Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Rootkit


  • This topic is locked This topic is locked
28 replies to this topic

#1 Jennifer_W

Jennifer_W

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:51 AM

Posted 02 November 2012 - 03:11 PM

Hi there,

I introduced myself on the other forum last night, but hello again from Canada. :) I think it's very likely I have a rootkit somewhere. I am getting unwanted hyperlinks on any paragraphs I view with my browser. There is also a pop up that keeps saying "Successfully blocked access to a potentially malicious website - Outgoing (this is also accompanied by IP address, often a different one each time). I'm sure you have heard of this before, as my google searches into this problem have brought me to this site.

I have followed your entry level instructions, creating the two DDS logs. However, during my attempt to a create a GMER log, my computer always shuts down. Sometimes it goes to the blue screen (I forget what it says, it's only there for a second) and it shuts down my computer.

It's happened 3 times in a row and I'm quite nervous and disturbed by it. I will post my DDS logs. Could you provide me advice about what to do with th GMER issue? It's got me quite nervous.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/1/2011 1:57:39 AM
System Uptime: 11/2/2012 12:25:49 AM (4 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P7P55D PRO
Processor: Intel® Core™ i5 CPU 750 @ 2.67GHz | LGA1156 | 2675/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 192.723 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 500.248 GiB free.
F: is FIXED (NTFS) - 1863 GiB total, 1413.775 GiB free.
G: is CDROM ()
H: is FIXED (NTFS) - 149 GiB total, 95.851 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP508: 8/3/2012 11:44:47 PM - System Checkpoint
RP509: 8/5/2012 2:30:24 PM - System Checkpoint
RP510: 8/6/2012 7:19:48 PM - System Checkpoint
RP511: 8/8/2012 3:15:39 AM - System Checkpoint
RP512: 8/9/2012 4:54:20 PM - System Checkpoint
RP513: 8/10/2012 9:16:46 PM - System Checkpoint
RP514: 8/11/2012 11:54:33 PM - System Checkpoint
RP515: 8/13/2012 8:02:09 AM - System Checkpoint
RP516: 8/14/2012 5:05:47 PM - System Checkpoint
RP517: 8/15/2012 6:11:45 PM - System Checkpoint
RP518: 8/16/2012 8:14:28 PM - System Checkpoint
RP519: 8/17/2012 9:27:11 PM - System Checkpoint
RP520: 8/18/2012 10:45:02 PM - System Checkpoint
RP521: 8/20/2012 12:23:42 AM - System Checkpoint
RP522: 8/21/2012 6:57:34 AM - System Checkpoint
RP523: 8/22/2012 7:19:47 AM - System Checkpoint
RP524: 8/23/2012 12:36:02 PM - System Checkpoint
RP525: 8/24/2012 4:35:33 PM - System Checkpoint
RP526: 8/25/2012 6:02:03 PM - System Checkpoint
RP527: 8/26/2012 6:08:57 PM - System Checkpoint
RP528: 8/27/2012 6:37:44 PM - System Checkpoint
RP529: 8/28/2012 7:53:55 PM - System Checkpoint
RP530: 8/30/2012 2:40:50 AM - System Checkpoint
RP531: 8/31/2012 5:02:17 PM - System Checkpoint
RP532: 9/1/2012 5:17:35 PM - System Checkpoint
RP533: 9/2/2012 6:54:51 PM - System Checkpoint
RP534: 9/3/2012 8:11:51 PM - System Checkpoint
RP535: 9/4/2012 8:41:56 PM - System Checkpoint
RP536: 9/5/2012 11:15:57 PM - System Checkpoint
RP537: 9/7/2012 12:51:27 AM - System Checkpoint
RP538: 9/8/2012 4:48:39 PM - System Checkpoint
RP539: 9/9/2012 5:19:16 PM - System Checkpoint
RP540: 9/10/2012 5:58:51 PM - System Checkpoint
RP541: 9/11/2012 8:05:17 PM - System Checkpoint
RP542: 9/13/2012 1:36:17 AM - System Checkpoint
RP543: 9/14/2012 2:01:18 AM - System Checkpoint
RP544: 9/15/2012 11:22:57 AM - System Checkpoint
RP545: 9/16/2012 2:23:12 PM - System Checkpoint
RP546: 9/17/2012 2:52:33 PM - System Checkpoint
RP547: 9/18/2012 5:01:38 AM - Installed MySQL Workbench 5.2 CE
RP548: 9/19/2012 1:48:03 PM - System Checkpoint
RP549: 9/20/2012 2:43:30 PM - System Checkpoint
RP550: 9/21/2012 3:17:39 PM - System Checkpoint
RP551: 9/22/2012 4:14:51 PM - System Checkpoint
RP552: 9/23/2012 4:46:38 PM - System Checkpoint
RP553: 9/24/2012 6:12:42 PM - System Checkpoint
RP554: 9/26/2012 3:17:54 PM - System Checkpoint
RP555: 9/27/2012 3:53:49 PM - System Checkpoint
RP556: 9/28/2012 3:59:00 PM - System Checkpoint
RP557: 9/29/2012 6:06:04 PM - System Checkpoint
RP558: 9/30/2012 8:31:04 PM - System Checkpoint
RP559: 10/1/2012 9:07:56 PM - System Checkpoint
RP560: 10/2/2012 10:14:47 PM - System Checkpoint
RP561: 10/3/2012 11:45:53 PM - System Checkpoint
RP562: 10/4/2012 7:37:36 AM - Installed Python 3.2.3
RP563: 10/5/2012 12:55:42 PM - System Checkpoint
RP564: 10/6/2012 1:24:45 PM - System Checkpoint
RP565: 10/7/2012 8:00:59 PM - System Checkpoint
RP566: 10/8/2012 11:40:04 PM - System Checkpoint
RP567: 10/10/2012 12:39:31 AM - System Checkpoint
RP568: 10/11/2012 5:40:36 AM - System Checkpoint
RP569: 10/12/2012 2:45:55 PM - System Checkpoint
RP570: 10/13/2012 2:59:02 PM - System Checkpoint
RP571: 10/14/2012 5:00:09 PM - System Checkpoint
RP572: 10/15/2012 6:17:06 PM - System Checkpoint
RP573: 10/16/2012 6:32:27 PM - System Checkpoint
RP574: 10/17/2012 8:13:29 PM - System Checkpoint
RP575: 10/19/2012 10:22:33 AM - System Checkpoint
RP576: 10/20/2012 1:28:26 PM - System Checkpoint
RP577: 10/22/2012 5:03:11 PM - System Checkpoint
RP578: 10/23/2012 5:46:14 PM - System Checkpoint
RP579: 10/24/2012 6:04:58 PM - System Checkpoint
RP580: 10/25/2012 8:32:05 PM - System Checkpoint
RP581: 10/26/2012 9:29:11 PM - System Checkpoint
RP582: 10/28/2012 3:15:19 AM - System Checkpoint
RP583: 10/29/2012 9:32:31 AM - System Checkpoint
RP584: 10/30/2012 12:28:09 PM - System Checkpoint
RP585: 10/31/2012 1:58:43 PM - System Checkpoint
RP586: 11/1/2012 4:30:50 AM - Installed Sophos Virus Removal Tool.
RP587: 11/2/2012 12:24:43 AM - Norton_Power_Eraser_20121102002440078
.
==== Installed Programs ======================
.
µTorrent
1ClickDownloader
1ClickDownloader 2.1
7-Zip 9.20
AbiWord 2.8.6
Acoustica Effects Pack
Acoustica Mixcraft 5
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.2.0 - CPSID_50026
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Asset Services CS4
Adobe Audition 1.5
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aptana Studio 3
Avira AntiVir Personal - Free Antivirus
Bonjour
CamStudio OSS Desktop Recorder
Compatibility Pack for the 2007 Office system
Connect
Convert AVI to MP4
Creative System Information
Crystal Reports Basic for Visual Studio 2008
Definition update for Microsoft Office 2010 (KB982726)
Desktop Ruler 3.28
Dragon NaturallySpeaking Components
Driver Detective
Dropbox
emesene 2.11.5
EPU-6 Engine
Express Gate
Fast Track
Free Mp3 Wma Converter V 1.91
Google Chrome
Google Talk (remove only)
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Interlok driver setup x32
Internet Explorer Developer Toolbar
iTunes
iWisoft Flash SWF to Video Converter 3.4
Java Auto Updater
Java DB 10.6.2.1
Java™ 6 Update 22
Java™ 6 Update 29
Java™ SE Development Kit 6 Update 23
Java™ SE Development Kit 6 Update 29
JavaFX™ 1.3 SDK
JMicron JMB36X Driver
kuler
Live 7.0.15
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.65.1.1000
Master Flatpick Guitar Volume 1
Master Jazz Guitar Solos SuperPAK
McAfee Security Scan Plus
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Software Update for Web Folders (English) 12
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MP3 Speed Changer 2.85
MSVCRT
MSXML 6.0 Parser (KB933579)
MySQL Workbench 5.2 CE
NetBeans IDE 7.0.1
Notepad++
NVIDIA Control Panel 263.06
NVIDIA Graphics Driver 263.06
NVIDIA Install Application
NVIDIA nView 135.48
NVIDIA nView Desktop Manager
OpenOffice.org 3.3
Password Store
PDF Settings CS4
PG Music DirectX Plugins 1.3.4.1
Photoshop Camera Raw
Pixel Bender Toolkit
Pixel Ruler
Platform
Python 3.1 pygame-1.9.1
Python 3.1.1
Python 3.2.3
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2434737)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Segoe UI
Skype Click to Call
Skype™ 5.10
Sophos Virus Removal Tool
Sound Blaster Audigy
SpaceMonger 2.1.1
Suite Shared Configuration CS4
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
TRENDnet 802.11g Wireless CardBus/PCI Adapter
TurboV EVO
Unlocker 1.9.0
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Utilu IE Collection 1.7.0.8
VIA Platform Device Manager
Virtual Sound Canvas DXi
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 1.1.10
VMware Workstation
Voice Studio
Vuze
Vuze Remote Toolbar
WampServer 2.2
WD SmartWare
Web Assistant 2.0.0.485
Web Optimizer
WebFldrs XP
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile 5.0 SDK R2 for Smartphone
Windows XP Service Pack 3
WinZip 15.0
xVideoServiceThief
Yontoo 1.10.02
YTD Toolbar v6.5
YTD Video Downloader 3.9
.
==== Event Viewer Messages From Past Week ========
.
11/2/2012 12:59:19 AM, error: PlugPlayManager [11] - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
11/2/2012 12:54:11 AM, error: Service Control Manager [7034] - The ASUS System Control Service service terminated unexpectedly. It has done this 1 time(s).
11/2/2012 12:48:36 AM, error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
11/2/2012 12:47:52 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SMR311\0000 disappeared from the system without first being prepared for removal.
11/1/2012 9:10:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip WS2IFSL
11/1/2012 9:10:23 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/1/2012 9:10:23 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/1/2012 9:10:23 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/1/2012 9:10:23 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/1/2012 9:10:23 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/1/2012 9:10:23 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/1/2012 9:09:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/1/2012 9:09:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/1/2012 6:27:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WD File Management Shadow Engine service to connect.
11/1/2012 6:27:57 PM, error: Service Control Manager [7000] - The WD File Management Shadow Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/1/2012 6:18:52 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WD File Management Engine service to connect.
11/1/2012 6:18:52 PM, error: Service Control Manager [7000] - The WD File Management Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/1/2012 6:00:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
11/1/2012 6:00:19 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/1/2012 6:00:06 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
.
==== End Of File ===========================

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Cory Duchesne at 4:45:14 on 2012-11-02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.1958 [GMT -3:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\itunes\iTunesHelper.exe
E:\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\WINDOWS\system32\dmwu.exe
E:\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cory Duchesne\Desktop\Defogger (1).exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2504091
mWindow Title = IE 4.01 (Microsoft Internet Explorer)
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
BHO: IE Developer Toolbar BHO: {CC7E636D-39AA-49b6-B511-65413DA137A1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - c:\program files\vuze_remote\prxtbVuz0.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
EB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:\program files\microsoft office\office14\GROOVEEX.DLL
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [TurboV Help] "c:\program files\asus\turbov evo\TurboVHelp.exe"
mRun: [TurboV EVO] "c:\program files\asus\turbov evo\TurboV_EVO.exe" -b
mRun: [Six Engine] "c:\program files\asus\epu-6 engine\SixEngine.exe" -b
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [iTunesHelper] "e:\itunes\iTunesHelper.exe"
mRun: [vmware-tray] "e:\vmware\vmware workstation\vmware-tray.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
StartupFolder: c:\docume~1\corydu~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\cory duchesne\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\corydu~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\corydu~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\corydu~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.189\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\tew-421pc_tew-423pi\WlanCU.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: e:\vmware\vmware workstation\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{CC88D6F9-208B-4A68-A2A8-F33DBAD8CE05} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\cory duchesne\application data\mozilla\firefox\profiles\k73mo8ju.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb128?a=6R8uW7EIl0&i=26
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb128/?loc=IB_DS&a=6R8uW7EIl0&&i=26&search=
FF - plugin: c:\documents and settings\cory duchesne\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: e:\itunes\mozilla plugins\npitunes.dll
FF - ExtSQL: 2012-10-19 22:56; ytd@mybrowserbar.com; c:\program files\ytd toolbar\FF
FF - ExtSQL: 2012-10-19 22:56; wtxpcom@mybrowserbar.com; c:\program files\common files\spigot\wtxpcom
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extentions.y2layers.installId - b41d59f2-ace3-433b-a3e8-e30a5270f420
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8uW7EIl0
FF - user.js: extensions.incredibar_i.upn2n - 92824475046340150
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8uW7EIl0&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 109675c100000000000020cf303d11c5
FF - user.js: extensions.incredibar_i.instlDay - 15495
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:59:33
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-1-1 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-1 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-1 269480]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-10-9 799112]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-1 66616]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-7-17 319488]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-30 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-28 676936]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2011-3-25 70768]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-3-25 539248]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2011-3-9 238592]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2011-3-9 484352]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-6-3 188760]
R2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [2012-9-14 1006448]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2011-1-4 20480]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-28 22856]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-1-1 2127728]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.05\AsSysCtrlService.exe [2011-1-1 109056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2011-3-9 1060864]
S2 WLSVC;WLSVC;c:\program files\trendnet\tew-421pc_tew-423pi\WLSVC.exe [2011-1-4 167936]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 MAUSBFT;Service for M-Audio Fast Track;c:\windows\system32\drivers\mausbft.sys [2011-3-26 156552]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.189\McCHSvc.exe [2010-9-2 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-27 115168]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: Audition.exe: Open="c:\program files\adobe\audition 1.5\Audition.exe"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2012-11-02 03:51:21 -------- d-sha-r- C:\cmdcons
2012-11-02 03:49:45 98816 ----a-w- c:\windows\sed.exe
2012-11-02 03:49:45 256000 ----a-w- c:\windows\PEV.exe
2012-11-02 03:49:45 208896 ----a-w- c:\windows\MBR.exe
2012-11-02 03:07:22 -------- d-----w- c:\documents and settings\cory duchesne\local settings\application data\NPE
2012-11-02 03:07:22 -------- d-----w- c:\documents and settings\all users\application data\Norton
2012-11-01 07:31:28 -------- d-----w- c:\documents and settings\all users\application data\Sophos
2012-11-01 07:31:01 73728 ----a-r- c:\documents and settings\cory duchesne\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-11-01 07:31:01 73728 ----a-r- c:\documents and settings\cory duchesne\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-11-01 07:31:01 73728 ----a-r- c:\documents and settings\cory duchesne\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2012-11-01 07:30:51 -------- d-----w- c:\program files\Sophos
2012-10-20 01:56:19 -------- d-----w- c:\documents and settings\cory duchesne\application data\Search Settings
2012-10-20 01:56:16 -------- d-----w- c:\program files\Application Updater
2012-10-20 01:56:15 -------- d-----w- c:\program files\YTD Toolbar
2012-10-20 01:56:15 -------- d-----w- c:\program files\common files\Spigot
2012-10-09 20:37:45 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-10-09 20:37:45 -------- d-----w- c:\program files\CamStudio 2.6b
2012-10-04 10:37:38 -------- d-----w- C:\Python32
.
==================== Find3M ====================
.
2012-09-29 22:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 13:26:52 1006448 ----a-w- c:\windows\system32\dmwu.exe
2012-09-13 13:24:48 28160 ----a-w- c:\windows\system32\ImHttpComm.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_____ rev.800. -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
.
============= FINISH: 4:45:53.40 ===============

BC AdBot (Login to Remove)

 


#2 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:51 AM

Posted 02 November 2012 - 03:34 PM

Hello Jennifer :)

  • I will be helping with your computer problems.
  • From this point on, it is very important that you refrain from doing anything else to your computer other than what I have requested of you.
  • I do not mind if you browse the web, do basic tasks, or even test to see if the problem(s) you are experiencing are still occurring with the computer while we are working together, but do not run any tools/fixes unless I or another helper from this thread has asked you to do so.
  • Remember that you came here for help, so allow us to help you :)
  • If something does not run, make a detailed note of what problems you encountered along the way (exact error messages are preferred), but continue onto the next steps until you reach the end of my post.
  • Always do the steps they are listed in (left to right, top to bottom).
  • I prefer that you complete all the steps while you are in Normal Mode. However, I understand that sometimes this is not possible. If you are unsuccessful in getting a tool/fix to run from Normal Mode, but Safe Mode works, then use Safe Mode.
  • If you have a question about something, do not hesitate to ask.

Let's begin:

Posted Image Please download RogueKiller to your desktop.
  • Now rename RogueKiller.exe to winlogon.exe
  • Double-click winlogon.exe to run.
  • When it opens, press the Scan button
  • When the scan is finished, press the Delete button.
  • Please post the contents of the latest numbered RKreport.txt from your desktop to your next post.

__

Posted Image Please download and run TDSSKiller
  • VERY IMPORTANT: In the event that threats are detected, allow TDSSKiller to perform the default action by simply pressing the Continue button.
  • Do NOT change the default action on your own unless instructed by a malware helper! Doing so may render your computer unbootable.
  • If threats were detected, TDSSKiller will require a reboot in order to attempt to clean the system.
  • After the scan is complete, you can find the TDSSKiller log at the root of your C: drive.
    • Example: C:\TDSSKiller.2.8.10.0_29.09.2012_00.22.50_log.txt
  • Please post the contents of this file to your next message.

__

Posted Image From Add/Remove Programs (via Control Panel), please uninstall the below:

  • 1ClickDownloader
  • 1ClickDownloader 2.1
  • Driver Detective
  • Java™ 6 Update 22
  • Java™ 6 Update 29
  • Java™ SE Development Kit 6 Update 23
  • Java™ SE Development Kit 6 Update 29
  • Vuze Remote Toolbar
  • Web Assistant 2.0.0.485
  • Web Optimizer
  • xVideoServiceThief
  • Yontoo 1.10.02
  • YTD Toolbar v6.5
  • YTD Video Downloader 3.9

  • Please download and install CCleaner Slim
  • Open CCleaner and click the Options button
  • Now choose Advanced
  • Uncheck everything here except for Skip User Account Control warning
  • Now click the Cleaner button and press the Run Cleaner button at the bottom right of the program.
  • If this is your first time running this program, a prompt may appear asking for confirmation to delete temporary files. Go ahead and proceed.

__

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Double-click JRT.exe to run the tool
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please attach JRT.txt to your next message

Edited by thisisu, 02 November 2012 - 03:37 PM.


#3 Jennifer_W

Jennifer_W
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:51 AM

Posted 02 November 2012 - 05:14 PM

Hello Thisisu,

Thanks for the quick reply.

Here is my RougeKiller Report

RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Cory Duchesne [Admin rights]
Mode : Remove -- Date : 11/02/2012 18:14:59

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[25] : NtClose @ 0x805BC530 -> HOOKED (Unknown @ 0xA7C293CC)
SSDT[41] : NtCreateKey @ 0x806240F0 -> HOOKED (Unknown @ 0xA7C29386)
SSDT[50] : NtCreateSection @ 0x805AB3C8 -> HOOKED (Unknown @ 0xA7C293D6)
SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (Unknown @ 0xA7C2937C)
SSDT[63] : NtDeleteKey @ 0x8062458C -> HOOKED (Unknown @ 0xA7C2938B)
SSDT[65] : NtDeleteValueKey @ 0x8062475C -> HOOKED (Unknown @ 0xA7C29395)
SSDT[68] : NtDuplicateObject @ 0x805BE008 -> HOOKED (Unknown @ 0xA7C293C7)
SSDT[98] : NtLoadKey @ 0x80626314 -> HOOKED (Unknown @ 0xA7C2939A)
SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (Unknown @ 0xA7C29368)
SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (Unknown @ 0xA7C2936D)
SSDT[193] : NtReplaceKey @ 0x806261C4 -> HOOKED (Unknown @ 0xA7C293A4)
SSDT[204] : NtRestoreKey @ 0x80625AD0 -> HOOKED (Unknown @ 0xA7C2939F)
SSDT[213] : NtSetContextThread @ 0x805D173A -> HOOKED (Unknown @ 0xA7C293DB)
SSDT[247] : NtSetValueKey @ 0x80622662 -> HOOKED (Unknown @ 0xA7C29390)
SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (Unknown @ 0xA7C29377)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xA7C293E0)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xA7C293E5)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500JB-00GVC0 SCSI Disk Device +++++
--- User ---
[MBR] a7db8831ad2faf612bc89deebe8d0cde
[BSP] 3cf292b14505c41fc086b42777816c85 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: ST31000524AS +++++
--- User ---
[MBR] 4046a4610572ff03816a7d39fcd33fe5
[BSP] bc4298f0cf584187e819d6279e137bd3 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WD My Book 1140 USB Device +++++
--- User ---
[MBR] 826c768e1d647d67f8545950a13d16a5
[BSP] 717dd44c70d9301a3f6f6f49130ee44d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907696 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: StoreJet Transcend +++++
--- User ---
[MBR] 0698c768474f8fde6621ad2eeda9174e
[BSP] 8ac5fe38fbf8f88501f0b4765eb80245 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



--

Here is my TDSSKiller Report

18:16:39.0031 3112 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:16:39.0281 3112 ============================================================
18:16:39.0281 3112 Current date / time: 2012/11/02 18:16:39.0281
18:16:39.0281 3112 SystemInfo:
18:16:39.0281 3112
18:16:39.0281 3112 OS Version: 5.1.2600 ServicePack: 3.0
18:16:39.0281 3112 Product type: Workstation
18:16:39.0281 3112 ComputerName: CORY
18:16:39.0281 3112 UserName: Cory Duchesne
18:16:39.0281 3112 Windows directory: C:\WINDOWS
18:16:39.0281 3112 System windows directory: C:\WINDOWS
18:16:39.0281 3112 Processor architecture: Intel x86
18:16:39.0281 3112 Number of processors: 4
18:16:39.0281 3112 Page size: 0x1000
18:16:39.0281 3112 Boot type: Normal boot
18:16:39.0281 3112 ============================================================
18:16:39.0531 3112 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
18:16:39.0531 3112 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:16:39.0531 3112 Drive \Device\Harddisk2\DR4 - Size: 0x1D1BF100000 (1862.99 Gb), SectorSize: 0x200, Cylinders: 0x3B5FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:16:39.0531 3112 Drive \Device\Harddisk3\DR5 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:16:39.0906 3112 ============================================================
18:16:39.0906 3112 \Device\Harddisk0\DR0:
18:16:39.0906 3112 MBR partitions:
18:16:39.0906 3112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
18:16:39.0906 3112 \Device\Harddisk1\DR1:
18:16:39.0906 3112 MBR partitions:
18:16:39.0906 3112 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
18:16:39.0906 3112 \Device\Harddisk2\DR4:
18:16:39.0906 3112 MBR partitions:
18:16:39.0906 3112 \Device\Harddisk2\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8DF8000
18:16:39.0906 3112 \Device\Harddisk3\DR5:
18:16:39.0906 3112 MBR partitions:
18:16:39.0906 3112 \Device\Harddisk3\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
18:16:39.0906 3112 ============================================================
18:16:39.0968 3112 C: <-> \Device\Harddisk0\DR0\Partition1
18:16:39.0968 3112 E: <-> \Device\Harddisk1\DR1\Partition1
18:16:39.0984 3112 F: <-> \Device\Harddisk2\DR4\Partition1
18:16:40.0015 3112 H: <-> \Device\Harddisk3\DR5\Partition1
18:16:40.0015 3112 ============================================================
18:16:40.0015 3112 Initialize success
18:16:40.0015 3112 ============================================================
18:17:01.0203 5756 ============================================================
18:17:01.0203 5756 Scan started
18:17:01.0203 5756 Mode: Manual;
18:17:01.0203 5756 ============================================================
18:17:01.0859 5756 ================ Scan system memory ========================
18:17:01.0859 5756 System memory - ok
18:17:01.0859 5756 ================ Scan services =============================
18:17:02.0000 5756 Abiosdsk - ok
18:17:02.0000 5756 abp480n5 - ok
18:17:02.0031 5756 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:17:02.0046 5756 ACPI - ok
18:17:02.0062 5756 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:17:02.0062 5756 ACPIEC - ok
18:17:02.0093 5756 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\WINDOWS\system32\drivers\adfs.sys
18:17:02.0093 5756 adfs - ok
18:17:02.0203 5756 [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
18:17:02.0218 5756 Adobe Version Cue CS4 - ok
18:17:02.0218 5756 adpu160m - ok
18:17:02.0250 5756 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:17:02.0265 5756 aec - ok
18:17:02.0281 5756 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:17:02.0281 5756 AegisP - ok
18:17:02.0312 5756 [ 7618D5218F2A614672EC61A80D854A37 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:17:02.0328 5756 AFD - ok
18:17:02.0328 5756 Aha154x - ok
18:17:02.0328 5756 aic78u2 - ok
18:17:02.0328 5756 aic78xx - ok
18:17:02.0359 5756 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:17:02.0359 5756 Alerter - ok
18:17:02.0359 5756 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:17:02.0359 5756 ALG - ok
18:17:02.0359 5756 AliIde - ok
18:17:02.0375 5756 amsint - ok
18:17:02.0437 5756 [ B4837FE56D76B2E9EA90E5365CF6A2BE ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:17:02.0437 5756 AntiVirSchedulerService - ok
18:17:02.0468 5756 [ DF5A3016052755C910A206058B4A1729 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:17:02.0468 5756 AntiVirService - ok
18:17:02.0546 5756 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:17:02.0546 5756 Apple Mobile Device - ok
18:17:02.0593 5756 [ 70968A726D9DE0F0259D4AEB965FAD61 ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe
18:17:02.0593 5756 Application Updater - ok
18:17:02.0593 5756 AppMgmt - ok
18:17:02.0609 5756 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:17:02.0625 5756 Arp1394 - ok
18:17:02.0625 5756 asc - ok
18:17:02.0625 5756 asc3350p - ok
18:17:02.0625 5756 asc3550 - ok
18:17:02.0640 5756 [ 9D8CB58B9A9E177DDD599791A58A654D ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys
18:17:02.0656 5756 AsIO - ok
18:17:02.0703 5756 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:17:02.0734 5756 aspnet_state - ok
18:17:02.0750 5756 [ 8C1FD73CC27EDD8D3344C632571C224C ] AsSysCtrlService C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
18:17:02.0750 5756 AsSysCtrlService - ok
18:17:02.0750 5756 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:17:02.0765 5756 AsyncMac - ok
18:17:02.0781 5756 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:17:02.0781 5756 atapi - ok
18:17:02.0781 5756 Atdisk - ok
18:17:02.0796 5756 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:17:02.0812 5756 Atmarpc - ok
18:17:02.0812 5756 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:17:02.0828 5756 AudioSrv - ok
18:17:02.0843 5756 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:17:02.0843 5756 audstub - ok
18:17:02.0875 5756 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Program Files\Avira\AntiVir Desktop\avgio.sys
18:17:02.0875 5756 avgio - ok
18:17:02.0875 5756 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:17:02.0890 5756 avgntflt - ok
18:17:02.0890 5756 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:17:02.0906 5756 avipbb - ok
18:17:02.0921 5756 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:17:02.0921 5756 Beep - ok
18:17:02.0953 5756 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:17:03.0000 5756 BITS - ok
18:17:03.0046 5756 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:17:03.0046 5756 Bonjour Service - ok
18:17:03.0062 5756 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
18:17:03.0062 5756 Browser - ok
18:17:03.0328 5756 catchme - ok
18:17:03.0343 5756 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:17:03.0359 5756 cbidf2k - ok
18:17:03.0359 5756 cd20xrnt - ok
18:17:03.0375 5756 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:17:03.0375 5756 Cdaudio - ok
18:17:03.0421 5756 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:17:03.0421 5756 Cdfs - ok
18:17:03.0437 5756 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:17:03.0453 5756 Cdrom - ok
18:17:03.0453 5756 Changer - ok
18:17:03.0484 5756 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:17:03.0484 5756 CiSvc - ok
18:17:03.0500 5756 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:17:03.0500 5756 ClipSrv - ok
18:17:03.0531 5756 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:17:03.0562 5756 clr_optimization_v2.0.50727_32 - ok
18:17:03.0625 5756 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:17:03.0640 5756 clr_optimization_v4.0.30319_32 - ok
18:17:03.0640 5756 CmdIde - ok
18:17:03.0640 5756 COMSysApp - ok
18:17:03.0640 5756 Cpqarray - ok
18:17:03.0687 5756 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:17:03.0687 5756 CryptSvc - ok
18:17:03.0718 5756 [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
18:17:03.0734 5756 ctsfm2k - ok
18:17:03.0734 5756 dac2w2k - ok
18:17:03.0734 5756 dac960nt - ok
18:17:03.0765 5756 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:17:03.0765 5756 DcomLaunch - ok
18:17:03.0781 5756 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:17:03.0781 5756 Dhcp - ok
18:17:03.0796 5756 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:17:03.0796 5756 Disk - ok
18:17:03.0796 5756 dmadmin - ok
18:17:03.0828 5756 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:17:03.0859 5756 dmboot - ok
18:17:03.0859 5756 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:17:03.0875 5756 dmio - ok
18:17:03.0906 5756 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:17:03.0906 5756 dmload - ok
18:17:03.0921 5756 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:17:03.0921 5756 dmserver - ok
18:17:03.0937 5756 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:17:03.0953 5756 DMusic - ok
18:17:03.0968 5756 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:17:03.0968 5756 Dnscache - ok
18:17:04.0000 5756 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:17:04.0000 5756 Dot3svc - ok
18:17:04.0000 5756 dpti2o - ok
18:17:04.0000 5756 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:17:04.0015 5756 drmkaud - ok
18:17:04.0062 5756 [ E5B95C75557120881076C45CD146D72C ] DvmMDES C:\ASUS.SYS\config\DVMExportService.exe
18:17:04.0062 5756 DvmMDES - ok
18:17:04.0062 5756 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:17:04.0078 5756 EapHost - ok
18:17:04.0078 5756 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:17:04.0093 5756 ERSvc - ok
18:17:04.0109 5756 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:17:04.0109 5756 Eventlog - ok
18:17:04.0156 5756 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
18:17:04.0156 5756 EventSystem - ok
18:17:04.0218 5756 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:17:04.0218 5756 Fastfat - ok
18:17:04.0250 5756 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:17:04.0265 5756 FastUserSwitchingCompatibility - ok
18:17:04.0281 5756 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
18:17:04.0281 5756 Fdc - ok
18:17:04.0296 5756 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:17:04.0296 5756 Fips - ok
18:17:04.0375 5756 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:17:04.0390 5756 FLEXnet Licensing Service - ok
18:17:04.0390 5756 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
18:17:04.0390 5756 Flpydisk - ok
18:17:04.0437 5756 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:17:04.0437 5756 FltMgr - ok
18:17:04.0484 5756 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:17:04.0500 5756 FontCache3.0.0.0 - ok
18:17:04.0515 5756 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:17:04.0515 5756 Fs_Rec - ok
18:17:04.0515 5756 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:17:04.0531 5756 Ftdisk - ok
18:17:04.0562 5756 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:17:04.0578 5756 GEARAspiWDM - ok
18:17:04.0578 5756 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:17:04.0578 5756 Gpc - ok
18:17:04.0609 5756 [ 51FA91BB463B15FD8EACD5045C3F2FA6 ] hcmon C:\WINDOWS\system32\drivers\hcmon.sys
18:17:04.0625 5756 hcmon - ok
18:17:04.0625 5756 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:17:04.0625 5756 HDAudBus - ok
18:17:04.0671 5756 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:17:04.0671 5756 helpsvc - ok
18:17:04.0703 5756 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
18:17:04.0703 5756 HidServ - ok
18:17:04.0718 5756 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:17:04.0718 5756 hidusb - ok
18:17:04.0750 5756 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:17:04.0750 5756 hkmsvc - ok
18:17:04.0750 5756 hpn - ok
18:17:04.0781 5756 [ 970178E8E003EB1481293830069624B9 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
18:17:04.0781 5756 HSFHWBS2 - ok
18:17:04.0828 5756 [ EBB354438A4C5A3327FB97306260714A ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
18:17:04.0875 5756 HSF_DP - ok
18:17:04.0906 5756 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:17:04.0906 5756 HTTP - ok
18:17:04.0921 5756 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:17:04.0921 5756 HTTPFilter - ok
18:17:04.0921 5756 i2omgmt - ok
18:17:04.0921 5756 i2omp - ok
18:17:04.0921 5756 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:17:04.0937 5756 i8042prt - ok
18:17:05.0015 5756 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:17:05.0062 5756 idsvc - ok
18:17:05.0078 5756 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:17:05.0078 5756 Imapi - ok
18:17:05.0109 5756 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:17:05.0109 5756 ImapiService - ok
18:17:05.0109 5756 ini910u - ok
18:17:05.0109 5756 IntelIde - ok
18:17:05.0125 5756 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:17:05.0125 5756 intelppm - ok
18:17:05.0140 5756 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:17:05.0140 5756 Ip6Fw - ok
18:17:05.0171 5756 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:17:05.0171 5756 IpFilterDriver - ok
18:17:05.0171 5756 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:17:05.0171 5756 IpInIp - ok
18:17:05.0187 5756 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:17:05.0187 5756 IpNat - ok
18:17:05.0250 5756 [ B84A28B3984185EDA8867541AF14CDDB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:17:05.0250 5756 iPod Service - ok
18:17:05.0250 5756 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:17:05.0265 5756 IPSec - ok
18:17:05.0265 5756 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:17:05.0265 5756 IRENUM - ok
18:17:05.0296 5756 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:17:05.0296 5756 isapnp - ok
18:17:05.0375 5756 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
18:17:05.0375 5756 JavaQuickStarterService - ok
18:17:05.0406 5756 [ FE372FDE0AFC9F724ED9393A33AC9AA7 ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys
18:17:05.0406 5756 JRAID - ok
18:17:05.0421 5756 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:17:05.0421 5756 Kbdclass - ok
18:17:05.0437 5756 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:17:05.0437 5756 kbdhid - ok
18:17:05.0453 5756 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:17:05.0468 5756 kmixer - ok
18:17:05.0500 5756 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:17:05.0500 5756 KSecDD - ok
18:17:05.0546 5756 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:17:05.0546 5756 lanmanserver - ok
18:17:05.0578 5756 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:17:05.0578 5756 lanmanworkstation - ok
18:17:05.0593 5756 lbrtfdc - ok
18:17:05.0609 5756 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:17:05.0609 5756 LmHosts - ok
18:17:05.0656 5756 [ AF8EF3341DB8A3AA922C3C2A453D5677 ] MAUSBFT C:\WINDOWS\system32\DRIVERS\mausbft.sys
18:17:05.0656 5756 MAUSBFT - ok
18:17:05.0671 5756 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
18:17:05.0671 5756 MBAMProtector - ok
18:17:05.0734 5756 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:17:05.0734 5756 MBAMScheduler - ok
18:17:05.0781 5756 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:17:05.0781 5756 MBAMService - ok
18:17:05.0843 5756 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe
18:17:05.0859 5756 McComponentHostService - ok
18:17:05.0875 5756 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\WINDOWS\system32\DRIVERS\mcdbus.sys
18:17:05.0890 5756 mcdbus - ok
18:17:05.0906 5756 [ 195741AEE20369980796B557358CD774 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:17:05.0906 5756 mdmxsdk - ok
18:17:05.0921 5756 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:17:05.0921 5756 Messenger - ok
18:17:05.0984 5756 Microsoft SharePoint Workspace Audit Service - ok
18:17:06.0031 5756 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:17:06.0046 5756 mnmdd - ok
18:17:06.0093 5756 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:17:06.0109 5756 mnmsrvc - ok
18:17:06.0156 5756 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:17:06.0171 5756 Modem - ok
18:17:06.0187 5756 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:17:06.0203 5756 Mouclass - ok
18:17:06.0218 5756 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:17:06.0234 5756 mouhid - ok
18:17:06.0250 5756 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:17:06.0265 5756 MountMgr - ok
18:17:06.0296 5756 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:17:06.0312 5756 MozillaMaintenance - ok
18:17:06.0312 5756 mraid35x - ok
18:17:06.0312 5756 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:17:06.0328 5756 MRxDAV - ok
18:17:06.0375 5756 [ 0EA4D8ED179B75F8AFA7998BA22285CA ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:17:06.0390 5756 MRxSmb - ok
18:17:06.0437 5756 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:17:06.0437 5756 MSDTC - ok
18:17:06.0437 5756 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:17:06.0437 5756 Msfs - ok
18:17:06.0437 5756 MSIServer - ok
18:17:06.0453 5756 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:17:06.0453 5756 MSKSSRV - ok
18:17:06.0453 5756 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:17:06.0453 5756 MSPCLOCK - ok
18:17:06.0453 5756 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:17:06.0453 5756 MSPQM - ok
18:17:06.0468 5756 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:17:06.0468 5756 mssmbios - ok
18:17:06.0531 5756 MSSQL$SQLEXPRESS - ok
18:17:06.0562 5756 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:17:06.0578 5756 MSSQLServerADHelper - ok
18:17:06.0593 5756 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
18:17:06.0593 5756 MTsensor - ok
18:17:06.0625 5756 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:17:06.0625 5756 Mup - ok
18:17:06.0656 5756 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:17:06.0671 5756 napagent - ok
18:17:06.0687 5756 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:17:06.0703 5756 NDIS - ok
18:17:06.0718 5756 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:17:06.0718 5756 NdisTapi - ok
18:17:06.0718 5756 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:17:06.0718 5756 Ndisuio - ok
18:17:06.0750 5756 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:17:06.0750 5756 NdisWan - ok
18:17:06.0765 5756 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:17:06.0781 5756 NDProxy - ok
18:17:06.0781 5756 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:17:06.0781 5756 NetBIOS - ok
18:17:06.0796 5756 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:17:06.0812 5756 NetBT - ok
18:17:06.0828 5756 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:17:06.0843 5756 NetDDE - ok
18:17:06.0843 5756 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:17:06.0843 5756 NetDDEdsdm - ok
18:17:06.0859 5756 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:17:06.0875 5756 Netlogon - ok
18:17:06.0875 5756 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:17:06.0890 5756 Netman - ok
18:17:06.0906 5756 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:17:06.0921 5756 NetTcpPortSharing - ok
18:17:06.0921 5756 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:17:06.0921 5756 NIC1394 - ok
18:17:06.0937 5756 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:17:06.0937 5756 Nla - ok
18:17:06.0937 5756 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:17:06.0953 5756 Npfs - ok
18:17:07.0015 5756 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:17:07.0046 5756 Ntfs - ok
18:17:07.0046 5756 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:17:07.0046 5756 NtLmSsp - ok
18:17:07.0078 5756 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:17:07.0093 5756 NtmsSvc - ok
18:17:07.0109 5756 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:17:07.0109 5756 Null - ok
18:17:07.0375 5756 [ 4F7CC733A011AF34B07D72C56B6CC2CC ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:17:07.0625 5756 nv - ok
18:17:07.0656 5756 [ BF3B37406CFBFD88FA272E9ACC7ED202 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
18:17:07.0656 5756 nvsvc - ok
18:17:07.0671 5756 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:17:07.0687 5756 NwlnkFlt - ok
18:17:07.0687 5756 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:17:07.0687 5756 NwlnkFwd - ok
18:17:07.0765 5756 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:17:07.0781 5756 odserv - ok
18:17:07.0812 5756 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:17:07.0812 5756 ohci1394 - ok
18:17:07.0859 5756 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:17:07.0859 5756 ose - ok
18:17:08.0031 5756 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:17:08.0281 5756 osppsvc - ok
18:17:08.0312 5756 [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
18:17:08.0312 5756 ossrv - ok
18:17:08.0375 5756 [ 1DB419CB76493F6292CCFBDC3466F5FF ] P17 C:\WINDOWS\system32\drivers\P17.sys
18:17:08.0453 5756 P17 - ok
18:17:08.0484 5756 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
18:17:08.0500 5756 Parport - ok
18:17:08.0500 5756 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:17:08.0500 5756 PartMgr - ok
18:17:08.0515 5756 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:17:08.0531 5756 ParVdm - ok
18:17:08.0546 5756 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:17:08.0546 5756 PCI - ok
18:17:08.0546 5756 PCIDump - ok
18:17:08.0578 5756 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:17:08.0578 5756 PCIIde - ok
18:17:08.0593 5756 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:17:08.0609 5756 Pcmcia - ok
18:17:08.0609 5756 PDCOMP - ok
18:17:08.0609 5756 PDFRAME - ok
18:17:08.0609 5756 PDRELI - ok
18:17:08.0609 5756 PDRFRAME - ok
18:17:08.0609 5756 perc2 - ok
18:17:08.0609 5756 perc2hib - ok
18:17:08.0640 5756 [ 444F122E68DB44C0589227781F3C8B3F ] pfc C:\WINDOWS\system32\drivers\pfc.sys
18:17:08.0640 5756 pfc - ok
18:17:08.0656 5756 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:17:08.0656 5756 PlugPlay - ok
18:17:08.0671 5756 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:17:08.0671 5756 PolicyAgent - ok
18:17:08.0687 5756 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:17:08.0687 5756 PptpMiniport - ok
18:17:08.0687 5756 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:17:08.0687 5756 ProtectedStorage - ok
18:17:08.0687 5756 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:17:08.0687 5756 PSched - ok
18:17:08.0718 5756 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:17:08.0718 5756 Ptilink - ok
18:17:08.0734 5756 [ D970470F8F39470BDAE94D313A1CCDCE ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:17:08.0750 5756 PxHelp20 - ok
18:17:08.0750 5756 ql1080 - ok
18:17:08.0750 5756 Ql10wnt - ok
18:17:08.0750 5756 ql12160 - ok
18:17:08.0750 5756 ql1240 - ok
18:17:08.0750 5756 ql1280 - ok
18:17:08.0750 5756 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:17:08.0765 5756 RasAcd - ok
18:17:08.0781 5756 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:17:08.0781 5756 RasAuto - ok
18:17:08.0781 5756 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:17:08.0796 5756 Rasl2tp - ok
18:17:08.0812 5756 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:17:08.0812 5756 RasMan - ok
18:17:08.0812 5756 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:17:08.0828 5756 RasPppoe - ok
18:17:08.0828 5756 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:17:08.0828 5756 Raspti - ok
18:17:08.0843 5756 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:17:08.0859 5756 Rdbss - ok
18:17:08.0859 5756 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:17:08.0859 5756 RDPCDD - ok
18:17:08.0875 5756 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:17:08.0890 5756 RDPWD - ok
18:17:08.0906 5756 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:17:08.0906 5756 RDSessMgr - ok
18:17:08.0921 5756 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:17:08.0921 5756 redbook - ok
18:17:08.0953 5756 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:17:08.0953 5756 RemoteAccess - ok
18:17:08.0968 5756 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
18:17:08.0968 5756 RpcLocator - ok
18:17:09.0015 5756 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
18:17:09.0015 5756 RpcSs - ok
18:17:09.0046 5756 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:17:09.0046 5756 RSVP - ok
18:17:09.0109 5756 [ DE11516A1123A4FA32150F24AA749502 ] rtl8185 C:\WINDOWS\system32\DRIVERS\rtl8185.sys
18:17:09.0125 5756 rtl8185 - ok
18:17:09.0140 5756 [ E47C52F0380F0950E2BC9F1BCDC0DE9B ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
18:17:09.0156 5756 RTLE8023xp - ok
18:17:09.0250 5756 [ 93F66FAEA8BF047D4242AC85AADA403D ] RVIEG01 E:\Program Files\Band in a Box\Roland\Virtual Sound Canvas DXi\RVIEg01.sys
18:17:09.0250 5756 RVIEG01 - ok
18:17:09.0265 5756 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:17:09.0265 5756 SamSs - ok
18:17:09.0265 5756 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:17:09.0281 5756 SCardSvr - ok
18:17:09.0312 5756 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:17:09.0312 5756 Schedule - ok
18:17:09.0343 5756 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:17:09.0359 5756 Secdrv - ok
18:17:09.0359 5756 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:17:09.0375 5756 seclogon - ok
18:17:09.0375 5756 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:17:09.0375 5756 SENS - ok
18:17:09.0390 5756 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:17:09.0390 5756 serenum - ok
18:17:09.0390 5756 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:17:09.0406 5756 Serial - ok
18:17:09.0437 5756 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:17:09.0437 5756 Sfloppy - ok
18:17:09.0468 5756 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:17:09.0484 5756 SharedAccess - ok
18:17:09.0500 5756 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:17:09.0500 5756 ShellHWDetection - ok
18:17:09.0500 5756 Simbad - ok
18:17:09.0734 5756 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:17:09.0812 5756 Skype C2C Service - ok
18:17:09.0859 5756 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:17:09.0906 5756 SkypeUpdate - ok
18:17:09.0906 5756 Sparrow - ok
18:17:09.0937 5756 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:17:09.0937 5756 splitter - ok
18:17:09.0953 5756 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:17:09.0968 5756 Spooler - ok
18:17:10.0000 5756 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:17:10.0000 5756 SQLBrowser - ok
18:17:10.0031 5756 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:17:10.0031 5756 SQLWriter - ok
18:17:10.0046 5756 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:17:10.0046 5756 sr - ok
18:17:10.0109 5756 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:17:10.0109 5756 srservice - ok
18:17:10.0156 5756 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:17:10.0171 5756 Srv - ok
18:17:10.0187 5756 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:17:10.0187 5756 SSDPSRV - ok
18:17:10.0218 5756 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:17:10.0218 5756 ssmdrv - ok
18:17:10.0250 5756 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:17:10.0265 5756 stisvc - ok
18:17:10.0265 5756 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:17:10.0281 5756 swenum - ok
18:17:10.0281 5756 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:17:10.0281 5756 swmidi - ok
18:17:10.0281 5756 SwPrv - ok
18:17:10.0281 5756 symc810 - ok
18:17:10.0281 5756 symc8xx - ok
18:17:10.0281 5756 sym_hi - ok
18:17:10.0296 5756 sym_u3 - ok
18:17:10.0296 5756 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:17:10.0296 5756 sysaudio - ok
18:17:10.0328 5756 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:17:10.0343 5756 SysmonLog - ok
18:17:10.0343 5756 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:17:10.0343 5756 TapiSrv - ok
18:17:10.0390 5756 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:17:10.0406 5756 Tcpip - ok
18:17:10.0406 5756 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:17:10.0406 5756 TDPIPE - ok
18:17:10.0421 5756 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:17:10.0421 5756 TDTCP - ok
18:17:10.0421 5756 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:17:10.0421 5756 TermDD - ok
18:17:10.0453 5756 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:17:10.0453 5756 TermService - ok
18:17:10.0484 5756 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
18:17:10.0484 5756 Themes - ok
18:17:10.0484 5756 TosIde - ok
18:17:10.0500 5756 [ 2F4E8077FEBFE11199EE3B011A34CD18 ] TPkd C:\WINDOWS\system32\drivers\TPkd.sys
18:17:10.0515 5756 TPkd - ok
18:17:10.0531 5756 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:17:10.0546 5756 TrkWks - ok
18:17:10.0562 5756 [ 876F43A0E3DC856157B4B2DFC5305E4C ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys
18:17:10.0562 5756 TrueSight - ok
18:17:10.0578 5756 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:17:10.0578 5756 Udfs - ok
18:17:10.0640 5756 [ 215462AE7E6A897D675E84DD1E3B3B56 ] ufad-ws60 E:\VMware\VMware Workstation\vmware-ufad.exe
18:17:10.0640 5756 ufad-ws60 - ok
18:17:10.0640 5756 ultra - ok
18:17:10.0687 5756 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:17:10.0703 5756 Update - ok
18:17:10.0703 5756 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:17:10.0718 5756 upnphost - ok
18:17:10.0718 5756 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:17:10.0734 5756 UPS - ok
18:17:10.0765 5756 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
18:17:10.0765 5756 USBAAPL - ok
18:17:10.0781 5756 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
18:17:10.0796 5756 usbaudio - ok
18:17:10.0796 5756 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:17:10.0796 5756 usbccgp - ok
18:17:10.0812 5756 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:17:10.0812 5756 usbehci - ok
18:17:10.0812 5756 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:17:10.0828 5756 usbhub - ok
18:17:10.0859 5756 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:17:10.0859 5756 usbscan - ok
18:17:10.0875 5756 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:17:10.0875 5756 USBSTOR - ok
18:17:10.0875 5756 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:17:10.0875 5756 VgaSave - ok
18:17:10.0953 5756 [ 3082F6F16F90EBCC85BF2A3D9880F3C5 ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
18:17:11.0062 5756 VIAHdAudAddService - ok
18:17:11.0062 5756 ViaIde - ok
18:17:11.0078 5756 [ 7AC6239C65DADE55DEFD573B98616C3F ] VMAuthdService E:\VMware\VMware Workstation\vmware-authd.exe
18:17:11.0078 5756 VMAuthdService - ok
18:17:11.0109 5756 [ 6BF7FEF91D45FD2C68D71D454243E46D ] vmci C:\WINDOWS\system32\Drivers\vmci.sys
18:17:11.0125 5756 vmci - ok
18:17:11.0156 5756 [ 27DF4AECE721961F9C9064A31790F2EA ] vmkbd C:\WINDOWS\system32\drivers\VMkbd.sys
18:17:11.0156 5756 vmkbd - ok
18:17:11.0171 5756 [ E41704D8149992107B333CC7A52C07CC ] VMnetAdapter C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
18:17:11.0171 5756 VMnetAdapter - ok
18:17:11.0171 5756 [ 03C498BB100AD700377BBFD3ADEEB74F ] VMnetBridge C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
18:17:11.0187 5756 VMnetBridge - ok
18:17:11.0203 5756 [ D5F0D5EFAB7808FE2B79B5E0DF8A8B21 ] VMnetDHCP C:\WINDOWS\system32\vmnetdhcp.exe
18:17:11.0203 5756 VMnetDHCP - ok
18:17:11.0203 5756 [ 79BF063792ECBCE9BB065090A60A1E7C ] VMnetuserif C:\WINDOWS\system32\drivers\vmnetuserif.sys
18:17:11.0218 5756 VMnetuserif - ok
18:17:11.0234 5756 [ 19368F7C4DC6EF444B826249FC8A0E30 ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
18:17:11.0234 5756 VMUSBArbService - ok
18:17:11.0234 5756 [ D4401B0415023E24E4509EE979F0EAE6 ] VMware NAT Service C:\WINDOWS\system32\vmnat.exe
18:17:11.0250 5756 VMware NAT Service - ok
18:17:11.0281 5756 [ BA3992252DD311CE41FAFE565244FA6F ] vmx86 C:\WINDOWS\system32\Drivers\vmx86.sys
18:17:11.0296 5756 vmx86 - ok
18:17:11.0328 5756 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:17:11.0328 5756 VolSnap - ok
18:17:11.0359 5756 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:17:11.0375 5756 VSS - ok
18:17:11.0390 5756 [ 98929C5C5314C4C048E2F60492C26723 ] vstor2-ws60 E:\VMware\VMware Workstation\vstor2-ws60.sys
18:17:11.0406 5756 vstor2-ws60 - ok
18:17:11.0421 5756 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
18:17:11.0437 5756 W32Time - ok
18:17:11.0500 5756 [ F41E453A90EF19217CEE1675F5256EE7 ] wampapache c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
18:17:11.0515 5756 wampapache - ok
18:17:11.0531 5756 wampmysqld - ok
18:17:11.0546 5756 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:17:11.0546 5756 Wanarp - ok
18:17:11.0562 5756 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
18:17:11.0578 5756 WDC_SAM - ok
18:17:11.0609 5756 [ BF847A3972CC6B5CE26E0EA742DD52D9 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
18:17:11.0609 5756 WDDMService - ok
18:17:11.0671 5756 [ B5966F1DFF6E20576F3C8C2D93D129FD ] WDFME C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
18:17:11.0734 5756 WDFME - ok
18:17:11.0734 5756 WDICA - ok
18:17:11.0765 5756 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:17:11.0765 5756 wdmaud - ok
18:17:11.0812 5756 [ 92F0088CA18BB08BB596EF2608256F8A ] WDSC C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
18:17:11.0812 5756 WDSC - ok
18:17:11.0875 5756 [ 5941B8AA229C6E5D7924919D3EDE0843 ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
18:17:11.0875 5756 Web Assistant Updater - ok
18:17:11.0906 5756 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:17:11.0906 5756 WebClient - ok
18:17:11.0968 5756 [ 52C18A4B4AC4778B6980CF8284893FB8 ] WebOptimizer C:\WINDOWS\system32\dmwu.exe
18:17:11.0968 5756 WebOptimizer - ok
18:17:12.0015 5756 [ 1225EBEA76AAC3C84DF6C54FE5E5D8BE ] winachsf C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
18:17:12.0046 5756 winachsf - ok
18:17:12.0093 5756 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:17:12.0109 5756 winmgmt - ok
18:17:12.0140 5756 [ BB2C5A7A555B387B85481B8BDE5370D7 ] WLNdis50 C:\WINDOWS\system32\DRIVERS\wlndis50.sys
18:17:12.0140 5756 WLNdis50 - ok
18:17:12.0203 5756 [ 5BF6D377D3C277A3A174CAFAE32E5831 ] WLSVC C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WLSVC.exe
18:17:12.0203 5756 WLSVC - ok
18:17:12.0234 5756 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:17:12.0234 5756 WmdmPmSN - ok
18:17:12.0250 5756 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:17:12.0250 5756 WmiAcpi - ok
18:17:12.0265 5756 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:17:12.0265 5756 WmiApSrv - ok
18:17:12.0343 5756 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
18:17:12.0390 5756 WMPNetworkSvc - ok
18:17:12.0406 5756 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:17:12.0406 5756 WpdUsb - ok
18:17:12.0484 5756 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:17:12.0515 5756 WPFFontCache_v0400 - ok
18:17:12.0562 5756 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:17:12.0562 5756 WS2IFSL - ok
18:17:12.0593 5756 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:17:12.0593 5756 wscsvc - ok
18:17:12.0593 5756 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:17:12.0609 5756 wuauserv - ok
18:17:12.0640 5756 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:17:12.0640 5756 WudfPf - ok
18:17:12.0671 5756 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:17:12.0687 5756 WudfRd - ok
18:17:12.0703 5756 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:17:12.0703 5756 WudfSvc - ok
18:17:12.0750 5756 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:17:12.0750 5756 WZCSVC - ok
18:17:12.0765 5756 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:17:12.0781 5756 xmlprov - ok
18:17:12.0781 5756 ================ Scan global ===============================
18:17:12.0796 5756 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:17:12.0843 5756 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
18:17:12.0859 5756 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
18:17:12.0875 5756 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:17:12.0875 5756 [Global] - ok
18:17:12.0875 5756 ================ Scan MBR ==================================
18:17:12.0890 5756 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:17:13.0093 5756 \Device\Harddisk0\DR0 - ok
18:17:13.0093 5756 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
18:17:13.0093 5756 \Device\Harddisk1\DR1 - ok
18:17:13.0093 5756 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR4
18:17:13.0109 5756 \Device\Harddisk2\DR4 - ok
18:17:13.0156 5756 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR5
18:17:13.0156 5756 \Device\Harddisk3\DR5 - ok
18:17:13.0156 5756 ================ Scan VBR ==================================
18:17:13.0156 5756 [ 6484C6270063396BEA2F41C92A239471 ] \Device\Harddisk0\DR0\Partition1
18:17:13.0156 5756 \Device\Harddisk0\DR0\Partition1 - ok
18:17:13.0156 5756 [ 7533B5205DC20384FA685FAD328D1A1E ] \Device\Harddisk1\DR1\Partition1
18:17:13.0156 5756 \Device\Harddisk1\DR1\Partition1 - ok
18:17:13.0171 5756 [ 97793C6EBE782489632BE676E2C9BE30 ] \Device\Harddisk2\DR4\Partition1
18:17:13.0171 5756 \Device\Harddisk2\DR4\Partition1 - ok
18:17:13.0171 5756 [ 0A5220392DA8E1FA8011A20B294615C1 ] \Device\Harddisk3\DR5\Partition1
18:17:13.0171 5756 \Device\Harddisk3\DR5\Partition1 - ok
18:17:13.0171 5756 ============================================================
18:17:13.0171 5756 Scan finished
18:17:13.0171 5756 ============================================================
18:17:13.0171 2784 Detected object count: 0
18:17:13.0171 2784 Actual detected object count: 0

--

And here is my JRT report

Junkware Removal Tool (JRT) by Thisisu
Version: 2.4.9 (11.02.2012)
OS: Microsoft Windows XP x86
Ran by Cory Duchesne on Fri 11/02/2012 at 18:51:12.96
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] "hkey_classes_root\escort.escortiepane"
Successfully deleted: [KEY] "hkey_classes_root\escort.escortiepane.1"
Successfully deleted: [KEY] "hkey_classes_root\esrv.incredibaresrvc"
Successfully deleted: [KEY] "hkey_classes_root\esrv.incredibaresrvc.1"
Successfully deleted: [KEY] "hkey_current_user\software\conduit"
Successfully deleted: [KEY] "hkey_current_user\software\im"
Successfully deleted: [KEY] "hkey_current_user\software\iminstaller"
Successfully deleted: [KEY] "hkey_current_user\software\incredibar.com"
Successfully deleted: [KEY] "hkey_current_user\software\softonic"
Successfully deleted: [KEY] "hkey_current_user\software\sweetim"
Successfully deleted: [KEY] "hkey_current_user\software\web assistant"
Successfully deleted: [KEY] "hkey_local_machine\software\classes\appid\escort.dll"
Successfully deleted: [KEY] "hkey_local_machine\software\classes\appid\escortapp.dll"
Successfully deleted: [KEY] "hkey_local_machine\software\classes\appid\escorteng.dll"
Successfully deleted: [KEY] "hkey_local_machine\software\classes\appid\escortlbr.dll"
Successfully deleted: [KEY] "hkey_local_machine\software\classes\appid\esrv.exe"
Successfully deleted: [KEY] "hkey_local_machine\software\classes\conduit.engine"
Successfully deleted: [KEY] "hkey_local_machine\software\conduit"
Successfully deleted: [KEY] "hkey_local_machine\software\iminent"
Successfully deleted: [KEY] "hkey_local_machine\software\web assistant"
Successfully deleted: [KEY] hkey_classes_root\appid\{09c554c3-109b-483c-a06b-f14172f1a947}
Successfully deleted: [KEY] hkey_classes_root\interface\{22b0769f-794b-4422-ac84-47b123c8986d}
Successfully deleted: [KEY] hkey_classes_root\interface\{255e0b2a-d747-4eef-b7ce-159d73a3656d}
Successfully deleted: [KEY] hkey_classes_root\interface\{28ed590d-f5ed-4e05-a87f-1d759f1c6169}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\stats\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted: [KEY] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [KEY] hkey_classes_root\interface\{45d5b93f-e2ed-4af2-915e-dcddbda8c33c}
Successfully deleted: [KEY] hkey_classes_root\appid\{4e1e9d45-8bf9-4139-915c-9f83cc3d5921}
Successfully deleted: [KEY] hkey_classes_root\interface\{771b99ab-636f-4a11-9039-8dfeb927b061}
Successfully deleted: [KEY] hkey_classes_root\interface\{a36867c6-302d-49fc-9d8e-1eb037b5f1ab}
Successfully deleted: [KEY] hkey_classes_root\interface\{a8321aa2-2227-40c7-8525-6c2f4e1b0ebe}
Successfully deleted: [KEY] hkey_classes_root\interface\{aa41a731-6814-4a70-a6f1-c0a20fbbfbd5}
Successfully deleted: [KEY] hkey_classes_root\interface\{abbb8a9e-d8af-40d1-94be-5175077465fc}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [KEY] hkey_classes_root\appid\{b12e99ed-69bd-437c-86be-c862b9e5444d}
Successfully deleted: [KEY] hkey_classes_root\appid\{bdb69379-802f-4eaf-b541-f8de92dd98db}
Successfully deleted: [KEY] hkey_classes_root\interface\{bf737694-56f6-46fa-9fdc-fa99a5b25fad}
Successfully deleted: [KEY] hkey_classes_root\interface\{cfcd164e-8ac9-478e-9ecc-b616a932016c}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{cff4db9b-135f-47c0-9269-b4c6572fd61a}
Successfully deleted: [KEY] hkey_classes_root\interface\{d5961cc0-b442-4567-8030-67e241ef4cc2}
Successfully deleted: [KEY] hkey_classes_root\appid\{d7ee8177-d51e-4f89-92b6-83ea2ec40800}
Successfully deleted: [KEY] hkey_classes_root\typelib\{d7ee8177-d51e-4f89-92b6-83ea2ec40800}
Successfully deleted: [KEY] hkey_classes_root\interface\{e450067f-1c93-41a7-928e-07e5c2eec680}
Successfully deleted: [KEY] hkey_classes_root\appid\{ea28b360-05e0-4f93-8150-02891f1d8d3c}
Successfully deleted: [KEY] hkey_classes_root\interface\{f977d9f2-4bdc-44a6-b508-7c0284c61eed}



*** Files: 0 Detections



*** Folders:

Successfully deleted: [FOLDER] "C:\Program Files\Common Files\spigot"
Successfully deleted: [FOLDER] "C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\conduit"
Successfully deleted: [FOLDER] "C:\Program Files\conduit"



*** FireFox detected and repaired

Successfully deleted: [user.js] from C:\Documents and Settings\Cory Duchesne\Application Data\Mozilla\Firefox\Profiles\k73mo8ju.default
Successfully deleted: C:\user.js
Successfully deleted: [oneclickdownload@oneclickdownload.com] from C:\Documents and Settings\Cory Duchesne\Application Data\Mozilla\Firefox\Profiles\k73mo8ju.default\extensions
Failed to delete: [wtxpcom@mybrowserbar.com] from C:\Documents and Settings\Cory Duchesne\Application Data\Mozilla\Firefox\Profiles\k73mo8ju.default\extensions
Failed to delete: [ytd@mybrowserbar.com] from C:\Documents and Settings\Cory Duchesne\Application Data\Mozilla\Firefox\Profiles\k73mo8ju.default\extensions
Successfully deleted: [conduit.xml] from C:\Documents and Settings\Cory Duchesne\Application Data\Mozilla\Firefox\Profiles\k73mo8ju.default\searchplugins
Removed the following from [prefs.js] :

user_pref("browser.search.defaultenginename", "MyStart Search");
user_pref("browser.search.defaultthis.engineName", "Web Search");
user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}");
user_pref("browser.search.selectedEngine", "MyStart Search");
user_pref("browser.startup.homepage", "http://mystart.incredibar.com/mb128?a=6R8uW7EIl0&i=26");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.did", "10658");
user_pref("extensions.incredibar_i.excTlbr", false);
user_pref("extensions.incredibar_i.id", "109675c100000000000020cf303d11c5");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.instlDay", "15495");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.ppd", "");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6R8uW7EIl0&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.upn2", "6R8uW7EIl0");
user_pref("extensions.incredibar_i.upn2n", "92824475046340150");
user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1423:59:33");
user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
user_pref("keyword.URL", "http://mystart.incredibar.com/mb128/?loc=IB_DS&a=6R8uW7EIl0&&i=26&search=");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searchfor\",\"search.mywebsearch.com\":\"searchfor\",\"search.mindspark.com\":\"searchfor\",\"search.conduit.com\":\"q\",\"search.zugo.com\":\"p\",\"www2.mystart.com\":\"q\",\"www.mystart.com\":\"q\",\"www.bigseekpro.com\":\"q\",\"bigseekpro.com\":\"q\",\"bigspeedpro.com\":\"q\",\"search.esnips.com\":\"searchQuery\",\"search.foxtab.com\":\"q\",\"search.brothersoft.com\":\"keyword\",\"search.softonic.com\":\"q\",\"www.dogpile.com\":\"q\",\"search.infospace.com\":\"q\",\"search.iobit.com\":\"q\",\"search.iminent.com\":\"\",\"search.facemoods.com\":\"s\",\"www.plusnetwork.com\":\"q\",\"www.alothome.com\":\"q\",\"alothome.com\":\"q\",\"search.alothome.com\":\"q\",\"search.chatvibes.com\":\"q\",\"search.blekko.com\":\"\",\"www.searchnu.com\":\"q\",\"searchnu.com\":\"q\",\"search.icq.com\":\"q\",\"search.etype.com\":\"query\",\"isearch.babylon.com\":\"q\",\"search.utorrent.com\":\"\",\"search.bittorrent.com\":\"\",\"search.bearshare.com\":\"q\",\"search.bearshare.net\":\"q\",\"searchya.com\":\"q\",\"int.search-results.com\":\"q\",\"search.searchcompletion.com\":\"q\",\"www.adoresearch.com\":\"q\",\"www.searchcore.net\":\"q\",\"googosearch.info\":\"terms\",\"bar.searchqu.com\":\"q\",\"search.speedbit.com\":\"q\",\"search.toggle.com\":\"q\",\"click.searchnation.net\":\"query\",\"isearch.whitesmoke.com\":\"q\",\"search.handycafe.com\":\"q\",\"searchassist.babylon.com\":\"q\",\"searchnation.net\":\"query\",\"video.searchcompletion.com\":\"q\",\"www.searchbrowsing.com\":\"q\",\"search.anchorfree.net\":\"q\",\"search.hotspotshield.com\":\"q\",\"dts.search-results.com\":\"q\",\"uk.search-results.com\":\"q\",\"search.chatzum.com\":\"q\",\"search.phpnuke.org\":\"q\",\"www.i-mysearch.com\":\"q\",\"search.smartaddressbar.com\":\"q\",\"www.search-guru.com\":\"q\",\"mysearch.sweetim.com\":\"q\",\"searchgby.com\":\"\",\"thespecialsearch.com\":\"q\",\"search.bpath.com\":\"q\",\"start.funmoods.com\":\"q\",\"fr.search-results.com\":\"q\",\"de.search-results.com\":\"q\",\"it.search-results.com\":\"q\",\"es.search-results.com\":\"q\",\"search.imesh.com\":\"q\",\"search.swagbucks.com\":\"q\",\"isearch.avg.com\":\"q\",\"search.avg.com\":\"q\",\"search.yippy.com\":\"query\",\"cludr.com\":\"q\",\"search.vmn.net\":\"q\",\"www.gigablast.com\":\"q\",\"www.metacrawler.com\":\"q\",\"www.webcrawler.com\":\"q\",\"www.ixquick.com\":\"\",\"www.search.com\":\"q\",\"www.excite.com\":\"q\",\"duckduckgo.com\":\"q\",\"search.lycos.com\":\"q\",\"webfetch.com\":\"q\",\"monstercrawler.com\":\"q\",\"go.com\":\"p\",\"hotbot.com\":\"keyword\",\"home.myplaycity.com\":\"s\",\"www.findamo.com\":\"q\",\"search.gboxapp.com\":\"q\",\"start.iplay.com\":\"q\",\"home.speedbit.com\":\"q\",\"home.sweetim.com\":\"q\",\"search.alot.com\":\"q\",\"search.searchplusnetwork.com\":\"q\",\"www.searchqu.net\":\"\",\"us.yhs4.search.yahoo.com\":\"p\",\"search.insiteapp.com\":\"q\",\"somoto.com\":\"q\",\"blekko.com\":\"\",\"uk.yhs4.search.yahoo.com\":\"p\",\"fr.yhs4.search.yahoo.com\":\"p\",\"suggestor.netliker.com\":\"\",\"search.netliker.com\":\"\",\"insta-search.com\":\"q\",\"www.fast-search.biz\":\"q\",\"start.facemoods.com\":\"s\",\"search.coolnovo.com\":\"\",\"chromeplus.info\":\"q\",\"in.yhs4.search.yahoo.com\":\"p\",\"in.yhs.search.yahoo.com\":\"p\",\"www.searchble.com\":\"keyword\",\"home.allgameshome.com\":\"s\",\"forsearch.net\":\"q\",\"allssearch.com\":\"q\",\"search.snap.do\":\"q\",\"us.yhs.search.yahoo.com\":\"p\",\"uk.yhs.search.yahoo.com\":\"p\",\"fr.yhs.search.yahoo.com\":\"p\",\"search.smartsearchbox.net\":\"\",\"search.seznam.cz\":\"q\",\"search.funmoods.com\":\"s\",\"search.avira.com\":\"q\",\"search.jzip.com\":\"q\",\"search.findeer.com\":\"\",\"search-faster.com\":\"\",\"dnssearch.rr.com\":\"search\",\"search.rr.com\":\"q\",\"search.kalloutsearch4.com\":\"q\",\"kalloutsearch4.com\":\"Keywords\",\"search.rapidns.net\":\"SearchQuery\",\"websearch.4shared.com\":\"q\",\"images.search.conduit.com\":\"q\",\"search.cpchero.biz\":\"q\",\"search.kikin.com\":\"q\",\"www.engine-search.biz\":\"q\",\"www.mysearchresults.com\":\"q\",\"search.vdc.com.vn\":\"SearchQuery\",\"search.charter.net\":\"search\",\"search-vbc.com\":\"keywords\",\"search.pch.com\":\"q\",\"search.pantip.com\":\"\",\"www.startsearcher.com\":\"q\",\"search.icafemanager.com\":\"q\",\"aolsearcht10.search.aol.com\":\"q\",\"search.free.fr\":\"\",\"www.similarsitesearch.com\":\"URL\",\"qoqole.com\":\"q\",\"www.claro-search.com\":\"q\",\"isearch.claro-search.com\":\"q\",\"www.uncoverthenet.com/search\":\"q\",\"www.searchcanvas.com\":\"q\",\"search.etoolkit.com\":\"q\",\"www.searchalgo.com\":\"q\",\"bestsearchall.com\":\"q\",\"bestorganicsearch.com\":\"q\",\"mysearchproperties.com\":\"q\",\"search.treasuretrooper.com\":\"q\",\"btsearch.name\":\"q\",\"optu.search-help.net\":\"search\",\"search.clinck.in\":\"q\",\"search.shareazaweb.net\":\"q\",\"search.solarmash.com\":\"q\",\"search.surfcanyon.com\":\"q\",\"search.tedata.net\":\"SearchQuery\",\"www.gooofullsearch.com\":\"keywords\",\"www.alnaddy.com\":\"q\"}|||8641349827368982");


*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Fri 11/02/2012 at 19:06:19.65
End of Report


--

I completed the tasks as you requested.

#4 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:51 AM

Posted 02 November 2012 - 06:12 PM

Posted Image Open RogueKiller again.
  • Press the Fix Host button.
  • Please post the contents of the latest numbered RKreport.txt from your desktop to your next post.

__

Posted Image Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

__

Posted Image Please download OTL.

  • Save it to your desktop.
  • Right mouse click on the OTL icon on your desktop and select Run as Administrator
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Copy the text in the code box below and paste it into the Posted Image text-field.

    baseservices
    
  • Now click the Posted Image button.
  • Two reports will be created:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Paste the contents of OTL.txt here for me to review but attach Extras.txt

Edited by thisisu, 02 November 2012 - 06:12 PM.


#5 Jennifer_W

Jennifer_W
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:51 AM

Posted 02 November 2012 - 07:37 PM

Hi again,

There was a problem with the OTL scan. After the scan, a pop-up informed me that it could not find the .txt file that it was (trying?) to create. I also did not have the option to run the scan as an Admin, although I did try. I could manually switched over to admin and re-run the scan?

My Malwarebyes Anti Malware scan produced the following report:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.02.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Cory Duchesne :: CORY [administrator]

Protection: Enabled

11/2/2012 9:21:27 PM
mbam-log-2012-11-02 (21-21-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241791
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


My RogueKiller fix-hosts scan produced the following report

RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Cory Duchesne [Admin rights]
Mode : HOSTSFix -- Date : 11/02/2012 21:18:42

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[1].txt >>
RKreport[1].txt


Thanks for the help so far, I'll do my best to follow your instructions.

#6 Jennifer_W

Jennifer_W
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:51 AM

Posted 02 November 2012 - 07:41 PM

I just realized something. AFter the malwarebytes scan, I don't remember seeing a "show results" button. I only remember a notepad .txt report being automatically produced. Let me try again.

#7 Jennifer_W

Jennifer_W
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:51 AM

Posted 02 November 2012 - 07:42 PM

"The Scan is complete, no malicious items were detected." That's all anti-malwarebytes says.

#8 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:51 AM

Posted 02 November 2012 - 07:43 PM

Sorry my instructions were a bit misleading. The run as administrator option is only available to Windows Vista, 7, and 8.
Since you have Windows XP, you really only need to double-click the programs to open them.

Can you make sure that OTL.txt or Extras.txt are not in the same directory where OTL.exe is located?

Also let me know what problems remain with the computer.

#9 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:51 AM

Posted 02 November 2012 - 07:44 PM

"The Scan is complete, no malicious items were detected." That's all anti-malwarebytes says.

Got it, thanks :thumbup2:

#10 Jennifer_W

Jennifer_W
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:51 AM

Posted 02 November 2012 - 08:19 PM

Sorry my instructions were a bit misleading. The run as administrator option is only available to Windows Vista, 7, and 8.
Since you have Windows XP, you really only need to double-click the programs to open them.

Can you make sure that OTL.txt or Extras.txt are not in the same directory where OTL.exe is located?



ah yes, that was the problem.


Here is the report:

OTL logfile created on: 11/2/2012 10:09:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Cory Duchesne\Desktop\New Folder
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 51.16% Memory free
5.44 Gb Paging File | 3.24 Gb Available in Paging File | 59.58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 193.12 Gb Free Space | 82.93% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 500.29 Gb Free Space | 53.71% Space Free | Partition Type: NTFS
Drive F: | 1862.98 Gb Total Space | 1413.77 Gb Free Space | 75.89% Space Free | Partition Type: NTFS
Drive H: | 149.05 Gb Total Space | 95.87 Gb Free Space | 64.32% Space Free | Partition Type: NTFS

Computer Name: CORY | User Name: Cory Duchesne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/02 21:26:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cory Duchesne\Desktop\New Folder\OTL.exe
PRC - [2012/10/27 00:47:04 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/10/10 07:06:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/06/11 15:08:27 | 000,880,528 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/05/24 15:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Cory Duchesne\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/09/26 09:05:32 | 008,158,720 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe
PRC - [2011/09/26 08:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe
PRC - [2011/09/26 08:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe
PRC - [2011/07/05 10:09:11 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/28 09:01:28 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/25 23:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2011/03/25 23:42:04 | 000,129,648 | ---- | M] (VMware, Inc.) -- E:\VMware\VMware Workstation\vmware-tray.exe
PRC - [2011/03/25 23:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2011/03/25 23:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) -- E:\VMware\VMware Workstation\vmware-authd.exe
PRC - [2011/03/25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011/03/09 12:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2011/03/09 12:09:54 | 003,986,944 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2011/03/09 12:07:54 | 000,238,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2011/02/14 15:00:00 | 000,608,584 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2011/01/16 17:04:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/12/31 09:40:06 | 001,169,920 | ---- | M] (Aestan Software) -- C:\wamp\wampmanager.exe
PRC - [2010/12/13 09:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/09/02 17:18:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe
PRC - [2010/07/07 17:39:10 | 009,936,000 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010/07/07 11:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010/07/04 16:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2010/06/24 03:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010/04/28 17:54:34 | 000,380,928 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanCU.exe
PRC - [2010/01/21 02:18:38 | 000,226,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/27 01:13:32 | 007,274,496 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
PRC - [2009/10/03 00:32:51 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/07/17 16:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2009/02/11 08:48:00 | 000,480,264 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
PRC - [2008/09/10 19:36:10 | 016,188,784 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe
PRC - [2008/04/13 21:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/01 18:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2005/10/31 11:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/27 00:47:03 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/10/10 07:06:15 | 000,460,312 | ---- | M] () -- C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 07:06:13 | 012,435,992 | ---- | M] () -- C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012/10/10 07:06:12 | 004,005,912 | ---- | M] () -- C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 07:04:57 | 000,578,072 | ---- | M] () -- C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012/10/10 07:04:55 | 000,123,928 | ---- | M] () -- C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012/10/10 07:04:44 | 000,156,712 | ---- | M] () -- C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 07:04:43 | 000,275,496 | ---- | M] () -- C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 07:04:42 | 002,168,360 | ---- | M] () -- C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2011/09/26 09:05:32 | 008,158,720 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe
MOD - [2011/04/14 09:57:24 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll
MOD - [2011/04/14 09:57:23 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1d03df7f7548613e8beab2cc21e57910\System.Runtime.Remoting.ni.dll
MOD - [2011/04/14 02:52:14 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
MOD - [2011/04/14 02:51:58 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
MOD - [2011/03/25 23:42:18 | 000,970,352 | ---- | M] () -- E:\VMware\VMware Workstation\libxml2.dll
MOD - [2011/03/25 23:41:50 | 000,068,720 | ---- | M] () -- E:\VMware\VMware Workstation\zlib1.dll
MOD - [2011/03/09 12:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/11/08 12:15:40 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
MOD - [2010/10/21 18:51:08 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/07/04 18:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 16:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2010/06/24 03:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
MOD - [2010/06/17 15:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/06/01 11:38:40 | 000,253,952 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\pngio.dll
MOD - [2010/04/28 17:54:34 | 000,380,928 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanCU.exe
MOD - [2010/02/08 18:19:52 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
MOD - [2010/01/30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/10/08 13:21:00 | 000,233,472 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanDll.dll
MOD - [2009/09/30 00:33:07 | 000,024,576 | R--- | M] () -- C:\WINDOWS\system32\AsIO.dll
MOD - [2009/08/27 20:41:46 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\EPU-6 Engine\pngio.dll
MOD - [2009/08/27 20:41:46 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\EPU-6 Engine\AsSpindownTimeout.dll
MOD - [2009/04/22 21:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files\ASUS\EPU-6 Engine\AsusService.dll
MOD - [2009/03/24 15:01:00 | 000,233,472 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanSup.dll
MOD - [2009/03/10 20:03:52 | 000,184,320 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WPSCtrl.dll
MOD - [2009/02/27 17:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 17:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2009/01/23 12:58:00 | 000,212,992 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanCtl.dll
MOD - [2008/09/10 19:11:14 | 000,880,640 | ---- | M] () -- C:\Program Files\Adobe\Adobe Dreamweaver CS4\Workspace.dll
MOD - [2008/09/10 18:35:38 | 000,424,960 | ---- | M] () -- C:\Program Files\Adobe\Adobe Dreamweaver CS4\AdobeXMP.dll
MOD - [2008/09/10 18:34:54 | 004,768,768 | ---- | M] () -- C:\Program Files\Adobe\Adobe Dreamweaver CS4\authplay.dll
MOD - [2008/09/10 18:31:48 | 000,077,824 | ---- | M] () -- C:\Program Files\Adobe\Adobe Dreamweaver CS4\AlcidDLL.dll
MOD - [2008/09/10 18:30:50 | 000,200,704 | ---- | M] () -- C:\Program Files\Adobe\Adobe Dreamweaver CS4\neon.dll
MOD - [2008/09/10 18:30:44 | 000,843,776 | ---- | M] () -- C:\Program Files\Adobe\Adobe Dreamweaver CS4\libeay32.dll
MOD - [2008/09/10 18:30:44 | 000,159,744 | ---- | M] () -- C:\Program Files\Adobe\Adobe Dreamweaver CS4\ssleay32.dll
MOD - [2008/09/10 18:27:38 | 004,769,792 | ---- | M] () -- C:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\flash player\authplay.dll
MOD - [2008/09/10 18:25:22 | 000,585,728 | ---- | M] () -- C:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\knowledgeengines\JS_KnowledgeEngine.dll
MOD - [2008/06/27 11:10:30 | 000,118,784 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanWPS.dll
MOD - [2008/04/13 21:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 21:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/12/15 02:30:54 | 001,167,360 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\acAuth.dll
MOD - [2005/05/03 08:38:42 | 000,064,512 | R--- | M] () -- C:\WINDOWS\system32\P17.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/27 00:47:03 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/26 09:05:32 | 008,158,720 | ---- | M] () [On_Demand | Running] -- c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe -- (wampmysqld)
SRV - [2011/09/26 08:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) [On_Demand | Running] -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2011/07/05 10:09:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/28 09:01:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/25 23:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011/03/25 23:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2011/03/25 23:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- E:\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/03/25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011/03/09 12:18:06 | 001,060,864 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011/03/09 12:16:56 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 12:07:54 | 000,238,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2011/01/16 17:04:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/02 17:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- E:\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/06/24 03:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/17 16:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/02/11 20:12:38 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WLSVC.exe -- (WLSVC)
SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\CORYDU~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/05 10:09:13 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/05 10:09:13 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/03/25 23:42:48 | 000,854,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2011/03/25 23:42:46 | 000,070,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2011/03/25 23:41:18 | 000,024,688 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2011/03/25 23:40:34 | 000,032,752 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2011/03/25 23:40:30 | 000,026,352 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2011/03/25 22:27:32 | 000,032,368 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2011/03/25 20:05:00 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2011/02/16 17:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/08/19 13:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- E:\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2010/08/04 21:16:54 | 002,127,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/12/02 13:56:16 | 000,092,792 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/10/18 22:56:10 | 000,099,440 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2009/08/03 23:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2009/06/05 04:16:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/11 08:47:48 | 000,156,552 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mausbft.sys -- (MAUSBFT)
DRV - [2008/02/27 11:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2005/07/07 05:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/01/10 07:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 07:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/08/12 23:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/04/01 17:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/04/13 19:16:38 | 000,187,992 | ---- | M] (Roland) [Kernel | Auto | Running] -- E:\Program Files\Band in a Box\Roland\Virtual Sound Canvas DXi\RVIEg01.sys -- (RVIEG01)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {44475ACF-AC79-4352-B49B-5C569BA1927D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{44475ACF-AC79-4352-B49B-5C569BA1927D}: "URL" = http://google.com/search?q={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKU\S-1-5-21-1085031214-1965331169-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-1085031214-1965331169-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1085031214-1965331169-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1085031214-1965331169-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-1085031214-1965331169-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-1085031214-1965331169-839522115-1004\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\S-1-5-21-1085031214-1965331169-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1085031214-1965331169-839522115-1004\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-1085031214-1965331169-839522115-1004\..\SearchScopes\{E407D1B7-4346-45E7-92AA-F0B95D2EDB89}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-1085031214-1965331169-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1085031214-1965331169-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..extensions.enabledAddons: inspector@mozilla.org:2.0.13
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 00:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 00:46:55 | 000,000,000 | ---D | M]

[2011/01/14 22:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cory Duchesne\Application Data\Mozilla\Extensions
[2012/11/02 20:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cory Duchesne\Application Data\Mozilla\Firefox\Profiles\k73mo8ju.default\extensions
[2012/09/04 20:09:10 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Cory Duchesne\Application Data\Mozilla\Firefox\Profiles\k73mo8ju.default\extensions\inspector@mozilla.org
[2012/11/02 20:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cory Duchesne\Application Data\Mozilla\Firefox\Profiles\k73mo8ju.default\extensions\trash
[2012/11/02 20:17:44 | 002,042,908 | ---- | M] () (No name found) -- C:\Documents and Settings\Cory Duchesne\Application Data\Mozilla\Firefox\Profiles\k73mo8ju.default\extensions\firebug@software.joehewitt.com.xpi
[2012/08/23 17:50:33 | 000,341,143 | ---- | M] () (No name found) -- C:\Documents and Settings\Cory Duchesne\Application Data\Mozilla\Firefox\Profiles\k73mo8ju.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012/09/08 00:51:47 | 001,268,546 | ---- | M] () (No name found) -- C:\Documents and Settings\Cory Duchesne\Application Data\Mozilla\Firefox\Profiles\k73mo8ju.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/10/26 19:12:48 | 002,042,937 | ---- | M] () (No name found) -- C:\Documents and Settings\Cory Duchesne\Application Data\Mozilla\Firefox\Profiles\k73mo8ju.default\extensions\trash\firebug@software.joehewitt.com.xpi
[2012/06/03 23:59:13 | 000,002,203 | ---- | M] () -- C:\Documents and Settings\Cory Duchesne\Application Data\Mozilla\Firefox\Profiles\k73mo8ju.default\searchplugins\MyStart Search.xml
[2012/10/27 00:46:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/02 04:54:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/01/02 15:20:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/10/27 00:47:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/24 18:38:05 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/18 05:11:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/13 15:51:05 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb128/?loc=IB_DS&search={searchTerms}&a=6R8uW7EIl0&i=26
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = E:\itunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Entanglement = C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: MeasureIt! = C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgma\1.1.3_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.46_0\
CHR - Extension: Eye Dropper = C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka\0.2.6_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Poppit = C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Aviary = C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ncgcgghbabbopfcpgcjpfffdgnbadegf\0.59.0_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.0_0\
CHR - Extension: RSS Feed Reader = C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\3.3.15_0\
CHR - Extension: FTP Client = C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\poodjdhopfiiphkpildgjgkbidopdphm\1.0_0\

O1 HOSTS File: ([2012/11/02 21:18:41 | 000,000,019 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-1085031214-1965331169-839522115-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [TurboV Help] C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [vmware-tray] E:\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-1085031214-1965331169-839522115-1004..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanCU.exe ()
O4 - Startup: C:\Documents and Settings\Cory Duchesne\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Cory Duchesne\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Cory Duchesne\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\Cory Duchesne\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Cory Duchesne\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-1965331169-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1085031214-1965331169-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1085031214-1965331169-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1085031214-1965331169-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - E:\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - E:\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC88D6F9-208B-4A68-A2A8-F33DBAD8CE05}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/01 02:55:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/02 22:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cory Duchesne\Desktop\New Folder
[2012/11/02 21:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cory Duchesne\Desktop\RK_Quarantine
[2012/11/02 19:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cory Duchesne\Desktop\malware_fiasco
[2012/11/02 18:51:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2012/11/02 18:51:12 | 000,000,000 | ---D | C] -- C:\JRT
[2012/11/02 18:47:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/11/02 18:47:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cory Duchesne\Recent
[2012/11/02 18:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/11/02 18:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/11/02 18:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cory Duchesne\Desktop\programs to replace
[2012/11/02 18:21:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/02 00:51:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/11/02 00:49:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/11/02 00:49:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/11/02 00:49:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/11/02 00:49:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/11/02 00:48:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/02 00:48:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/11/02 00:45:25 | 004,991,994 | R--- | C] (Swearware) -- C:\Documents and Settings\Cory Duchesne\Desktop\ComboFix.exe
[2012/11/02 00:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\NPE
[2012/11/02 00:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/11/01 04:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/11/01 04:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cory Duchesne\Start Menu\Programs\Sophos
[2012/11/01 04:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/10/27 00:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/13 15:25:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cory Duchesne\Desktop\nancyYu_files
[2012/10/12 21:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cory Duchesne\Desktop\things I stopped Using
[2012/10/12 21:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cory Duchesne\Desktop\activityForFall_2012
[2012/10/09 17:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CamStudio
[2012/10/09 17:37:45 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\WINDOWS\System32\CamCodec.dll
[2012/10/09 17:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio 2.6b
[2012/10/04 07:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Python 3.2
[2012/10/04 07:37:38 | 000,000,000 | ---D | C] -- C:\Python32
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/02 21:27:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1965331169-839522115-1004UA.job
[2012/11/02 21:18:41 | 000,000,019 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/02 18:44:10 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/11/02 18:11:47 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012/11/02 18:07:03 | 000,526,012 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/02 18:07:03 | 000,096,380 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/02 18:00:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/02 06:27:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1965331169-839522115-1004Core.job
[2012/11/02 03:50:55 | 000,120,832 | ---- | M] () -- C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/02 00:51:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/11/02 00:44:47 | 004,991,994 | R--- | M] (Swearware) -- C:\Documents and Settings\Cory Duchesne\Desktop\ComboFix.exe
[2012/11/02 00:26:08 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SMRResults311.dat
[2012/11/02 00:24:57 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/11/01 21:50:43 | 000,002,577 | ---- | M] () -- C:\Documents and Settings\Cory Duchesne\Desktop\Sophos Virus Removal Tool.lnk
[2012/11/01 17:44:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/01 04:03:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cory Duchesne\defogger_reenable
[2012/10/31 11:50:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/10/30 21:59:15 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/16 14:54:35 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Cory Duchesne\Desktop\backup_WD_storage.lnk
[2012/10/15 21:54:38 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\Cory Duchesne\Desktop\Notepad++.lnk
[2012/10/13 15:33:20 | 000,000,450 | ---- | M] () -- C:\Documents and Settings\Cory Duchesne\My Documents\Shortcut to NetBeansProjects.lnk
[2012/10/12 21:15:05 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\Cory Duchesne\Desktop\Adobe Dreamweaver CS4.lnk
[2012/10/10 18:28:32 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Cory Duchesne\Desktop\Google Chrome.lnk
[2012/10/10 18:28:32 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Cory Duchesne\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/09 17:37:47 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CamStudio-Recorder.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/02 18:44:10 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/11/02 00:51:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/11/02 00:51:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/11/02 00:49:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/02 00:49:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/02 00:49:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/02 00:49:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/02 00:49:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/11/02 00:25:55 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SMRResults311.dat
[2012/11/01 04:30:59 | 000,002,577 | ---- | C] () -- C:\Documents and Settings\Cory Duchesne\Desktop\Sophos Virus Removal Tool.lnk
[2012/11/01 04:03:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cory Duchesne\defogger_reenable
[2012/10/30 21:59:15 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/16 14:54:35 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Cory Duchesne\Desktop\backup_WD_storage.lnk
[2012/10/15 21:54:38 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\Cory Duchesne\Desktop\Notepad++.lnk
[2012/10/13 18:27:13 | 000,000,419 | ---- | C] () -- C:\Documents and Settings\Cory Duchesne\Desktop\www_wamp.lnk
[2012/10/13 15:33:20 | 000,000,450 | ---- | C] () -- C:\Documents and Settings\Cory Duchesne\My Documents\Shortcut to NetBeansProjects.lnk
[2012/10/12 21:15:05 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\Cory Duchesne\Desktop\Adobe Dreamweaver CS4.lnk
[2012/10/09 17:37:47 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CamStudio-Recorder.lnk
[2012/04/18 04:03:55 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swf2avi.INI
[2012/04/18 04:03:52 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/04/18 04:03:52 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/01/07 01:15:50 | 000,209,192 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/12/19 18:26:03 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2011/12/19 18:26:03 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/10/29 19:48:07 | 000,067,164 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/09/17 21:24:48 | 000,000,094 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2011/08/28 19:19:22 | 000,716,800 | ---- | C] () -- C:\WINDOWS\System32\WTLXPan.exe
[2011/08/28 19:19:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\WTLXAsio.dll
[2011/08/28 19:19:22 | 000,028,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\WTLX.sys
[2011/08/28 19:19:22 | 000,022,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\WTLXwdm.sys
[2011/07/23 01:57:26 | 000,003,446 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2011/07/08 07:43:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/22 06:02:25 | 000,120,832 | ---- | C] () -- C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/11 11:29:33 | 000,119,125 | ---- | C] () -- C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\debuggee.mdmp
[2011/03/25 19:54:52 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2011/02/03 10:03:49 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011/01/15 19:23:22 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2011/01/15 19:23:22 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2011/01/14 22:46:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/10 07:08:55 | 000,000,654 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/01/05 15:41:18 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/04 00:45:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2011/01/01 20:54:33 | 000,242,268 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/01 20:54:32 | 000,242,268 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/01 20:54:32 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/01 20:54:25 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/01 20:11:07 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2011/01/01 20:11:07 | 000,011,296 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2011/01/01 20:11:05 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2011/01/01 20:11:05 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2011/01/01 08:02:24 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/01/01 07:56:11 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011/01/01 07:56:03 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011/01/01 07:55:58 | 000,028,907 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/01/01 07:55:58 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011/01/01 02:57:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/01 02:53:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/30 22:40:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/30 22:39:04 | 002,194,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2011/01/01 20:22:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 21:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 09:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 21:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 21:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 21:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 21:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/13 21:11:50 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 21:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 21:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 14:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 08:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 21:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 20:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 21:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 21:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 21:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 21:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 21:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 21:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 21:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 21:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 21:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 13:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 08:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 10:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 21:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 21:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 21:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 09:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 21:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 21:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 21:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 21:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 02:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 20:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 21:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 21:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 21:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 21:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 21:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 20:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 21:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 21:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 21:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 21:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 21:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 21:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
No service found with a name of Wmi
SRV - [2008/04/13 21:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 21:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 03:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 1358 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:DvtDhgLuqK05lUoI2S44o0JH
@Alternate Data Stream - 1354 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ALcslbiyXZj2eDFB1
@Alternate Data Stream - 1332 bytes -> C:\Program Files\WindowsUpdate:y31C80eHj1rCDK2PJcPCqcH
@Alternate Data Stream - 1249 bytes -> C:\Program Files\WindowsUpdate:cV5qwUbQmSAdHuZ85fYhc86P
@Alternate Data Stream - 1242 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:rfo7NcuOenBjOf5eSiVuSHG
@Alternate Data Stream - 1221 bytes -> C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\6dDV2soM4:Nux1Ix1vQp0e1fK0ENHnUi
@Alternate Data Stream - 1213 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:UgEVO8WRMJCRumBwVX9uaB

< End of report >

#11 Jennifer_W

Jennifer_W
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:51 AM

Posted 02 November 2012 - 08:31 PM

Also let me know what problems remain with the computer.


honestly, I'm not sure if there is a problem anymore. The spammy hyperlinks that were all over my paragraphs (creating lite box ads) are now gone, and I'm just waiting to see if that pop up comes up again on the Bottom right corner (successfully blocked access to a potentially malicious website outgoing...)

I've been watching and waiting for it for quite a few minutes.

I think the problem might be fixed. :huh:

I'll work on the computer here for a few hours and I'll post one last message to confirm. :)




Damn. Not fixed. I'm still getting that message at the bottom.

"successfully blocked access to a potentially malicious website outgoing"


However, there is an improvement. The hyperlinks are gone, so there must have been either two issues, or two components of a single issue.

Edited by Jennifer_W, 02 November 2012 - 08:35 PM.


#12 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:51 AM

Posted 02 November 2012 - 08:54 PM

Posted Image Fix items using OTL by OldTimer

Double-click OTL.exe to run the program.
Shutdown your antivirus to avoid any conflicts.
Copy the text in the code box below and paste it into the Posted Image text-field.
:processes
killallprocesses
:otl
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\CORYDU~1\LOCALS~1\Temp\catchme.sys -- (catchme)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
[2012/06/03 23:59:13 | 000,002,203 | ---- | M] () -- C:\Documents and Settings\Cory Duchesne\Application Data\Mozilla\Firefox\Profiles\k73mo8ju.default\searchplugins\MyStart Search.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2012/11/02 00:26:08 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SMRResults311.dat
@Alternate Data Stream - 1358 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:DvtDhgLuqK05lUoI2S44o0JH
@Alternate Data Stream - 1354 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ALcslbiyXZj2eDFB1
@Alternate Data Stream - 1332 bytes -> C:\Program Files\WindowsUpdate:y31C80eHj1rCDK2PJcPCqcH
@Alternate Data Stream - 1249 bytes -> C:\Program Files\WindowsUpdate:cV5qwUbQmSAdHuZ85fYhc86P
@Alternate Data Stream - 1242 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:rfo7NcuOenBjOf5eSiVuSHG
@Alternate Data Stream - 1221 bytes -> C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\6dDV2soM4:Nux1Ix1vQp0e1fK0ENHnUi
@Alternate Data Stream - 1213 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:UgEVO8WRMJCRumBwVX9uaB
:files
C:\Program Files\Web Assistant /d
C:\WINDOWS\System32\P17.dll /d
dir C:\Program Files\WindowsUpdate /c
:reg
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"=-
:commands
[emptytemp]
Now click the Posted Image button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open with a log report.
Post the contents of this report into your next message.
Also test if the problems are still persisting.

#13 Jennifer_W

Jennifer_W
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:51 AM

Posted 02 November 2012 - 09:48 PM

I gave it a try and my computer froze and the desktop was wiped with only my wallpaper as a background. I waited for about ten minutes, and got the strong impression it was seized up.

I turned off the computer, and now it's back on. Everything seems ok. Should I try again? Maybe in safe mode?

#14 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:51 AM

Posted 02 November 2012 - 11:24 PM

Check to see if there is a log at: C:\_OTL\MovedFiles

If there is not, please run the same fix from Safe Mode.

#15 Jennifer_W

Jennifer_W
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:51 AM

Posted 03 November 2012 - 02:14 AM

Hey there. Ok, the OTL runFix worked in safemode. Here is the report:


All processes killed
========== PROCESSES ==========
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\CORYDU~1\LOCALS~1\Temp\catchme.sys not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
File C:\Program Files\Web Assistant\Firefox not found.
C:\Documents and Settings\Cory Duchesne\Application Data\Mozilla\Firefox\Profiles\k73mo8ju.default\searchplugins\MyStart Search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\P17Helper deleted successfully.
C:\WINDOWS\system32\P17.dll moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\All Users\Application Data\SMRResults311.dat moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:DvtDhgLuqK05lUoI2S44o0JH deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:ALcslbiyXZj2eDFB1 deleted successfully.
ADS C:\Program Files\WindowsUpdate:y31C80eHj1rCDK2PJcPCqcH deleted successfully.
ADS C:\Program Files\WindowsUpdate:cV5qwUbQmSAdHuZ85fYhc86P deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:rfo7NcuOenBjOf5eSiVuSHG deleted successfully.
ADS C:\Documents and Settings\Cory Duchesne\Local Settings\Application Data\6dDV2soM4:Nux1Ix1vQp0e1fK0ENHnUi deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:UgEVO8WRMJCRumBwVX9uaB deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\Web Assistant not found.
File\Folder C:\WINDOWS\System32\P17.dll not found.
< dir C:\Program Files\WindowsUpdate /c >
C:\Documents and Settings\Cory Duchesne\Desktop\New Folder\cmd.bat deleted successfully.
C:\Documents and Settings\Cory Duchesne\Desktop\New Folder\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\P17Helper not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Cory Duchesne
->Temp folder emptied: 322503 bytes
->Temporary Internet Files folder emptied: 3208984 bytes
->Java cache emptied: 14123661 bytes
->FireFox cache emptied: 64528878 bytes
->Google Chrome cache emptied: 151460349 bytes
->Flash cache emptied: 42245 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49219 bytes

User: NetworkService
->Temp folder emptied: 114688 bytes
->Temporary Internet Files folder emptied: 82054 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 710338 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 94319108 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 314.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11032012_040241

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Edited by Jennifer_W, 03 November 2012 - 02:15 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users