531 0392 WinDriver6 - ok
20:11:19.0625 0392 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:11:19.0625 0392 winmgmt - ok
20:11:19.0750 0392 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
20:11:19.0750 0392 WinUSB - ok
20:11:19.0796 0392 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:11:19.0796 0392 WmdmPmSN - ok
20:11:19.0875 0392 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:11:19.0875 0392 WmiApSrv - ok
20:11:19.0906 0392 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:11:19.0906 0392 WS2IFSL - ok
20:11:19.0937 0392 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:11:19.0953 0392 wscsvc - ok
20:11:19.0984 0392 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:11:19.0984 0392 WSTCODEC - ok
20:11:20.0015 0392 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:11:20.0015 0392 wuauserv - ok
20:11:20.0062 0392 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:11:20.0062 0392 WudfPf - ok
20:11:20.0093 0392 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:11:20.0093 0392 WudfRd - ok
20:11:20.0156 0392 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:11:20.0171 0392 WudfSvc - ok
20:11:20.0234 0392 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:11:20.0265 0392 WZCSVC - ok
20:11:20.0296 0392 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:11:20.0296 0392 xmlprov - ok
20:11:20.0421 0392 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
20:11:20.0437 0392 YahooAUService - ok
20:11:20.0453 0392 zumbus - ok
20:11:20.0500 0392 ================ Scan global ===============================
20:11:20.0531 0392 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:11:20.0562 0392 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:11:20.0578 0392 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:11:20.0609 0392 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:11:20.0609 0392 [Global] - ok
20:11:20.0609 0392 ================ Scan MBR ==================================
20:11:20.0656 0392 [ B16A2359F4962B0C622D81A1C1F4B703 ] \Device\Harddisk0\DR0
20:11:20.0890 0392 \Device\Harddisk0\DR0 - ok
20:11:20.0890 0392 ================ Scan VBR ==================================
20:11:20.0906 0392 [ 89E1891E69B43C124827E62D71169EE7 ] \Device\Harddisk0\DR0\Partition1
20:11:20.0906 0392 \Device\Harddisk0\DR0\Partition1 - ok
20:11:20.0906 0392 ============================================================
20:11:20.0906 0392 Scan finished
20:11:20.0906 0392 ============================================================
20:11:20.0953 1020 Detected object count: 0
20:11:20.0953 1020 Actual detected object count: 0
20:11:23.0562 1004 Deinitialize success

BSOD.txt results

==================================================
Dump File : Mini100312-01.dmp
Crash Time : 10/3/2012 4:12:17 PM
Bug Check String : SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD
Bug Check Code : 0x100000d4
Parameter 1 : 0xb767a038
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502cf2
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2bcf2
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2bcf2
Stack Address 1 : ntoskrnl.exe+2bf4b
Stack Address 2 : ntoskrnl.exe+2b15a
Stack Address 3 : ntoskrnl.exe+2b347
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini100312-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini100212-01.dmp
Crash Time : 10/2/2012 3:55:22 PM
Bug Check String : SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD
Bug Check Code : 0x100000d4
Parameter 1 : 0xb6a83038
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502cf2
Caused By Driver : NDIS.sys
Caused By Address : NDIS.sys+18f1a
File Description : NDIS 5.1 wrapper driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2bcf2
Stack Address 1 : ntoskrnl.exe+2bf4b
Stack Address 2 : ntoskrnl.exe+2b15a
Stack Address 3 : ntoskrnl.exe+2b347
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini100212-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

I ran the custom otl fix and it completed processing and did not ask me to reboot. Here is the otl log:

========== OTL ==========
Service SessionLauncher stopped successfully!
Service SessionLauncher deleted successfully!
File C:\DOCUME~1\Cindy\LOCALS~1\Temp\DX9\SessionLauncher.exe not found.
Service RoxLiveShare10 stopped successfully!
Service RoxLiveShare10 deleted successfully!
File C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe not found.
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File %SystemRoot%\System32\hidserv.dll not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File %SystemRoot%\System32\appmgmts.dll not found.
Service zumbus stopped successfully!
Service zumbus deleted successfully!
File system32\DRIVERS\zumbus.sys not found.
Error: No service named Winsock - Google Desktop Search Backup Before Last Install was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock - Google Desktop Search Backup Before Last Install deleted successfully.
Error: No service named Winsock - Google Desktop Search Backup Before First Install was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock - Google Desktop Search Backup Before First Install deleted successfully.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service wanatw stopped successfully!
Service wanatw deleted successfully!
File system32\DRIVERS\wanatw4.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service ntcdrdrv stopped successfully!
Service ntcdrdrv deleted successfully!
File system32\DRIVERS\ntcdrdrv.sys not found.
Service MpKslfea6b2b0 stopped successfully!
Service MpKslfea6b2b0 deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5FE47512-9B3E-4C40-B1A2-2D90DB69FEEF}\MpKslfea6b2b0.sys not found.
Service MpKslfe8c27e8 stopped successfully!
Service MpKslfe8c27e8 deleted successfully!
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{35F46DC2-AFA1-452E-911A-0D0A12C93F0F}\MpKslfe8c27e8.sys not found.
Service MpKslfc743d01 stopped successfully!
Service MpKslfc743d01 deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4C172E96-EC3C-4F7E-ADC6-4BA48E1AC7C5}\MpKslfc743d01.sys not found.
Service MpKslf948119f stopped successfully!
Service MpKslf948119f deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6E6B3A8-7C06-4327-A14E-C35035725D52}\MpKslf948119f.sys not found.
Service MpKslee6a3a5f stopped successfully!
Service MpKslee6a3a5f deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A51ED8C3-4252-4DBB-B422-61C39A192646}\MpKslee6a3a5f.sys not found.
Service MpKsle3c7431e stopped successfully!
Service MpKsle3c7431e deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FD3D59D7-A002-4BF5-B750-4F3961DACDFD}\MpKsle3c7431e.sys not found.
Service MpKsldff60cff stopped successfully!
Service MpKsldff60cff deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40E8D30F-B4DB-40C2-9FA6-81F10B828F49}\MpKsldff60cff.sys not found.
Service MpKsldd4f9e7b stopped successfully!
Service MpKsldd4f9e7b deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C1C83A08-FA18-482B-A254-9E52E3B76722}\MpKsldd4f9e7b.sys not found.
Service MpKsld6423f7b stopped successfully!
Service MpKsld6423f7b deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ADFACF4B-4DC1-497C-B82E-CCD10F251AEE}\MpKsld6423f7b.sys not found.
Service MpKsld0fb898d stopped successfully!
Service MpKsld0fb898d deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F1FF5B2-FFD6-4C84-8C7A-AA0D84C43CCB}\MpKsld0fb898d.sys not found.
Service MpKslcf2bebd0 stopped successfully!
Service MpKslcf2bebd0 deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62445928-C11F-4787-9B82-B235C6A5B5C5}\MpKslcf2bebd0.sys not found.
Service MpKslcef587c9 stopped successfully!
Service MpKslcef587c9 deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E586F525-EF59-4DED-A447-37A32EF67E1F}\MpKslcef587c9.sys not found.
Service MpKslbdb1807d stopped successfully!
Service MpKslbdb1807d deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{865AD9B7-ACA5-4CAA-96EB-A6B0CE500D75}\MpKslbdb1807d.sys not found.
Service MpKsl9a742427 stopped successfully!
Service MpKsl9a742427 deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F85B5CC-94F5-4A12-A99C-33B0C793270A}\MpKsl9a742427.sys not found.
Service MpKsl90c331c3 stopped successfully!
Service MpKsl90c331c3 deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A76184ED-8B90-454E-9AD0-A499D77FB518}\MpKsl90c331c3.sys not found.
Service MpKsl8f5f21de stopped successfully!
Service MpKsl8f5f21de deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13871755-34A6-4CFE-BD21-82C9D9D5E872}\MpKsl8f5f21de.sys not found.
Service MpKsl8e00a2ed stopped successfully!
Service MpKsl8e00a2ed deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{39E2B735-0BA9-48FF-A78F-56D6582074FC}\MpKsl8e00a2ed.sys not found.
Service MpKsl7e65034a stopped successfully!
Service MpKsl7e65034a deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7319499-EE4B-47A0-B2A1-F88D8DC59B13}\MpKsl7e65034a.sys not found.
Service MpKsl6dfaef63 stopped successfully!
Service MpKsl6dfaef63 deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28E28A2E-45E8-433C-B798-D98FF0E5C3F5}\MpKsl6dfaef63.sys not found.
Service MpKsl6cddef3e stopped successfully!
Service MpKsl6cddef3e deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E4CB09E2-280C-439D-B0E3-ED490960CA46}\MpKsl6cddef3e.sys not found.
Service MpKsl6bfe06f3 stopped successfully!
Service MpKsl6bfe06f3 deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F545262-E45A-4A25-8DC8-A06D06828A0C}\MpKsl6bfe06f3.sys not found.
Service MpKsl65626b21 stopped successfully!
Service MpKsl65626b21 deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2BDB9806-8813-4B9B-A470-2BB1A79FD43E}\MpKsl65626b21.sys not found.
Service MpKsl6365886d stopped successfully!
Service MpKsl6365886d deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC514316-C60A-4B3B-95FB-5528C5FA32F0}\MpKsl6365886d.sys not found.
Service MpKsl5ce42412 stopped successfully!
Service MpKsl5ce42412 deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20AC0C3F-6A98-4A56-8634-EE5198A47825}\MpKsl5ce42412.sys not found.
Service MpKsl53cbc0b2 stopped successfully!
Service MpKsl53cbc0b2 deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E3F3BADC-4C45-446C-89DF-F5AF33ADE4BC}\MpKsl53cbc0b2.sys not found.
Service MpKsl45ac8cbb stopped successfully!
Service MpKsl45ac8cbb deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4C172E96-EC3C-4F7E-ADC6-4BA48E1AC7C5}\MpKsl45ac8cbb.sys not found.
Service MpKsl451ee1ad stopped successfully!
Service MpKsl451ee1ad deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{865AD9B7-ACA5-4CAA-96EB-A6B0CE500D75}\MpKsl451ee1ad.sys not found.
Service MpKsl42346339 stopped successfully!
Service MpKsl42346339 deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{412FFCF3-7908-464F-AECB-FE07732EB8BA}\MpKsl42346339.sys not found.
Service MpKsl364806d3 stopped successfully!
Service MpKsl364806d3 deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EE8653E-B91B-492A-B6FE-4191AFEC8F0C}\MpKsl364806d3.sys not found.
Service MpKsl33789bd8 stopped successfully!
Service MpKsl33789bd8 deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{412FFCF3-7908-464F-AECB-FE07732EB8BA}\MpKsl33789bd8.sys not found.
Service MpKsl26df50c5 stopped successfully!
Service MpKsl26df50c5 deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D32CBA4-B1F3-4FB1-8AF2-0EE5C182626C}\MpKsl26df50c5.sys not found.
Service MpKsl2330ab70 stopped successfully!
Service MpKsl2330ab70 deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC32958A-58AF-49DE-9F3C-D39EFF8E084B}\MpKsl2330ab70.sys not found.
Service MpKsl1e056dee stopped successfully!
Service MpKsl1e056dee deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FF78E95-EF66-476F-824E-2CCB68635FDA}\MpKsl1e056dee.sys not found.
Service MpKsl189ffec3 stopped successfully!
Service MpKsl189ffec3 deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{84776499-9BE1-48D6-8877-5D41C3D019D2}\MpKsl189ffec3.sys not found.
Service MpKsl17587f54 stopped successfully!
Service MpKsl17587f54 deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC1F862F-42A9-44BE-889A-07AFD99C3ADA}\MpKsl17587f54.sys not found.
Service MpKsl08dc9839 stopped successfully!
Service MpKsl08dc9839 deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FEF5C37D-331B-49BF-A752-420336BADA1E}\MpKsl08dc9839.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service IFP800 stopped successfully!
Service IFP800 deleted successfully!
File system32\drivers\ifp800.sys not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
Service Cdralw2k stopped successfully!
Service Cdralw2k deleted successfully!
Service Cdr4_xp stopped successfully!
Service Cdr4_xp deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Cindy\LOCALS~1\Temp\catchme.sys not found.
Service bvrp_pci stopped successfully!
Service bvrp_pci deleted successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-36742239-1323464194-415680248-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-36742239-1323464194-415680248-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/MSC,version=10\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
File C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CA3D70E-1895-11CF-8E15-001234567890}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_USERS\S-1-5-21-36742239-1323464194-415680248-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-36742239-1323464194-415680248-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-36742239-1323464194-415680248-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-36742239-1323464194-415680248-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2D51D869-C36B-42BD-AE68-0A81BC771FA5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D51D869-C36B-42BD-AE68-0A81BC771FA5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully.
Starting removal of ActiveX control {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
File Protocol\Handler\linkscanner - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\Documents and Settings\Cindy\Local Settings\Application Data\5b5s8f0nhi1 moved successfully.
C:\Documents and Settings\All Users\Application Data\5b5s8f0nhi1 moved successfully.
C:\WINDOWS\assembly\Desktop.ini moved successfully.
ADS C:\Documents and Settings\Cindy\My Documents\Zipper.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\ToothReport.dmsm:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\toby2.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\toby1sthc.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\toby1.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\Sept. 07 AGENDA.dat:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\Production 1.dmsm:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\Production 1.dat:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\Kirk Christmas 08.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\karen1.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\kapxmas08.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\kapalakids.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\ifreddy.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\house1-2.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\house1.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\happybday.MP3:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\girlsatschool2.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\girlsatschool1.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\FAYGODETROIT.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\detroit-lions-2.gif:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\detroit_tigers.gif:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\deanpic.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\campusmap.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\camille1.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\baseball2.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\baseball1.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\bananabread.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\auntjofarm.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\aub&mrsaustin.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\Anthonypic1.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Cindy\My Documents\2737SantiaDeed.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 10072012_211440

I will let you know how it is running tomorrow. Thanks so much for your help!!

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:34 PM

Posted 07 October 2012 - 08:55 PM

Excellent, see you tomorrow.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 NeedaNewComputer

NeedaNewComputer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 07 October 2012 - 09:06 PM

I did a restart after all those logs and I got a blue screen of death when I was going into windows. I powered it off and back on and then had no problems getting into windows. As of right now, I have had no redirects in Internet Explorer. It still seems a bit slow..but it is a old computer. Now, I am really done for the evening so until tomorrow. Thanks!!

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:34 PM

Posted 08 October 2012 - 07:34 AM

Hi Cindy,

We will keep an eye out for a Blue Screen. If you get another one please rerun BlueScreen View from Post #4 and provide that information in your reply.

Please do this for me.


===================================================


screen317's Security Check

--------------------

  • Please download sreen317's Security Check to your desktop
  • Double-click Posted Image icon
  • Click OK
  • Select Run
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply

===================================================


Temporary File Cleaner (TFC)

--------------------

  • Download TFC by OldTimer to your desktop.
  • Close any open windows
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run
  • Click the Start button to begin the process
  • Allow TFC to run uninterrupted
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean
NOTE: It's normal for the computer to boot more slowly the first time after running TFC

TFC will clear out all temporary folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. TFC only cleans temporary folders and will not clean URL history, prefetch, or cookies



===================================================


Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download. You can also right click on the link and select Save Link As
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version .
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    Posted Image

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Security Check information
  • TFC log
  • MBAM results
  • ESET results
  • How is your computer running now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 NeedaNewComputer

NeedaNewComputer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 08 October 2012 - 09:09 PM

Here are my latest results. I ran TFC and it deleted temporary files but I didn't get a log. It did reboot the pc and so far no blue screens of death. I also ran the online eset and no threats were found. I will check on the speed tomorrow when I get run through a few things. Thanks!! Cindy

Security Check log:

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
Java™ 6 Update 35
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of Date!
Adobe Reader 6 Adobe Reader out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.08.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
Cindy :: KAPSTUDY [administrator]

10/8/2012 5:30:21 PM
mbam-log-2012-10-08 (17-30-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 316308
Time elapsed: 17 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:34 PM

Posted 08 October 2012 - 09:11 PM

Thanks Cindy.

So far, so good! :)
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 NeedaNewComputer

NeedaNewComputer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 09 October 2012 - 08:05 PM

No blue screens and no redirects so far. Seems back to normal. Thanks Gary!!

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:34 PM

Posted 09 October 2012 - 08:24 PM

Hi Cindy,

Looking good. We need to update some stuff. Please consider and complete the following.


===================================================


Viewpoint Manager Caution

--------------------

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

"To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously."

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware. I recommend that you remove the Viewpoint products; however, decide for yourself. If you decided to uninstall it you may do so through "Add/Remove Programs".


===================================================


Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for the JRE icon Posted Image underneath "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right and a new page will open.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select Windows x86 Offline 29.73 MB jre-7u6-windows-i586.exe
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • If you selected Offline Installation then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.

To disable the JQS service if you don't want to use it:

  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

===================================================


Update Adobe Reader

--------------------

Your Adobe Reader is out of date and a security concern.

Here is some excellent information and a video which explains the importance of minimizing the risk of infection through compromised PDF files.

Please download Adobe Reader

After installing the latest Adobe Reader, uninstall all previous versions.

  • If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed Uncheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader (the one I use personally). It's a much smaller file to download and uses a lot less resources than Adobe Reader.

  • When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other addons.

===================================================


Update Internet Explorer

--------------------

Your version of Internet Explorer is outdated.

  • Please download Internet Explorer 8
    • Note: Internet Explorer 9 is not compatible with Windows XP
  • Save it to your desktop.
  • Double click on the file on your desktop to start the installation process.
  • Reboot

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Java update
  • Adobe or Foxit
  • Internet Explorer update
  • Any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 NeedaNewComputer

NeedaNewComputer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 10 October 2012 - 08:55 PM

I uninstalled the Viewpoint products. I don't use or need them. I updated Java and Adobe Reader. The update of Internet Explorer 8 was not successful. It has bombed out everytime I have tried to run it through windows update and with the the downloaded install that I ran tonight. In windows update, I always got a error code of Ox3F5. That is why it isn't up to date and I never took the time to figure out why it didn't work. Any suggestions or should I try a different browser all together? I am not necessarily partial to Internet Explorer. Thanks!!

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:34 PM

Posted 10 October 2012 - 09:06 PM

Hi Cindy,

We need to take a look at that issue. Please do this.


===================================================


Obtaining Windows Update Log

--------------------

  • Please browse to the following location, zip the file and attach it to your reply

    C:\Windows\WindowsUpdate.log

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • zipped file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 NeedaNewComputer

NeedaNewComputer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 10 October 2012 - 09:55 PM

Here is the windows update log. I will check back in tomorrow. Thanks!!

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users