Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SSL/TLS link troubles, BSOD, high CPU utilization for explorer


  • This topic is locked This topic is locked
12 replies to this topic

#1 dbh369

dbh369

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:55 AM

Posted 13 November 2013 - 10:49 PM

Posted from http://www.bleepingcomputer.com/forums/t/513560/ssl-blocking-and-bsod/

 

On my work (wired) lan, I am regularly, but not always, unable to access any SSL/TLS site. I've also seen recently BSODs with various drivers named as the culprit. Ran full Webroot scan, nothing. Ran Malwarebytes, eventually 'stuck' after scanning files, where it found nothing (but set off Webroot a couple of times.) Ran Avast scan, nothing. Ran GMER and got rootkit warning. This line was in my GMER output:

Library         pö¶ö¶ é||ö¶ (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [5588]                                                                          0x07EA0000            

This vaguely resembles TDSS but not sure. I have the full log from GMER and from a 3rd party scan (I'll wait for that to be requested, almost 1000 lines long.)

1) Tried TDSSkiller, nothing found.

2) I had a couple of incidences where my graphics driver died, so figured I would update while I was doing this stuff. Downloaded the latest (6.14.10.5218) from Lenovo (also on Intel's site) and tried to install. I get a strange message that "You must have administrator rights to complete this action. Setup will exit. <OK>", but this did not have the same formatting as the normal Windows message. The driver never installs and reboot show the old driver (*.5043) still there. Even when I run in safe mode with full local machine administrator rights. Attempting this a couple of times has earned me a BSOD too.

mbam hangs on "checking other items" after file scan. Left it overnight.  mbar gives me dda driver warning then hangs on "checking registry and directory entries”, left it overnight too.

I also have k9 web protection, can that be my problem?

After running mbar, I was unable to get in without going to Safe mode, gets to desktop but doesn’t load anything onto the desktop. Safemode works as expected, but suspect the DDA driver is the problem. Using command line, I was able to remove the DDA driver, chameleon driver in safemode, able to boot normally, but slowly.

 

File explorer will crank up to 30% CPU utilization on trying to open new directories.

 

Edited to add: used Cobian to back up since this DDS run. I have new scan if you want me to upload.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by dhuff at 21:04:20 on 2013-11-12
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3046.1619 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
.
============== Running Processes ================
.
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files\Webroot\WRSA.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\Tablet\ISD\ISD_TouchService.exe
C:\Program Files\Tablet\CalibrationAssistant.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\dklog.exe
C:\WINDOWS\system32\dkvcm.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\QUALCOMM\QDLService\QDLService.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Tablet\ISD\ISD_Tablet.exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\dkcktkn.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\ISD\ISD_TouchUser.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Webroot\WRSA.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
C:\Program Files\Tablet\ISD\ISD_Tablet.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\Program Files\Gunze\GZTP_Pack\GzSnd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://team.raytheon.com/
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uDefault_Page_URL = hxxp://companyweb
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - c:\program files\wrdata\pkg\vistax86\wrflt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart
uRun: [Google Update] "c:\documents and settings\dhuff\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRunOnce: [Shockwave Updater] "c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE" -Update -1103472 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15" -"https://www.emgames.com/kids/play.html?PHPSESSID=8e38447f9cf00a82d96048fc08957325&game=26&gamefile=M2A056&page=playactivity&gGametype=dcr&logo=gt_M2A056.gif"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin
mRun: [TabletWizard] "c:\windows\help\SplshWrp.exe"
mRun: [TrackPointSrv] "c:\program files\lenovo\trackpoint\tp4serv.exe"
mRun: [GzSndExePath] "c:\program files\gunze\gztp_pack\GzSnd.exe"
mRun: [PWRMGRTR] "c:\windows\system32\rundll32.exe" c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] "c:\windows\system32\rundll32.exe" c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TpShocks] "c:\windows\system32\TpShocks.exe"
mRun: [EZEJMNAP] "c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe"
mRun: [TSMResident] "c:\program files\thinkpad\tablet shortcut\TSMRESIDENT.EXE" /r
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [Snippet] "c:\program files\microsoft experience pack\snipping tool\SnippingTool.exe" /i
mRun: [TVT Scheduler Proxy] "c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe"
mRun: [DLA] "c:\windows\system32\dla\DLACTRLW.EXE"
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [LENTBCTL] "c:\program files\thinkpad\tablet shortcut\LENTBCTL.EXE" /r
mRun: [TabletButton] "c:\program files\thinkpad\tablet shortcut\TabletButton.EXE" /STARTUP
mRun: [GzSnd] "c:\program files\gunze\gztp_pack\GzSnd.exe"
mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [ACTray] "c:\program files\thinkpad\connectutilities\ACTray.exe"
mRun: [ACWLIcon] "c:\program files\thinkpad\connectutilities\ACWLIcon.exe"
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [TPHOTKEY] "c:\program files\lenovo\hotkey\TPOSDSVC.exe"
mRun: [LPManager] "c:\progra~1\thinkv~2\prdctr\LPMGR.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [DkStartup] c:\program files\safenet\identrust\dkstartup.exe
mRun: [AxMonitor] c:\program files\safenet\identrust\axmonitor.exe
mRun: [DkAutoReg] c:\program files\safenet\identrust\DkAutoReg.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BoxSyncHelper] "c:\program files\box sync\BoxSyncHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08cb -f video -m logitech -d 11.5.0.1145
StartupFolder: c:\docume~1\dhuff\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\boxsyn~1.lnk - c:\program files\box sync\BoxSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{65cedfcc-9449-4e14-828d-959f77411f01}\Icon6560581611.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\WinZip Quick Pick.lnk.disabled
uPolicies-Explorer: DisablePersonalDirChange = dword:1
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: RunStartupScriptSync = dword:1
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip Image - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=4
IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: Clip URL - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\PGPlsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340808640093
DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} - hxxps://team01.raytheon.com/eRoomSetup/client.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340808593359
DPF: {7E0E1FFC-B202-46D8-B841-9D89EC9125F5} - hxxps://secure.identrust.com/ms/IdenTrustCertEnroll.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C33E0064-3567-40E8-9D59-E27921F85CA7} - hxxps://secure.identrust.com/ms/IdenTrustCertEnroll.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{28AF3CC6-5D57-41CE-8271-371AD815C369} : NameServer = 208.67.222.123,208.67.220.123
TCP: Interfaces\{86363C71-4970-4A6E-91C3-B22929DADCF8} : NameServer = 208.67.222.222,Conf??u    u    ns\
TCP: Interfaces\{A8B06786-E589-4DA0-8FC4-0926D9FD5024} : DHCPNameServer = 192.168.101.10
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: ACNotify - ACNotify.dll
Notify: DkWLNP - DkWLNP.dll
Notify: igfxcui - igfxdev.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tpgwlnotify - tpgwlnot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1    www.spywareinfo.com
Hosts: 192.168.101.10 clearalign01.clearalign.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dhuff\application data\mozilla\firefox\profiles\k3joogjh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://login.salesforce.com/?ec=302&startURL=%2Fhome%2Fhome.jsp|http://online.wsj.com/home-page?refresh=on|http://www.militaryaerospace.com/index.html|http://www.defense-aerospace.com/|http://my.yahoo.com/|http://www.dilbert.com/|https://mail.google.com/mail/?shva=1#inbox
FF - plugin: c:\documents and settings\dhuff\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dhuff\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dhuff\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\dhuff\local settings\application data\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\documents and settings\dhuff\local settings\application data\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npatgpc.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-10-14 08:37; webrootsecure@webroot.com; c:\documents and settings\all users\application data\wrdata\pkg\firefox\WebrootSecure_SocketServer
FF - ExtSQL: 2013-11-10 01:25; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-11-10 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-11-10 178304]
R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [2002-12-24 3712]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-3-31 24304]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2012-3-11 117792]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-10 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-11-10 403440]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2013-3-1 91248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 TSMSMI;Lenovo System Interface Driver;c:\windows\system32\drivers\tsmsmi32.sys [2008-12-18 6656]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2012-11-12 464256]
R2 ASRSVC;ASR Service;c:\program files\thinkpad\tablet shortcut\asr\ASRSVC.exe [2009-5-20 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-10 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-10 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-11-10 50344]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2013-3-1 1717488]
R2 DkVcm;SafeNet Virtual Channel Monitor;c:\windows\system32\dkvcm.exe [2009-4-28 126040]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-3-31 132456]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-3-7 103112]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-12-22 53248]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\qdlservice\QDLService.exe [2008-7-11 345336]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 TabletServiceISD;TabletServiceISD;c:\program files\tablet\isd\ISD_Tablet.exe [2013-1-11 4739960]
R2 TabletSVC;TABLET Service;c:\program files\thinkpad\tablet shortcut\TSMService.exe [2009-5-20 53248]
R2 TouchServiceISD;Wacom ISD Touch Service;c:\program files\tablet\isd\ISD_TouchService.exe [2013-1-11 377720]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-3-30 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-14 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2012-3-11 756840]
R3 GzTpHid;Touch Panel Filter Driver;c:\windows\system32\drivers\GzTpHid.sys [2007-3-14 27008]
R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [2010-7-15 11616]
R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [2010-7-15 18080]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2008-12-18 23080]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 37312]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2007-3-14 37232]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\mpfilter.sys --> c:\windows\system32\drivers\MpFilter.sys [?]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys --> c:\windows\system32\drivers\ssfs0bbc.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-11-8 45424]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-12-26 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-12-26 9160]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\androidusb.sys --> c:\windows\system32\drivers\ANDROIDUSB.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-2-28 36600]
S3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-5-7 21360]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2011-12-26 13440]
S3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [2010-7-15 21472]
S3 SCR33x USB Smart Card Reader;SCR33x USB Smart Card Reader;c:\windows\system32\drivers\SCR33x2K.sys [2003-6-19 60816]
S3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [2007-4-10 72576]
S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [2007-1-12 102144]
S3 ViaUsbEtsDriver;Nokia 1508 USB Device Driver;c:\windows\system32\drivers\ViaUsbEts.sys [2008-5-28 16128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-11-12 17:29:30    105176    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-11 18:59:02    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-11-11 18:16:34    105176    ----a-w-    c:\windows\system32\drivers\48230029.sys
2013-11-11 18:08:57    47064    ----a-w-    c:\windows\system32\drivers\03187423.sys
2013-11-10 23:38:30    47064    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-11-10 22:39:47    --------    d-----w-    c:\documents and settings\dhuff\application data\SUPERAntiSpyware.com
2013-11-10 22:39:37    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-11-10 22:39:37    --------    d-----w-    c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-11-10 06:25:30    774392    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-11-10 06:25:30    70384    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-11-10 06:25:30    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-11-10 06:25:30    178304    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-11-10 06:25:25    43152    ----a-w-    c:\windows\avastSS.scr
2013-11-10 06:24:54    --------    d-----w-    c:\program files\AVAST Software
2013-11-10 05:45:35    --------    d-----w-    c:\program files\WRData
2013-11-10 03:14:33    --------    d-----w-    c:\documents and settings\dhuff\application data\AVAST Software
2013-11-10 03:09:47    --------    d-----w-    c:\documents and settings\all users\application data\AVAST Software
2013-11-10 03:06:49    57344    ----a-w-    c:\windows\system32\SET324.tmp
2013-11-06 15:28:08    872352    ----a-w-    c:\program files\mozilla firefox\uninstall\helper.exe
2013-11-06 15:27:59    307200    ----a-w-    c:\program files\mozilla firefox\browser\plugins\webex\1324\welsenc.dll
2013-11-01 19:36:26    --------    d-----w-    c:\program files\wzgrapher
2013-11-01 19:02:36    --------    d-----w-    c:\documents and settings\dhuff\.freemind
2013-11-01 19:02:24    --------    d-----w-    c:\program files\FreeMind
2013-11-01 18:58:13    --------    d-----w-    c:\documents and settings\dhuff\application data\Wireshark
2013-11-01 18:51:11    --------    d-----w-    c:\program files\WinPcap
2013-11-01 18:50:48    --------    d-----w-    c:\program files\Wireshark
2013-10-28 22:45:38    --------    d-----w-    c:\program files\Citrix
2013-10-28 13:31:31    --------    d-----w-    c:\program files\bin
2013-10-17 15:26:40    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2013-10-17 15:26:27    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M  ====================
.
2013-11-01 19:09:38    154312    ----a-w-    c:\windows\system32\WRusr.dll
2013-11-01 19:09:38    117792    ----a-w-    c:\windows\system32\drivers\WRkrn.sys
2013-10-15 17:30:16    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-15 17:30:16    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-10-02 17:36:58    112    ----a-w-    c:\windows\Printdir.bat
2013-09-23 18:33:58    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 18:33:57    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56    18944    ------w-    c:\windows\system32\corpol.dll
2013-09-23 18:06:48    385024    ------w-    c:\windows\system32\html.iec
2013-08-29 01:31:44    1878656    ------w-    c:\windows\system32\win32k.sys
2012-10-23 14:23:52    61024    ----a-w-    c:\program files\USBDeview.exe
2010-05-22 05:39:00    653312    ----a-w-    c:\program files\DocXV.exe
2004-05-13 17:26:48    84784    ----a-w-    c:\program files\fciv.exe
1996-10-11 14:46:00    150016    ----a-w-    c:\program files\WSPING32.EXE
.
============= FINISH: 21:04:40.85 ===============
 

Attached Files


Edited by dbh369, 14 November 2013 - 04:58 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:55 AM

Posted 18 November 2013 - 10:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/513995 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 dbh369

dbh369
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:55 AM

Posted 19 November 2013 - 06:20 AM

Main symptoms:

1) TLS/SSL link unreliability on work wired lan, no problem at home.

2) Can't update drivers for graphics, get 'admin' error when I am the admin.

3) GMER reports a changes due to rootkit

4) mbar has to reboot to install DDA driver

5) mbam and mbar stall after file scan, can't complete, AdwCleaner also can't complete

 

Hi CPU utilization is gone, might have been downloading a windows update.

TDSSKiller found nothing. RogueKiller found a few things and cleaned them to no effect.

 

I don't have the XP disks to hand, but may be able to find them, they are work related disks.

 

Also ran some other tools, see below:

 

New DDS logs:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by dhuff at 6:05:30 on 2013-11-19
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3046.1909 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
.
============== Running Processes ================
.
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files\Webroot\WRSA.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\Tablet\ISD\ISD_TouchService.exe
C:\Program Files\Tablet\CalibrationAssistant.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Cobian Backup 11\cbVSCService11.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\dklog.exe
C:\WINDOWS\system32\dkvcm.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\QUALCOMM\QDLService\QDLService.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Tablet\ISD\ISD_Tablet.exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\dkcktkn.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
C:\Program Files\Tablet\ISD\ISD_Tablet.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\Program Files\Gunze\GZTP_Pack\GzSnd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\SafeNet\IdenTrust\axmonitor.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\SafeNet\IdenTrust\DkAutoReg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Box Sync\BoxSyncHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Box Sync\BoxSync.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Tablet\ISD\ISD_TouchUser.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://team.raytheon.com/
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uDefault_Page_URL = hxxp://companyweb
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - c:\program files\wrdata\pkg\vistax86\wrflt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart
uRun: [Google Update] "c:\documents and settings\dhuff\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [TabletWizard] "c:\windows\help\SplshWrp.exe"
mRun: [TrackPointSrv] "c:\program files\lenovo\trackpoint\tp4serv.exe"
mRun: [GzSndExePath] "c:\program files\gunze\gztp_pack\GzSnd.exe"
mRun: [PWRMGRTR] "c:\windows\system32\rundll32.exe" c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] "c:\windows\system32\rundll32.exe" c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TpShocks] "c:\windows\system32\TpShocks.exe"
mRun: [EZEJMNAP] "c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe"
mRun: [TSMResident] "c:\program files\thinkpad\tablet shortcut\TSMRESIDENT.EXE" /r
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [Snippet] "c:\program files\microsoft experience pack\snipping tool\SnippingTool.exe" /i
mRun: [TVT Scheduler Proxy] "c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe"
mRun: [DLA] "c:\windows\system32\dla\DLACTRLW.EXE"
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [LENTBCTL] "c:\program files\thinkpad\tablet shortcut\LENTBCTL.EXE" /r
mRun: [TabletButton] "c:\program files\thinkpad\tablet shortcut\TabletButton.EXE" /STARTUP
mRun: [GzSnd] "c:\program files\gunze\gztp_pack\GzSnd.exe"
mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [ACTray] "c:\program files\thinkpad\connectutilities\ACTray.exe"
mRun: [ACWLIcon] "c:\program files\thinkpad\connectutilities\ACWLIcon.exe"
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [TPHOTKEY] "c:\program files\lenovo\hotkey\TPOSDSVC.exe"
mRun: [LPManager] "c:\progra~1\thinkv~2\prdctr\LPMGR.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [DkStartup] c:\program files\safenet\identrust\dkstartup.exe
mRun: [AxMonitor] c:\program files\safenet\identrust\axmonitor.exe
mRun: [DkAutoReg] c:\program files\safenet\identrust\DkAutoReg.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BoxSyncHelper] "c:\program files\box sync\BoxSyncHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08cb -f video -m logitech -d 11.5.0.1145
StartupFolder: c:\docume~1\dhuff\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\boxsyn~1.lnk - c:\program files\box sync\BoxSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{65cedfcc-9449-4e14-828d-959f77411f01}\Icon6560581611.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\WinZip Quick Pick.lnk.disabled
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: DisablePersonalDirChange = dword:1
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-System: RunStartupScriptSync = dword:1
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip Image - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=4
IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: Clip URL - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\PGPlsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340808640093
DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} - hxxps://team01.raytheon.com/eRoomSetup/client.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340808593359
DPF: {7E0E1FFC-B202-46D8-B841-9D89EC9125F5} - hxxps://secure.identrust.com/ms/IdenTrustCertEnroll.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C33E0064-3567-40E8-9D59-E27921F85CA7} - hxxps://secure.identrust.com/ms/IdenTrustCertEnroll.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{28AF3CC6-5D57-41CE-8271-371AD815C369} : NameServer = 208.67.222.123,208.67.220.123
TCP: Interfaces\{86363C71-4970-4A6E-91C3-B22929DADCF8} : NameServer = 208.67.222.222,Conf??u    u    ns\
TCP: Interfaces\{A8B06786-E589-4DA0-8FC4-0926D9FD5024} : DHCPNameServer = 192.168.101.10
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: ACNotify - ACNotify.dll
Notify: DkWLNP - DkWLNP.dll
Notify: igfxcui - igfxdev.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tpgwlnotify - tpgwlnot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1    www.spywareinfo.com
Hosts: 192.168.101.10 clearalign01.clearalign.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dhuff\application data\mozilla\firefox\profiles\k3joogjh.default\
FF - plugin: c:\documents and settings\dhuff\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dhuff\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dhuff\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\dhuff\local settings\application data\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\documents and settings\dhuff\local settings\application data\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npatgpc.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-10-14 08:37; webrootsecure@webroot.com; c:\documents and settings\all users\application data\wrdata\pkg\firefox\WebrootSecure_SocketServer
FF - ExtSQL: 2013-11-10 01:25; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-11-10 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-11-10 178304]
R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [2002-12-24 3712]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-3-31 24304]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2012-3-11 117792]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-10 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-11-10 403440]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2013-3-1 91248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 TSMSMI;Lenovo System Interface Driver;c:\windows\system32\drivers\tsmsmi32.sys [2008-12-18 6656]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2012-11-12 464256]
R2 ASRSVC;ASR Service;c:\program files\thinkpad\tablet shortcut\asr\ASRSVC.exe [2009-5-20 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-10 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-10 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-11-10 50344]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2013-3-1 1717488]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\cobian backup 11\cbVSCService11.exe [2013-11-12 67584]
R2 DkVcm;SafeNet Virtual Channel Monitor;c:\windows\system32\dkvcm.exe [2009-4-28 126040]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-3-31 132456]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-3-7 103112]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-12-22 53248]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\qdlservice\QDLService.exe [2008-7-11 345336]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 TabletServiceISD;TabletServiceISD;c:\program files\tablet\isd\ISD_Tablet.exe [2013-1-11 4739960]
R2 TabletSVC;TABLET Service;c:\program files\thinkpad\tablet shortcut\TSMService.exe [2009-5-20 53248]
R2 TouchServiceISD;Wacom ISD Touch Service;c:\program files\tablet\isd\ISD_TouchService.exe [2013-1-11 377720]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-3-30 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-14 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2012-3-11 756840]
R3 GzTpHid;Touch Panel Filter Driver;c:\windows\system32\drivers\GzTpHid.sys [2007-3-14 27008]
R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [2010-7-15 11616]
R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [2010-7-15 18080]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2008-12-18 23080]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 37312]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2007-3-14 37232]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\mpfilter.sys --> c:\windows\system32\drivers\MpFilter.sys [?]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys --> c:\windows\system32\drivers\ssfs0bbc.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-11-8 45424]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-12-26 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-12-26 9160]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\androidusb.sys --> c:\windows\system32\drivers\ANDROIDUSB.sys [?]
S3 MFB;MFB;c:\docume~1\dhuff\locals~1\temp\MFB.exe [2013-11-15 535424]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-2-28 36600]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2011-12-26 13440]
S3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [2010-7-15 21472]
S3 SCR33x USB Smart Card Reader;SCR33x USB Smart Card Reader;c:\windows\system32\drivers\SCR33x2K.sys [2003-6-19 60816]
S3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [2007-4-10 72576]
S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [2007-1-12 102144]
S3 ViaUsbEtsDriver;Nokia 1508 USB Device Driver;c:\windows\system32\drivers\ViaUsbEts.sys [2008-5-28 16128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-11-18 13:47:51    --------    d-----w-    c:\windows\setup.pss
2013-11-18 01:47:09    --------    d-----w-    C:\FRST
2013-11-17 18:26:42    --------    d-----w-    c:\windows\ERUNT
2013-11-17 18:13:11    --------    d-----w-    C:\AdwCleaner
2013-11-13 03:16:01    --------    d-----w-    c:\program files\Cobian Backup 11
2013-11-12 17:29:30    105176    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-11 18:59:02    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-11-11 18:16:34    105176    ----a-w-    c:\windows\system32\drivers\48230029.sys
2013-11-11 18:08:57    47064    ----a-w-    c:\windows\system32\drivers\03187423.sys
2013-11-10 23:38:30    47064    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-11-10 22:39:47    --------    d-----w-    c:\documents and settings\dhuff\application data\SUPERAntiSpyware.com
2013-11-10 22:39:37    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-11-10 22:39:37    --------    d-----w-    c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-11-10 06:25:30    774392    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-11-10 06:25:30    70384    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-11-10 06:25:30    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-11-10 06:25:30    178304    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-11-10 06:25:25    43152    ----a-w-    c:\windows\avastSS.scr
2013-11-10 06:24:54    --------    d-----w-    c:\program files\AVAST Software
2013-11-10 05:45:35    --------    d-----w-    c:\program files\WRData
2013-11-10 03:14:33    --------    d-----w-    c:\documents and settings\dhuff\application data\AVAST Software
2013-11-10 03:09:47    --------    d-----w-    c:\documents and settings\all users\application data\AVAST Software
2013-11-10 03:06:49    57344    ----a-w-    c:\windows\system32\SET324.tmp
2013-11-01 19:36:26    --------    d-----w-    c:\program files\wzgrapher
2013-11-01 19:02:36    --------    d-----w-    c:\documents and settings\dhuff\.freemind
2013-11-01 19:02:24    --------    d-----w-    c:\program files\FreeMind
2013-11-01 18:58:13    --------    d-----w-    c:\documents and settings\dhuff\application data\Wireshark
2013-11-01 18:51:11    --------    d-----w-    c:\program files\WinPcap
2013-11-01 18:50:48    --------    d-----w-    c:\program files\Wireshark
2013-10-28 22:45:38    --------    d-----w-    c:\program files\Citrix
2013-10-28 13:31:31    --------    d-----w-    c:\program files\bin
.
==================== Find3M  ====================
.
2013-11-01 19:09:38    154312    ----a-w-    c:\windows\system32\WRusr.dll
2013-11-01 19:09:38    117792    ----a-w-    c:\windows\system32\drivers\WRkrn.sys
2013-10-17 15:26:10    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-17 15:26:07    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2013-10-15 17:30:16    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-15 17:30:16    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-10-13 07:25:38    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-10-13 07:25:08    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-10-13 07:25:02    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-10-13 07:24:17    18944    ------w-    c:\windows\system32\corpol.dll
2013-10-13 06:57:59    385024    ------w-    c:\windows\system32\html.iec
2013-10-12 15:56:19    278528    ----a-w-    c:\windows\system32\oakley.dll
2013-10-09 13:12:48    287744    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-07 10:59:21    603136    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-05 01:14:01    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
2013-10-02 17:36:58    112    ----a-w-    c:\windows\Printdir.bat
2013-08-29 01:31:44    1878656    ------w-    c:\windows\system32\win32k.sys
2012-10-23 14:23:52    61024    ----a-w-    c:\program files\USBDeview.exe
2010-05-22 05:39:00    653312    ----a-w-    c:\program files\DocXV.exe
2004-05-13 17:26:48    84784    ----a-w-    c:\program files\fciv.exe
1996-10-11 14:46:00    150016    ----a-w-    c:\program files\WSPING32.EXE
.
============= FINISH:  6:07:45.46 ===============

 

RogueKiller V8.7.8 [Nov 14 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : dhuff [Admin rights]

Mode : Remove -- Date : 11/17/2013 13:11:23

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 8 ¤¤¤

[SERVICE][ROGUE ST] HKLM\[...]\CS001\[...]\Services : 27714691 (C:\WINDOWS\system32\drivers\61020912.sys [x]) -> DELETED

[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED

[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ POL][PUM] HKCU\[...]\System : DisableCMD (0) -> DELETED

[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED

[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ POL][PUM] HKLM\[...]\System : DisableCMD (0) -> DELETED

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

[Address] SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AEE -> HOOKED (WRkrn.sys @ 0xB9DBA6A0)

[Address] Shadow SSDT[7] : NtGdiAlphaBlend -> HOOKED (WRkrn.sys @ 0xB9DBBA50)

[Address] Shadow SSDT[13] : NtGdiBitBlt -> HOOKED (WRkrn.sys @ 0xB9DBBC10)

[Address] Shadow SSDT[227] : NtGdiMaskBlt -> HOOKED (WRkrn.sys @ 0xB9DBBBA0)

[Address] Shadow SSDT[233] : NtGdiOpenDCW -> HOOKED (WRkrn.sys @ 0xB9DAD9F0)

[Address] Shadow SSDT[237] : NtGdiPlgBlt -> HOOKED (WRkrn.sys @ 0xB9DBBAC0)

[Address] Shadow SSDT[292] : NtGdiStretchBlt -> HOOKED (WRkrn.sys @ 0xB9DBB9E0)

[Address] Shadow SSDT[298] : NtGdiTransparentBlt -> HOOKED (WRkrn.sys @ 0xB9DBBB30)

[Address] Shadow SSDT[389] : NtUserGetClipboardData -> HOOKED (WRkrn.sys @ 0xB9DBBC70)

[Address] Shadow SSDT[404] : NtUserGetForegroundWindow -> HOOKED (WRkrn.sys @ 0xB9DBB910)

[Address] Shadow SSDT[483] : NtUserQueryWindow -> HOOKED (WRkrn.sys @ 0xB9DBB810)

[Address] Shadow SSDT[508] : NtUserSetClipboardData -> HOOKED (WRkrn.sys @ 0xB9DADA50)

[Address] Shadow SSDT[592] : NtUserWindowFromPoint -> HOOKED (WRkrn.sys @ 0xB9DBB880)

[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F7333C)

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

192.168.101.10 clearalign01.clearalign.com

127.0.0.1       localhost

127.0.0.1              007guard.com

127.0.0.1              www.007guard.com

127.0.0.1              008i.com

127.0.0.1              008k.com

127.0.0.1              www.008k.com

127.0.0.1              00hq.com

127.0.0.1              www.00hq.com

127.0.0.1              010402.com

127.0.0.1              032439.com

127.0.0.1              www.032439.com

127.0.0.1              0scan.com

127.0.0.1              www.0scan.com

127.0.0.1              1-2005-search.com

127.0.0.1              www.1-2005-search.com

127.0.0.1              1-domains-registrations.com

127.0.0.1              www.1-domains-registrations.com

127.0.0.1              1000gratisproben.com

127.0.0.1              www.1000gratisproben.com

[...]

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) HITACHI HTS542525K9SA00 +++++

--- User ---

[MBR] 1240cab8dfb9a8dfcbae90afe1ee40a4

[BSP] cec0b73e565298f655e0b3610a8e6ab4 : Lenovo MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 232381 Mo

1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 475917120 | Size: 6090 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_D_11172013_131123.txt >>

RKreport[0]_S_11172013_131048.txt

Attached Files


Edited by dbh369, 19 November 2013 - 09:43 AM.


#4 dbh369

dbh369
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:55 AM

Posted 19 November 2013 - 06:21 AM

Some more tools:

AdwCleaner, JRT, and Rkill. I'm running a new GMER just in case it has changed.

 

AdwCleaner:

Note, when I actually tried to have it Clean, it 'encountered a problem’ during 'deleting folders' and had to close.

 

# AdwCleaner v3.012 - Report created 17/11/2013 at 13:13:14

# Updated 11/11/2013 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : dhuff - LENOVO-DH

# Running from : C:\Documents and Settings\dhuff\Desktop\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Found : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\mr1ow3bh.default\user.js

File Found : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\rf10br5j.default\.autoreg

File Found : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\rf10br5j.default\user.js

File Found : C:\Documents and Settings\dhuff\Application Data\Mozilla\Firefox\Profiles\k3joogjh.default\invalidprefs.js

File Found : C:\Documents and Settings\dhuff\Application Data\Mozilla\Firefox\Profiles\k3joogjh.default\searchplugins\Askcom.xml

File Found : C:\Documents and Settings\dhuff\Application Data\Mozilla\Firefox\Profiles\k3joogjh.default\user.js

Folder Found : C:\Documents and Settings\dhuff\Application Data\Mozilla\Firefox\Profiles\k3joogjh.default\Extensions\anttoolbar@ant.com

Folder Found C:\Documents and Settings\All Users\Application Data\Ask

Folder Found C:\Documents and Settings\dhuff\Local Settings\Application Data\PackageAware

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\Crossrider

Key Found : HKCU\Software\InstallCore

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Found : HKLM\SOFTWARE\Classes\b

Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Found : HKLM\SOFTWARE\Classes\S

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

 

-\\ Mozilla Firefox v25.0 (en-US)

 

[ File : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\hvam32yf.default\prefs.js ]

 

 

[ File : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\mr1ow3bh.default\prefs.js ]

 

 

[ File : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\rf10br5j.default\prefs.js ]

 

 

[ File : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\v2doyl9x.default\prefs.js ]

 

 

[ File : C:\Documents and Settings\dhuff\Application Data\Mozilla\Firefox\Profiles\a36ddtoo.default-1369015402453\prefs.js ]

 

 

[ File : C:\Documents and Settings\dhuff\Application Data\Mozilla\Firefox\Profiles\k3joogjh.default\prefs.js ]

 

Line Found : user_pref("browser.search.defaultengine", "Ask.com");

Line Found : user_pref("browser.search.order.1", "Ask.com");

Line Found : user_pref("browser.startup.homepage", "hxxps://login.salesforce.com/?ec=302&startURL=%2Fhome%2Fhome.jsp|hxxp://online.wsj.com/home-page?refresh=on|hxxp://www.militaryaerospace.com/index.html|hxxp://ww[...]

Line Found : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir)/.*|hxxp://.*depositfiles.com/(([a-z]{2})/files/|auth-).*|hxxp://(www.)*digg.com/(.{5}|.{6})$|hxxp:[...]

Line Found : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

 

-\\ Google Chrome v31.0.1650.57

 

[ File : C:\Documents and Settings\dhuff\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [6779 octets] - [17/11/2013 13:13:14]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6839 octets] ##########

 

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Microsoft Windows XP x86

Ran by dhuff on Sun 11/17/2013 at 13:26:46.82

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\crossrider

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\b

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441193}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask"

 

 

 

~~~ FireFox

 

Successfully deleted: [File] C:\Documents and Settings\dhuff\Application Data\mozilla\firefox\profiles\k3joogjh.default\user.js

Successfully deleted: [File] C:\Documents and Settings\dhuff\Application Data\mozilla\firefox\profiles\k3joogjh.default\invalidprefs.js

Successfully deleted: [File] C:\Documents and Settings\dhuff\Application Data\mozilla\firefox\profiles\k3joogjh.default\searchplugins\askcom.xml

Successfully deleted the following from C:\Documents and Settings\dhuff\Application Data\mozilla\firefox\profiles\k3joogjh.default\prefs.js

 

user_pref("extensions.ghostery.uiLog", "{\"type\":\"redirect_block\",\"ref\":\"online.wsj.com/home-page?refresh=on\",\"from\":\"hxxp://om.dowjoneson.com/b/ss/djglobal,djwsj/1/

user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir)/.*|hxxp://.*depositfiles.com/(([a-z]{2})/files/|auth-).*|hxxp://(www.)*di

user_pref("extensions.toolbar@ask.com.install-event-fired", true);

Emptied folder: C:\Documents and Settings\dhuff\Application Data\mozilla\firefox\profiles\k3joogjh.default\minidumps [28 files]

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 11/17/2013 at 13:39:22.10

End of JRT log

 

Tried RKill

 

Rkill 2.6.2 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

 http://www.bleepingcomputer.com/forums/topic308364.html

 

Program started at: 11/17/2013 08:36:37 PM in x86 mode.

Windows Version: Microsoft Windows XP Service Pack 3

 

Checking for Windows services to stop:

 

 * No malware services found to stop.

 

Checking for processes to terminate:

 

 * C:\WINDOWS\system32\acs.exe (PID: 588) [WD-HEUR]

 * C:\WINDOWS\system32\dklog.exe (PID: 2868) [WD-HEUR]

 * C:\WINDOWS\system32\dkvcm.exe (PID: 2880) [WD-HEUR]

 * C:\WINDOWS\system32\PGPserv.exe (PID: 1520) [WD-HEUR]

 * C:\WINDOWS\system32\dkcktkn.exe (PID: 2100) [WD-HEUR]

 * C:\WINDOWS\system32\igfxext.exe (PID: 7960) [WD-HEUR]

 * C:\WINDOWS\system32\igfxsrvc.exe (PID: 5320) [WD-HEUR]

 

7 proccesses terminated!

 

Checking Registry for malware related settings:

 

 * taskmgr.exe debugger. [IFEO Debugger Deleted]

 

Backup Registry file created at:

 C:\Documents and Settings\dhuff\Desktop\rkill\rkill-11-17-2013-08-36-47.reg

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

 * Reparse Point/Junctions Found (Most likely legitimate)!

 

     * C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\3.1.31.0__540d4816ead86321 => C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.1.31.0_x-ww_8b778a47 [Dir]

     * C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\3.1.31.0__540d4816ead86321 => C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.1.31.0_x-ww_46ee423f [Dir]

     * C:\WINDOWS\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]

     * C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4\v4.0_4.0.66.0__3ff6b78e2989595a => C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv4_3ff6b78e2989595a_4.0.66.0_x-ww_7acf93b2 [Dir]

     * C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4\v4.0_4.0.78.0__3ff6b78e2989595a => C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv4_3ff6b78e2989595a_4.0.78.0_x-ww_aa528373 [Dir]

     * C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\v4.0_4.0.66.0__3ff6b78e2989595a => C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_3ff6b78e2989595a_4.0.66.0_x-ww_d938aa2c [Dir]

     * C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\v4.0_4.0.78.0__3ff6b78e2989595a => C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_3ff6b78e2989595a_4.0.78.0_x-ww_8bb99ed [Dir]

 

Checking Windows Service Integrity:

 

 * No issues found.

 

Searching for Missing Digital Signatures:

 

 * No issues found.

 

Checking HOSTS File:

 

 * HOSTS file entries found:

 

  192.168.101.10 clearalign01.clearalign.com

  127.0.0.1       localhost

  127.0.0.1            007guard.com

  127.0.0.1            www.007guard.com

  127.0.0.1            008i.com

  127.0.0.1            008k.com

  127.0.0.1            www.008k.com

  127.0.0.1            00hq.com

  127.0.0.1            www.00hq.com

  127.0.0.1            010402.com

  127.0.0.1            032439.com

  127.0.0.1            www.032439.com

  127.0.0.1            0scan.com

  127.0.0.1            www.0scan.com

  127.0.0.1            1-2005-search.com

  127.0.0.1            www.1-2005-search.com

  127.0.0.1            1-domains-registrations.com

  127.0.0.1            www.1-domains-registrations.com

  127.0.0.1            1000gratisproben.com

  127.0.0.1            www.1000gratisproben.com

 

  20 out of 10080 HOSTS entries shown.

  Please review HOSTS file for further entries.

 

Program finished at: 11/17/2013 08:38:31 PM

Execution time: 0 hours(s), 1 minute(s), and 53 seconds(s)


Edited by dbh369, 19 November 2013 - 09:40 AM.


#5 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:04:55 AM

Posted 25 November 2013 - 07:58 PM

Hello dbh369, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========
 

Multiple Anti-Virus Programs Warning

 

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened, again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avast! or Webroot SecureAnywhere.

 

==========

 

We need to see some information about what is happening in your machine.  Please perform the following scans:

Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

==========

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Best Regards,
oneof4.


#6 dbh369

dbh369
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:55 AM

Posted 26 November 2013 - 09:13 AM

Yay! Thanks, I'll have to work on this tonight when I get off work. I've done a few more things since I posted this since it was taking awhile and I needed it to work. Do you want those logs too? MBAM and MBAR now run and cleaned up a few things and GMER now comes up clean, but the computer is still really slow, and I still have the issue with administrator privileges required when I am an administrator. Let me know if you want those logs or not, I saved them.

 

PS, Webroot specifically claims to complement other AV software, but I can turn it off for anything we do. It has caught more stuff than Avast... Also had to recreate my profile on the machine(from the network).


Edited by dbh369, 26 November 2013 - 12:11 PM.


#7 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:04:55 AM

Posted 26 November 2013 - 10:31 AM

Yes, you can copy and paste those into the reply as well. :thumbsup2:


Best Regards,
oneof4.


#8 dbh369

dbh369
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:55 AM

Posted 27 November 2013 - 09:14 AM

OK, I'm still  having troubles with my work network connection, it only holds the connection for a few moments and then drops. If I log in with admin profile, it works fine. Internet is fine, except still have those issues with SSL links when connected at work. Still have that admin warning on installing graphic drivers. Here are some logs:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.19.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
dhuff :: LENOVO-DH [administrator]

11/20/2013 9:18:09 AM
mbam-log-2013-11-20 (09-18-09).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 645100
Time elapsed: 4 hour(s), 13 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\CSC\d1\800002B0 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.11.20.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
dhuff :: LENOVO-DH [administrator]

11/20/2013 4:28:36 PM
mbar-log-2013-11-20 (16-28-36).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 340161
Time elapsed: 57 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 3194195968, free: 1168302080

Downloaded database version: v2013.11.11.09
Canceled update
Downloaded database version: v2013.11.11.09
Downloaded database version: v2013.10.11.02
Initializing...
======================
DDA Driver installation error.
Driver installed on boot. Reboot required.

System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 3194195968, free: 2075824128

=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E11595F6

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 475917057
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 475917120  Numsec = 12474000

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Scan Interrupted
Scan Interrupted
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 3194195968, free: 2673078272

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 3194195968, free: 2716200960

Could not load protection driver
Initializing...
======================
------------ Kernel report ------------
     11/12/2013 12:29:30
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
\WINDOWS\system32\drivers\CLASSPNP.SYS
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
VolSnap.sys
iviVD.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
atapi.sys
iaStor.sys
disk.sys
fltmgr.sys
sr.sys
WRkrn.sys
\WINDOWS\System32\drivers\NDIS.SYS
\WINDOWS\System32\drivers\TDI.SYS
DRVMCDB.SYS
PGPwded.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
DozeHDD.sys
Ntfs.sys
Apsx86.sys
ApsHM86.sys
Mup.sys
\SystemRoot\system32\DRIVERS\e1e5132.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athw.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\tkbtnpn.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\tp4track.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\System32\Drivers\wdf01000.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wisdpen.sys
\SystemRoot\system32\DRIVERS\atmeltpm.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\wacomvhid.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\wsimd.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\wacommousefilter.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\GzTpHid.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_N.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\drivers\bckd.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\??\C:\WINDOWS\system32\drivers\aswRdr.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\TDTCP.SYS
\SystemRoot\System32\Drivers\RDPWD.SYS
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8b680ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff8b681028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8b680ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89f3f618, DeviceName: Unknown, DriverName: \Driver\WRkrn\
DevicePointer: 0xffffffff8b6cdc60, DeviceName: \Device\DozeHDD0\, DriverName: \Driver\DozeHDD\
DevicePointer: 0xffffffff8ad0d018, DeviceName: Unknown, DriverName: \Driver\PGPwded\
DevicePointer: 0xffffffff8b6aae08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b6aa020, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xffffffff8b680ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b6abf18, DeviceName: \Device\000000a4\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8b681028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\DozeHDD0\, DriverName: \Driver\DozeHDD\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E11595F6

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 475917057
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 475917120  Numsec = 12474000

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
Error referencing handle to "\DosDevices\U:", status 0xc0000022
Error referencing handle to "\DosDevices\U:", status 0xc0000022
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
Scan Interrupted
Scan was aborted.
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 3194195968, free: 2684887040

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 3194195968, free: 2228875264

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 3194195968, free: 1932197888

Downloaded database version: v2013.11.19.10
Initializing...
=======================================
------------ Kernel report ------------
     11/19/2013 15:13:15
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
VolSnap.sys
iviVD.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
iaStor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
WRkrn.sys
\WINDOWS\System32\drivers\NDIS.SYS
\WINDOWS\System32\drivers\TDI.SYS
DRVMCDB.SYS
PGPwded.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
DozeHDD.sys
Ntfs.sys
Apsx86.sys
ApsHM86.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
Mup.sys
cfadisk.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\e1e5132.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athw.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\tkbtnpn.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\tp4track.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\System32\Drivers\wdf01000.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wisdpen.sys
\SystemRoot\system32\DRIVERS\atmeltpm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\btkrnl.sys
\SystemRoot\system32\DRIVERS\wacomvhid.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ikeyenum.sys
\SystemRoot\system32\DRIVERS\psadd.sys
\SystemRoot\system32\DRIVERS\Tvti2c.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\wsimd.sys
\SystemRoot\system32\DRIVERS\btport.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\wacommousefilter.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\ikeyifd.sys
\SystemRoot\system32\DRIVERS\SMCLIB.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\AEAudio.sys
\SystemRoot\system32\DRIVERS\HSFHWAZL.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\GzTpHid.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\system32\DRIVERS\tvtumon.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_N.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\??\C:\WINDOWS\system32\drivers\aswTdi.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\drivers\bckd.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\WINDOWS\system32\drivers\aswRdr.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\Drivers\tcusb.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\TSMSMI32.SYS
\SystemRoot\System32\drivers\truecrypt.sys
\SystemRoot\System32\drivers\Tppwrif.sys
\SystemRoot\system32\DRIVERS\TPHKDRV.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
\SystemRoot\System32\Drivers\Fips.SYS
\??\C:\WINDOWS\system32\drivers\aswSP.sys
\??\C:\WINDOWS\system32\drivers\aswSnx.sys
\SystemRoot\System32\drivers\ANC.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\aswFsBlk.sys
\SystemRoot\system32\DRIVERS\tvtfilter.sys
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResN.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\PGPdisk.SYS
\SystemRoot\system32\DRIVERS\PROCDD.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\Drivers\PGPsdk.sys
\??\C:\WINDOWS\System32\drivers\pmemnt.sys
\??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
\SystemRoot\System32\Drivers\TDTCP.SYS
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\btwhid.sys
\??\C:\DOCUME~1\dhuff\LOCALS~1\Temp\mbr.sys
\??\C:\DOCUME~1\dhuff\LOCALS~1\Temp\fwldipod.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\drivers\LVUSBSta.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\SystemRoot\System32\Drivers\btwusb.sys
\SystemRoot\system32\DRIVERS\btwdndis.sys
\SystemRoot\system32\drivers\btaudio.sys
\SystemRoot\system32\DRIVERS\btwmodem.sys
\SystemRoot\system32\DRIVERS\swmx01.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8b5d3ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff8b607028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8b5d3ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a95c448, DeviceName: Unknown, DriverName: \Driver\WRkrn\
DevicePointer: 0xffffffff8b5d2c60, DeviceName: \Device\DozeHDD0\, DriverName: \Driver\DozeHDD\
DevicePointer: 0xffffffff8ac6c018, DeviceName: Unknown, DriverName: \Driver\PGPwded\
DevicePointer: 0xffffffff8b606e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b606020, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xffffffff8b5d3ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b5afa18, DeviceName: \Device\000000a4\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8b607028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\DozeHDD0\, DriverName: \Driver\DozeHDD\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E11595F6

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 475917057
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 475917120  Numsec = 12474000

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 3194195968, free: 2347630592

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 3194195968, free: 2050818048

Downloaded database version: v2013.11.19.11
Downloaded database version: v2013.11.19.12
Downloaded database version: v2013.11.20.01
Downloaded database version: v2013.11.20.02
Downloaded database version: v2013.11.20.03
Downloaded database version: v2013.11.20.04
Downloaded database version: v2013.11.20.05
Downloaded database version: v2013.11.20.06
Downloaded database version: v2013.11.20.07
Downloaded database version: v2013.11.20.08
Downloaded database version: v2013.11.20.09
Downloaded database version: v2013.11.20.10
Downloaded database version: v2013.11.20.11
Downloaded database version: v2013.11.20.12
=======================================
Initializing...
------------ Kernel report ------------
     11/20/2013 16:28:04
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
uknk.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
VolSnap.sys
iviVD.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
atapi.sys
iaStor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
WRkrn.sys
\WINDOWS\System32\drivers\NDIS.SYS
\WINDOWS\System32\drivers\TDI.SYS
DRVMCDB.SYS
PGPwded.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
DozeHDD.sys
Ntfs.sys
Apsx86.sys
ApsHM86.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\e1e5132.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athw.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\tkbtnpn.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\tp4track.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\System32\Drivers\wdf01000.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\wisdpen.sys
\SystemRoot\system32\DRIVERS\atmeltpm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\btkrnl.sys
\SystemRoot\system32\DRIVERS\wacomvhid.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ikeyenum.sys
\SystemRoot\system32\DRIVERS\psadd.sys
\SystemRoot\system32\DRIVERS\Tvti2c.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\wsimd.sys
\SystemRoot\system32\DRIVERS\btport.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\wacommousefilter.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\ikeyifd.sys
\SystemRoot\system32\DRIVERS\SMCLIB.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\AEAudio.sys
\SystemRoot\system32\DRIVERS\HSFHWAZL.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\GzTpHid.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\system32\DRIVERS\tvtumon.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_N.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\??\C:\WINDOWS\system32\drivers\aswTdi.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\drivers\bckd.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\WINDOWS\system32\drivers\aswRdr.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\TSMSMI32.SYS
\SystemRoot\System32\drivers\truecrypt.sys
\SystemRoot\System32\drivers\Tppwrif.sys
\SystemRoot\system32\DRIVERS\TPHKDRV.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
\SystemRoot\System32\Drivers\Fips.SYS
\??\C:\WINDOWS\system32\drivers\aswSP.sys
\??\C:\WINDOWS\system32\drivers\aswSnx.sys
\SystemRoot\System32\Drivers\tcusb.sys
\SystemRoot\System32\drivers\ANC.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\system32\drivers\LVUSBSta.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\aswFsBlk.sys
\SystemRoot\system32\DRIVERS\tvtfilter.sys
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResN.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\PGPdisk.SYS
\SystemRoot\system32\DRIVERS\PROCDD.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\Drivers\PGPsdk.sys
\??\C:\WINDOWS\System32\drivers\pmemnt.sys
\SystemRoot\System32\Drivers\TDTCP.SYS
\SystemRoot\System32\Drivers\RDPWD.SYS
\??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\btwhid.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\ViaUsbEts.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8b5f8ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff8b59a028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8b5f8ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b59e020, DeviceName: Unknown, DriverName: \Driver\WRkrn\
DevicePointer: 0xffffffff8ac54c60, DeviceName: \Device\DozeHDD0\, DriverName: \Driver\DozeHDD\
DevicePointer: 0xffffffff8b593018, DeviceName: Unknown, DriverName: \Driver\PGPwded\
DevicePointer: 0xffffffff8b5f8890, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b5be020, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xffffffff8b5f8ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b59cb50, DeviceName: \Device\000000a4\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8b59a028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\DozeHDD0\, DriverName: \Driver\DozeHDD\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E11595F6

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 475917057
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 475917120  Numsec = 12474000

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
<<<2>>>
Trying to get storage device number
Can't get device number
Could not open physical drive containing volume U:, status 0xc0000010
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 3194195968, free: 2084859904

=======================================

 


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-11-2013 02
Ran by dhuff (administrator) on LENOVO-DH on 17-11-2013 20:47:57
Running from C:\Documents and Settings\dhuff\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Lenovo) C:\WINDOWS\system32\ibmpmsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchService.exe
(Wacom Technology, Inc) C:\Program Files\Tablet\CalibrationAssistant.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\WINDOWS\system32\IPSSVC.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 11\cbVSCService11.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
( ) C:\WINDOWS\system32\dlcxcoms.exe
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Microsoft Corporation) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Prolific Technology Inc.) C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
(QUALCOMM, Inc.) C:\QUALCOMM\QDLService\QDLService.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\WINDOWS\System32\snmp.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
(Microsoft Corporation) C:\Program Files\UPHClean\uphclean.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
() C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
(Lenovo Group Limited) c:\program files\lenovo\system update\suservice.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\WISPTIS.EXE
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchUser.exe
(Microsoft Corporation) C:\WINDOWS\System32\tabbtnu.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
(GUNZE Limited) C:\Program Files\Gunze\GZTP_Pack\GzSnd.exe
(Lenovo.) C:\WINDOWS\system32\TpShocks.exe
(Lenovo Group Ltd.) C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
(Sysinternals - www.sysinternals.com) C:\DOCUMENTS AND SETTINGS\ADMIN\MY DOCUMENTS\MY DOWNLOADS\SYSINTERNALS\PROCEXP.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TabletWizard] - C:\WINDOWS\Help\splshwrp.exe [16384 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [TrackPointSrv] - C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [93472 2008-09-29] (Lenovo Group Limited)
HKLM\...\Run: [GzSndExePath] - C:\Program Files\Gunze\GZTP_Pack\GzSnd.exe [237568 2006-09-11] (GUNZE Limited)
HKLM\...\Run: [PWRMGRTR] - "C:\WINDOWS\system32\rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [BLOG] - "C:\WINDOWS\system32\rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
HKLM\...\Run: [TpShocks] - C:\WINDOWS\system32\TpShocks.exe [337256 2009-12-11] (Lenovo.)
HKLM\...\Run: [EZEJMNAP] - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [243248 2007-03-28] (Lenovo Group Ltd.)
HKLM\...\Run: [TSMResident] - C:\Program Files\ThinkPad\Tablet Shortcut\TSMResident.exe [53248 2008-11-21] (Lenovo Group Limited)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\SMax4.exe [831488 2007-08-08] (Analog Devices, Inc.)
HKLM\...\Run: [Snippet] - C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe [68296 2005-02-25] (Microsoft Corporation)
HKLM\...\Run: [TVT Scheduler Proxy] - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-08-20] (Lenovo Group Limited)
HKLM\...\Run: [DLA] - C:\WINDOWS\system32\DLA\DLACTRLW.EXE [122940 2006-02-02] (Sonic Solutions)
HKLM\...\Run: [DiskeeperSystray] - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [196696 2006-05-18] (Diskeeper Corporation)
HKLM\...\Run: [PSQLLauncher] - C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [55048 2009-12-01] (UPEK Inc.)
HKLM\...\Run: [LENTBCTL] - C:\Program Files\ThinkPad\Tablet Shortcut\LENTBCTL.exe [790528 2008-11-21] (Lenovo Group Limited)
HKLM\...\Run: [TabletButton] - C:\Program Files\ThinkPad\Tablet Shortcut\TabletButton.exe [45056 2008-11-21] (Lenovo Group Limited )
HKLM\...\Run: [GzSnd] - C:\Program Files\Gunze\GZTP_Pack\GzSnd.exe [237568 2006-09-11] (GUNZE Limited)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1036288 2008-04-24] (Analog Devices, Inc.)
HKLM\...\Run: [cssauth] - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3093816 2009-03-04] (Lenovo Group Limited)
HKLM\...\Run: [ACTray] - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [431464 2010-04-22] (Lenovo )
HKLM\...\Run: [ACWLIcon] - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [181608 2010-04-22] (Lenovo )
HKLM\...\Run: [TabletTip] - C:\Program Files\Common Files\Microsoft Shared\Ink\tabtip.exe [271872 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [68976 2009-03-13] (Lenovo Group Limited)
HKLM\...\Run: [LPManager] - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE [185688 2009-07-23] (Lenovo Group Limited)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [WRSVC] - C:\Program Files\Webroot\WRSA.exe [756840 2013-11-01] (Webroot)
HKLM\...\Run: [DLCXCATS] - rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
HKLM\...\Run: [DkStartup] - C:\Program Files\SafeNet\IdenTrust\DkStartup.exe [52312 2009-04-28] (SafeNet, Inc.)
HKLM\...\Run: [AxMonitor] - C:\Program Files\SafeNet\IdenTrust\AXMonitor.exe [453720 2009-04-28] (SafeNet, Inc.)
HKLM\...\Run: [DkAutoReg] - C:\Program Files\SafeNet\IdenTrust\dkAutoReg.exe [257112 2009-04-28] (SafeNet, Inc.)
HKLM\...\Run: [googletalk] - C:\Program Files\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [BoxSyncHelper] - C:\Program Files\Box Sync\BoxSyncHelper.exe [393216 2013-06-07] (Box, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-10] (AVAST Software)
Winlogon\Notify\ACNotify: C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
Winlogon\Notify\DkWLNP: C:\Windows\system32\DkWLNP.dll (SafeNet, Inc.)
Winlogon\Notify\loginkey: C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll (Microsoft Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
Winlogon\Notify\TabBtnWL: C:\Windows\system32\TabBtnWL.dll (Microsoft Corporation)
Winlogon\Notify\tpfnf2: C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
Winlogon\Notify\tpgwlnotify: C:\Windows\system32\tpgwlnot.dll (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKCU\...\Run: [Advanced SystemCare 6] - C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [490880 2012-09-24] (IObit)
HKCU\...\Run: [Google Update] - C:\Documents and Settings\dhuff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2013-02-18] (Google Inc.)
HKCU\...\Run: [RoboForm] - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe [109784 2013-10-28] (Siber Systems)
HKCU\...\Runonce: [Shockwave Updater] - "C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE" -Update -1103472 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15" -"https://www.emgames.com/kids/play.html?PHPSESSID=8e38447f9cf00a82d96048fc08957325&game=26&gamefile=M2A056&page=playactivity&gGametype=dcr&logo=gt_M2A056.gif"
HKCU\...\Policies\system: [NoDispAppearancePage] 0
HKCU\...\Policies\system: [NoDispBackgroundPage] 0
HKCU\...\Policies\system: [NoDispSettingsPage] 0
HKCU\...\Policies\Explorer: [NoDriveAutoRun] 0xF8FFFF03
HKCU\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x01000000
HKCU\...\Policies\Explorer: [DisablePersonalDirChange] 1
HKCU\...\Policies\Explorer: [NoFolderOptions] 0
HKCU\...\Policies\Explorer: [NoViewOnDrive] 0
HKCU\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKCU\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKCU\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKCU\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKCU\...\Policies\Explorer: [NoViewContextMenu] 0
HKCU\...\Policies\Explorer: [NoShellSearchButton] 0
HKCU\...\Policies\Explorer: [NoFind] 0
HKCU\...\Policies\Explorer: [NoFile] 0
HKCU\...\Policies\Explorer: [HideClock] 0
HKCU\...\Policies\Explorer: [NoTrayContextMenu] 0
HKCU\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKCU\...\Policies\Explorer: [NoSetFolders] 0
HKCU\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKCU\...\Policies\Explorer: [NoSetTaskbar] 0
HKCU\...\Policies\Explorer: [NoDeletePrinter] 0
HKCU\...\Policies\Explorer: [NoDFSTab] 0
HKCU\...\Policies\Explorer: [NoChangeStartMenu] 0
HKCU\...\Policies\Explorer: [NoLogoff] 0
HKCU\...\Policies\Explorer: [NoWindowsUpdate] 0
HKCU\...\Policies\Explorer: [NoEncryptOnMove] 0
HKCU\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKCU\...\Policies\Explorer: [NoResolveSearch] 0
HKCU\...\Policies\Explorer: [NoSaveSettings] 0
HKCU\...\Policies\Explorer: [NoHardwareTab] 0
HKCU\...\Policies\Explorer: [NoStartMenuSubFolders] 0
MountPoints2: {02f67610-456a-11de-8ccb-001fe1ef33b9} - D:\RECYCLER32\dmgr.exe
MountPoints2: {3d0f2064-810a-11e2-8fd1-001fe11d2d4c} - E:\TL_Bootstrap.exe
MountPoints2: {5072c88d-da1a-11dd-8c3b-001fe1ef33b9} - D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\exe32.exe
MountPoints2: {57decb82-f8e8-11e0-8ec4-001fe1ef33b9} - F:\DTVP_Launcher.exe
HKU\admin\...\Run: [RoboForm] - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe [ 2013-10-28] (Siber Systems)
HKU\Administrator.CLEARALIGN\...\Run: [RoboForm] - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe [ 2013-10-28] (Siber Systems)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Box Sync.lnk
ShortcutTarget: Box Sync.lnk -> C:\Program Files\Box Sync\BoxSync.exe (Box, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PGPtray.exe.lnk
ShortcutTarget: PGPtray.exe.lnk -> C:\WINDOWS\Installer\{65CEDFCC-9449-4E14-828D-959F77411F01}\Icon6560581611.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk.disabled
ShortcutTarget: WinZip Quick Pick.lnk.disabled -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
Startup: C:\Documents and Settings\dhuff\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://team.raytheon.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
URLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {095628D8-0EFE-4FDB-BCD1-C4B1FD84345C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749_yserp&p={searchTerms}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\WRData\PKG\Vistax86\wrflt.dll (Webroot)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} https://team01.raytheon.com/eRoomSetup/client.cab
DPF: {7E0E1FFC-B202-46D8-B841-9D89EC9125F5} https://secure.identrust.com/ms/IdenTrustCertEnroll.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C33E0064-3567-40E8-9D59-E27921F85CA7} https://secure.identrust.com/ms/IdenTrustCertEnroll.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog9 01 C:\WINDOWS\system32\PGPlsp.dll [49664] (PGP Corporation)
Winsock: Catalog9 07 C:\WINDOWS\system32\PGPlsp.dll [49664] (PGP Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{28AF3CC6-5D57-41CE-8271-371AD815C369}: [NameServer]208.67.222.123,208.67.220.123
Tcpip\..\Interfaces\{86363C71-4970-4A6E-91C3-B22929DADCF8}: [NameServer]208.67.222.222,Confၵɲư    ư    ns\

FireFox:
========
FF ProfilePath: C:\Documents and Settings\dhuff\Application Data\Mozilla\Firefox\Profiles\a36ddtoo.default-1369015402453
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/SAFFPlugin - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.9 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\dhuff\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\dhuff\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Documents and Settings\dhuff\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Documents and Settings\dhuff\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\dhuff\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\dhuff\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor
FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\Documents and Settings\All Users\Application Data\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\Documents and Settings\All Users\Application Data\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension
FF Extension: ThinkVantage Password Manager - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "https://na4.salesforce.com/0036000001T3FV3", "hxxp://online.wsj.com/home-page?mg=id-wsj", "hxxp://www.militaryaerospace.com/index.html", "hxxp://www.defense-aerospace.com/", "hxxp://my.yahoo.com/", "hxxp://www.dilbert.com/", "hxxp://plus.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll No File
CHR Plugin: (RoboForm Plugin for Google Chrome/Opera/etc.) - C:\Program Files\Siber Systems\AI RoboForm\Chrome\plugin/np-rf-plugin.dll (Siber Systems Inc.)
CHR Plugin: (McAfee SiteAdvisor) - C:\Documents and Settings\dhuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (EModel scriptable Plugin) - C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll (Dassault Systèmes SolidWorks Corp.)
CHR Plugin: (eRoom) - C:\Program Files\Mozilla Firefox\plugins\npeRoom7.dll (Documentum, Inc.)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\WINDOWS\system32\npdeployJava1.dll No File
CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Skipscreen) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\agcjgboanffecpmahabacenfnlbihgai\0.5.8_0
CHR Extension: (BIODIGITAL HUMAN) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0
CHR Extension: (Duolingo) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl\1.0.10_0
CHR Extension: (Angry Birds) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_1
CHR Extension: (Google Drive) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Desmos Graphing Calculator) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko\2.0_0
CHR Extension: (WOT) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.1.1_0
CHR Extension: (Flight) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\bijifgbfkfcalmnndkdaoefpdbkpolij\2.0.0_0
CHR Extension: (Vuru) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\bjkomipldgcookljbkgffaegdaaohllb\2.0_0
CHR Extension: (Adblock Plus) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Email this page (by Google)) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai\1.2.5_0
CHR Extension: (Webroot Filtering Extension) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\dblebgkanaecgapcfefmedflbdhmblog\1.0.0.12_0
CHR Extension: (Instant Anatomy) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ddjpnphbpjaknodefjdfbifojgbgpgfd\1.1_0
CHR Extension: (Bloxorz) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\dfkaiemjhgblkkcanmhciiopcehlhnhi\2.0.0_0
CHR Extension: (Crazy Rollercoaster) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\eafhgomkapdagnpmmgilphbolnejepoc\1.3_0
CHR Extension: (Gmail Attachments To Drive) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\epoohehjbaenldfbahgcegdmlogakgin\1.4.0_0
CHR Extension: (Web Lab) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\fgacgeibpdjllcjckbmgecpahipdjabe\1.0_0
CHR Extension: (SiteAdvisor) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1271_0
CHR Extension: (The QR Code Generator) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.4_0
CHR Extension: (avast! Online Security) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (IE Tab) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\5.8.13.1_0
CHR Extension: (Don't Starve) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0
CHR Extension: (goo.gl URL Shortener) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk\0.7.7_0
CHR Extension: (Roomstyler 3D planner) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi\3.0_0
CHR Extension: (Pocket Website) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jijgclgmgjipgefcnnnibgllfonlfdap\1.0.2_0
CHR Extension: (Hangouts call) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\kbpgddbgniojgndnhlkjbkpknjhppkbk\2013.610.1345_0
CHR Extension: (Autodesk Homestyler) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.6_0
CHR Extension: (Movi Kanti Revo) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\kkdkcgeghhfjiglphfppinecpcpnnbne\1.0.0.0_0
CHR Extension: (Evernote Web) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0
CHR Extension: (Download Master) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf\3.0.1.2_0
CHR Extension: (3D Solar System Web) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mdaaepplopehigjgkolniddiadbbkphd\0.50_0
CHR Extension: (Pursued) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mglmffkipgdhdkolbbkofkfhappinpin\3.5_0
CHR Extension: (Pocket (formerly Read It Later)) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.5.6_0
CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (NotScripts) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0
CHR Extension: (Picasa) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0
CHR Extension: (TuneYou Radio) - C:\DOCUME~1\dhuff\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\plaapjbgohfgkalmmjpakodbpomahebn\2.5_0
CHR HKLM\...\Chrome\Extension: [dblebgkanaecgapcfefmedflbdhmblog] - C:\Documents and Settings\All Users\Application Data\WRData\PKG\CHROME\CHROME_1.0.0.14.crx
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
S2 acs; C:\WINDOWS\system32\acs.exe [475220 2009-09-24] (Atheros)
R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [464256 2012-10-31] (IObit)
R2 ASRSVC; C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [73728 2008-11-21] (Lenovo Group Limited)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-10] (AVAST Software)
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [1717488 2013-03-01] (Blue Coat Systems, Inc.)
R2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian)
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [622700 2006-05-24] (Diskeeper Corporation)
S2 DkLogger; C:\WINDOWS\system32\dklog.exe [109656 2009-04-28] (SafeNet, Inc.)
S2 DkTknSrv; C:\WINDOWS\system32\dkcktkn.exe [752728 2009-04-28] (SafeNet, Inc.)
S2 DkVcm; C:\WINDOWS\system32\dkvcm.exe [126040 2009-04-28] (SafeNet, Inc.)
R2 dlcx_device; C:\WINDOWS\system32\dlcxcoms.exe [537480 2006-11-03] ( )
R2 IPSSVC; C:\Windows\system32\IPSSVC.EXE [108080 2007-01-29] (Lenovo Group Limited)
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45424 2009-07-03] (Lenovo Group Limited)
S3 LPDSVC; C:\Windows\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [103112 2013-11-05] (McAfee, Inc.)
S3 MFB; C:\Documents and Settings\dhuff\Local Settings\Temp\MFB.exe [535424 2013-11-15] (Sysinternals - www.sysinternals.com)
S2 PGPserv; C:\WINDOWS\system32\PGPserv.exe [73728 2006-04-05] (PGP Corporation)
R2 PLFlash DeviceIoControl Service; C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe [81920 2008-12-05] (Prolific Technology Inc.)
R2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [53248 2010-01-06] ()
R2 QDLService; C:\QUALCOMM\QDLService\QDLService.exe [345336 2008-07-11] (QUALCOMM, Inc.)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2009-04-01] (SolidWorks)
R2 SUService; c:\program files\lenovo\system update\suservice.exe [28672 2009-06-12] (Lenovo Group Limited)
R2 TabletServiceISD; C:\Program Files\Tablet\ISD\ISD_Tablet.exe [4739960 2012-04-10] (Wacom Technology, Corp.)
R2 TabletSVC; C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe [53248 2008-11-21] (Lenovo Group Limited)
R2 TouchServiceISD; C:\Program Files\Tablet\ISD\ISD_TouchService.exe [377720 2012-04-10] (Wacom Technology, Corp.)
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2009-03-04] (Lenovo)
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-14] ()
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-08-20] (Lenovo Group Limited)
R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [241725 2005-04-27] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [756840 2013-11-01] (Webroot)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R1 ANC; C:\Windows\System32\drivers\ANC.SYS [11520 2005-09-28] (IBM Corp.)
R3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1347168 2009-04-03] (Atheros Communications, Inc.)
R2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [35656 2013-11-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2013-11-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-11-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-10] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [774392 2013-11-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [403440 2013-11-10] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-11-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-11-10] ()
R3 atmeltpm; C:\Windows\System32\DRIVERS\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.)
R1 bckd; C:\Windows\System32\drivers\bckd.sys [91248 2013-03-01] (Blue Coat Systems, Inc.)
S3 btaudio; C:\Windows\System32\drivers\btaudio.sys [533152 2010-06-01] (Broadcom Corporation.)
R3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [37160 2010-06-01] (Broadcom Corporation.)
R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [993320 2010-06-01] (Broadcom Corporation.)
S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [156816 2010-06-01] (Broadcom Corporation.)
S3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [56992 2010-06-01] (Broadcom Corporation.)
S3 btwmodem; C:\Windows\System32\DRIVERS\btwmodem.sys [37032 2010-06-01] (Broadcom Corporation.)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [51752 2010-06-01] (Broadcom Corporation.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R0 cfadisk; C:\Windows\System32\DRIVERS\cfadisk.sys [3712 2002-12-24] (Hitachi Global Storage Technologies)
R2 DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [25628 2006-02-02] (Sonic Solutions)
R1 DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions)
R2 DLADResN; C:\Windows\System32\DLA\DLADResN.SYS [2496 2006-02-02] (Sonic Solutions)
R2 DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [86652 2006-02-02] (Sonic Solutions)
R2 DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [14684 2006-02-02] (Sonic Solutions)
R2 DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [6364 2006-02-02] (Sonic Solutions)
R1 DLARTL_N; C:\Windows\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions)
R2 DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [94332 2006-02-02] (Sonic Solutions)
R2 DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [87036 2006-02-02] (Sonic Solutions)
R2 DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [40544 2005-11-18] (Sonic Solutions)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13896 2012-12-21] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9160 2012-12-21] ()
S3 FilterService; C:\Windows\System32\DRIVERS\lvuvcflt.sys [23832 2007-10-11] (Logitech Inc.)
R3 GzTpHid; C:\Windows\System32\DRIVERS\GzTpHid.sys [27008 2009-07-16] (GUNZE)
R3 HBtnKey; C:\Windows\System32\DRIVERS\tkbtnpn.sys [7463 2007-10-31] (Lenovo)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [211456 2007-11-01] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989696 2007-11-01] (Conexant Systems, Inc.)
R1 IBMTPCHK; C:\WINDOWS\system32\Drivers\IBMBLDID.sys [4224 2008-05-12] ()
R3 iKeyEnum; C:\Windows\System32\DRIVERS\ikeyenum.sys [11616 2010-07-15] (SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\System32\DRIVERS\ikeyifd.sys [18080 2010-07-15] (SafeNet, Inc.)
S3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.)
R0 iviVD; C:\Windows\System32\DRIVERS\iviVD.sys [45056 2006-10-13] (InterVideo)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2007-10-11] (Logitech Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2008-12-18] (Microsoft Corporation)
S3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
R2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)
S3 RnbToken; C:\Windows\System32\DRIVERS\rnbtoken.sys [21472 2010-07-15] (SafeNet, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SCR33x USB Smart Card Reader; C:\Windows\System32\DRIVERS\SCR33x2K.sys [60816 2003-06-19] (SCM Microsystems Inc.)
S3 swmx01; C:\Windows\System32\DRIVERS\swmx01.sys [72576 2007-04-10] (Sierra Wireless Inc.)
S3 SWNC5E01; C:\Windows\System32\DRIVERS\SWNC5E01.sys [102144 2007-01-12] (Sierra Wireless Inc.)
R3 Tp4Track; C:\Windows\System32\DRIVERS\tp4track.sys [23080 2008-09-29] (Lenovo Group Limited)
R1 TPHKDRV; C:\Windows\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwrif.sys [4442 2010-01-06] ()
R1 TSMSMI; C:\Windows\System32\DRIVERS\TSMSMI32.SYS [6656 2008-11-21] (Lenovo Group Limited)
S3 TVTPktFilter; C:\Windows\System32\DRIVERS\tvtpktfilter.sys [17664 2007-02-08] (Lenovo Group Limited)
S3 ViaUsbEtsDriver; C:\Windows\System32\drivers\ViaUsbEts.sys [16128 2008-05-28] (Via Telecom, Inc.)
S3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
R3 wisdpen; C:\Windows\System32\DRIVERS\wisdpen.sys [37232 2012-04-10] (Wacom Technology)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117792 2013-11-01] (Webroot)
R3 WSIMD; C:\Windows\System32\DRIVERS\wsimd.sys [57408 2008-02-08] (Atheros Communications, Inc.)
S3 AR5211; system32\DRIVERS\ar5211.sys [x]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [x]
S3 LVcKap; system32\DRIVERS\LVcKap.sys [x]
S2 MCSTRM; No ImagePath
S0 MpFilter; system32\DRIVERS\MpFilter.sys [x]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S0 ssfs0bbc; system32\DRIVERS\ssfs0bbc.sys [x]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-17 20:47 - 2013-11-17 20:49 - 00050224 _____ C:\Documents and Settings\dhuff\Desktop\FRST.txt
2013-11-17 20:47 - 2013-11-17 20:47 - 00000000 ____D C:\FRST
2013-11-17 20:47 - 2013-11-17 20:46 - 01090935 _____ (Farbar) C:\Documents and Settings\dhuff\Desktop\FRST.exe
2013-11-17 20:36 - 2013-11-17 20:38 - 00007838 _____ C:\Documents and Settings\dhuff\Desktop\Rkill.txt
2013-11-17 20:36 - 2013-11-17 20:36 - 00000000 ____D C:\Documents and Settings\dhuff\Desktop\rkill
2013-11-17 16:45 - 2013-11-17 16:45 - 00000000 ____D C:\WINDOWS\LastGood
2013-11-17 16:33 - 2013-11-17 17:52 - 00005720 _____ C:\WINDOWS\system32\ICAutoUpdate.log
2013-11-17 13:39 - 2013-11-17 13:39 - 00004612 _____ C:\Documents and Settings\dhuff\Desktop\JRT.txt
2013-11-17 13:26 - 2013-11-17 13:26 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-17 13:17 - 2013-11-17 16:54 - 00007024 _____ C:\Documents and Settings\dhuff\Desktop\AdwCleaner[R0].txt
2013-11-17 13:13 - 2013-11-17 13:21 - 00000000 ____D C:\AdwCleaner
2013-11-17 13:11 - 2013-11-17 13:11 - 00003727 _____ C:\Documents and Settings\dhuff\Desktop\RKreport[0]_D_11172013_131123.txt
2013-11-17 13:10 - 2013-11-17 13:10 - 00004392 _____ C:\Documents and Settings\dhuff\Desktop\RKreport[0]_S_11172013_131048.txt
2013-11-15 23:25 - 2013-11-17 16:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-15 18:04 - 2013-11-15 18:04 - 00000000 _____ C:\WINDOWS\system32\A
2013-11-14 10:13 - 2013-11-14 10:13 - 00011277 _____ C:\WINDOWS\KB2868626.log
2013-11-14 10:13 - 2013-11-14 10:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-14 10:12 - 2013-11-14 10:12 - 00009846 _____ C:\WINDOWS\KB2900986.log
2013-11-14 10:12 - 2013-11-14 10:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-14 10:11 - 2013-11-14 10:13 - 00033987 _____ C:\WINDOWS\iis6.log
2013-11-14 10:11 - 2013-11-14 10:13 - 00030918 _____ C:\WINDOWS\FaxSetup.log
2013-11-14 10:11 - 2013-11-14 10:13 - 00014780 _____ C:\WINDOWS\ocgen.log
2013-11-14 10:11 - 2013-11-14 10:13 - 00014106 _____ C:\WINDOWS\tsoc.log
2013-11-14 10:11 - 2013-11-14 10:13 - 00010442 _____ C:\WINDOWS\comsetup.log
2013-11-14 10:11 - 2013-11-14 10:13 - 00009628 _____ C:\WINDOWS\msmqinst.log
2013-11-14 10:11 - 2013-11-14 10:13 - 00006312 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-14 10:11 - 2013-11-14 10:13 - 00005415 _____ C:\WINDOWS\netfxocm.log
2013-11-14 10:11 - 2013-11-14 10:13 - 00004094 _____ C:\WINDOWS\updspapi.log
2013-11-14 10:11 - 2013-11-14 10:13 - 00002125 _____ C:\WINDOWS\MedCtrOC.log
2013-11-14 10:11 - 2013-11-14 10:13 - 00001710 _____ C:\WINDOWS\ocmsn.log
2013-11-14 10:11 - 2013-11-14 10:13 - 00001555 _____ C:\WINDOWS\tabletoc.log
2013-11-14 10:11 - 2013-11-14 10:13 - 00001545 _____ C:\WINDOWS\msgsocm.log
2013-11-14 10:11 - 2013-11-14 10:13 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-14 10:11 - 2013-11-14 10:12 - 00010323 _____ C:\WINDOWS\KB2862152.log
2013-11-14 10:11 - 2013-11-14 10:12 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-14 10:11 - 2013-11-14 10:11 - 00009757 _____ C:\WINDOWS\KB2876331.log
2013-11-14 10:11 - 2013-11-14 10:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-14 10:11 - 2013-11-14 10:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-14 10:10 - 2013-11-14 10:11 - 00012088 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-14 09:55 - 2013-11-17 13:11 - 00000000 ____D C:\Documents and Settings\dhuff\Desktop\RK_Quarantine
2013-11-14 09:55 - 2013-11-14 09:54 - 03679744 _____ C:\Documents and Settings\dhuff\Desktop\RogueKiller.exe
2013-11-13 21:29 - 2013-11-14 10:23 - 00065536 _____ C:\WINDOWS\system32\config\Cobian B.evt
2013-11-13 20:50 - 2013-11-13 20:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Webroot SecureAnywhere
2013-11-12 22:16 - 2013-11-12 22:16 - 00000000 ____D C:\Program Files\Cobian Backup 11
2013-11-12 22:16 - 2013-11-12 22:16 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Cobian Backup 11
2013-11-12 12:29 - 2013-11-12 12:29 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-11-12 12:09 - 2013-11-11 14:28 - 01085542 _____ C:\Documents and Settings\dhuff\Desktop\AdwCleaner.exe
2013-11-12 12:09 - 2013-11-11 14:27 - 01034531 _____ (Thisisu) C:\Documents and Settings\dhuff\Desktop\JRT.exe
2013-11-11 13:59 - 2013-11-12 15:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-11-11 13:58 - 2013-11-11 13:58 - 00000114 _____ C:\local.conf
2013-11-11 13:29 - 2013-11-17 16:31 - 00001040 _____ C:\WINDOWS\system32\ICAutoUpdate.log.bak
2013-11-11 13:16 - 2013-11-11 13:16 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2013-11-11 13:08 - 2013-11-11 13:08 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\03187423.sys
2013-11-10 23:55 - 2013-11-10 23:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Apps Sync
2013-11-10 18:38 - 2013-11-12 12:29 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-11-10 17:39 - 2013-11-10 17:39 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-10 17:39 - 2013-11-10 17:39 - 00000000 ____D C:\Documents and Settings\dhuff\Application Data\SUPERAntiSpyware.com
2013-11-10 17:39 - 2013-11-10 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2013-11-10 17:39 - 2013-11-10 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-11-10 17:03 - 2013-11-10 17:03 - 00000000 _____ C:\WINDOWS\Minidump\Mini111013-02.dmp
2013-11-10 07:27 - 2013-11-10 13:34 - 00000000 ____D C:\Documents and Settings\admin\Application Data\WTablet
2013-11-10 07:27 - 2013-11-10 07:27 - 00001820 _____ C:\Documents and Settings\admin\Desktop\Google Chrome.lnk
2013-11-10 07:27 - 2013-11-10 07:27 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Application Data\Box Sync
2013-11-10 01:25 - 2013-11-17 16:33 - 00000362 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-11-10 01:25 - 2013-11-10 07:27 - 00403440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2013-11-10 01:25 - 2013-11-10 01:25 - 00774392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-11-10 01:25 - 2013-11-10 01:25 - 00178304 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-11-10 01:25 - 2013-11-10 01:25 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-11-10 01:25 - 2013-11-10 01:25 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-11-10 01:25 - 2013-11-10 01:25 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-11-10 01:25 - 2013-11-10 01:25 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-11-10 01:25 - 2013-11-10 01:25 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-11-10 01:25 - 2013-11-10 01:25 - 00035656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-11-10 01:25 - 2013-11-10 01:25 - 00001740 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-11-10 01:25 - 2013-11-10 01:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2013-11-10 01:24 - 2013-11-10 01:24 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-10 00:56 - 2013-11-10 00:56 - 00065536 _____ C:\WINDOWS\Minidump\Mini111013-01.dmp
2013-11-10 00:45 - 2013-11-10 00:45 - 00000000 ____D C:\Program Files\WRData
2013-11-09 22:14 - 2013-11-09 22:14 - 00000000 ____D C:\Documents and Settings\dhuff\Application Data\AVAST Software
2013-11-09 22:12 - 2013-11-10 01:25 - 00269216 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-11-09 22:09 - 2013-11-10 01:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-11-09 22:07 - 2010-01-13 12:28 - 00155648 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v5218.dll
2013-11-09 22:07 - 2010-01-13 11:40 - 01674683 _____ C:\WINDOWS\system32\igxpxa32.cpa
2013-11-09 22:07 - 2010-01-13 11:40 - 00001023 _____ C:\WINDOWS\system32\igxpxa32.vp
2013-11-09 22:07 - 2009-03-09 09:58 - 00032448 _____ C:\WINDOWS\system32\igxpxs32.vp
2013-11-09 22:07 - 2009-03-09 09:38 - 03773952 _____ (Intel Corporation) C:\WINDOWS\system32\igxpdx32.dll
2013-11-09 22:07 - 2009-03-09 09:38 - 02686368 _____ (Intel Corporation) C:\WINDOWS\system32\igxpdv32.dll
2013-11-09 22:07 - 2009-03-09 09:37 - 01498560 _____ C:\WINDOWS\system32\igkrng400.bin
2013-11-09 22:07 - 2009-03-09 09:37 - 00185856 _____ (Intel Corporation) C:\WINDOWS\system32\igxpgd32.dll
2013-11-09 22:07 - 2009-03-09 09:37 - 00057344 _____ (Intel Corporation) C:\WINDOWS\system32\igxprd32.dll
2013-11-09 22:07 - 2009-03-09 09:36 - 06278016 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igxpmp32.sys
2013-11-09 22:07 - 2009-03-09 09:25 - 02600960 _____ (Intel Corporation) C:\WINDOWS\system32\ig4dev32.dll
2013-11-09 22:07 - 2009-03-09 09:18 - 04112384 _____ (Intel Corporation) C:\WINDOWS\system32\ig4icd32.dll
2013-11-09 22:07 - 2009-03-09 09:11 - 00294912 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptg.lrc
2013-11-09 22:07 - 2009-03-09 09:11 - 00291328 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrus.lrc
2013-11-09 22:07 - 2009-03-09 09:11 - 00282624 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsve.lrc
2013-11-09 22:07 - 2009-03-09 09:11 - 00282624 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsky.lrc
2013-11-09 22:07 - 2009-03-09 09:11 - 00279040 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtrk.lrc
2013-11-09 22:07 - 2009-03-09 09:11 - 00277504 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrslv.lrc
2013-11-09 22:07 - 2009-03-09 09:11 - 00262656 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtha.lrc
2013-11-09 22:07 - 2009-03-09 09:10 - 00645632 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcfg.exe
2013-11-09 22:07 - 2009-03-09 09:10 - 00310784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrell.lrc
2013-11-09 22:07 - 2009-03-09 09:10 - 00304640 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrita.lrc
2013-11-09 22:07 - 2009-03-09 09:10 - 00303616 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdeu.lrc
2013-11-09 22:07 - 2009-03-09 09:10 - 00303104 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfra.lrc
2013-11-09 22:07 - 2009-03-09 09:10 - 00303104 _____ (Intel Corporation) C:\WINDOWS\system32\igfxresp.lrc
2013-11-09 22:07 - 2009-03-09 09:10 - 00299008 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnld.lrc
2013-11-09 22:07 - 2009-03-09 09:10 - 00289280 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptb.lrc
2013-11-09 22:07 - 2009-03-09 09:10 - 00288256 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhun.lrc
2013-11-09 22:07 - 2009-03-09 09:10 - 00287744 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrplk.lrc
2013-11-09 22:07 - 2009-03-09 09:10 - 00282624 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcsy.lrc
2013-11-09 22:07 - 2009-03-09 09:10 - 00281088 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfin.lrc
2013-11-09 22:07 - 2009-03-09 09:10 - 00280576 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdan.lrc
2013-11-09 22:07 - 2009-03-09 09:10 - 00279552 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnor.lrc
2013-11-09 22:07 - 2009-03-09 09:10 - 00252416 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrara.lrc
2013-11-09 22:07 - 2009-03-09 09:10 - 00249856 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrheb.lrc
2013-11-09 22:07 - 2009-03-09 09:10 - 00206848 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrjpn.lrc
2013-11-09 22:07 - 2009-03-09 09:10 - 00205312 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrkor.lrc
2013-11-09 22:07 - 2009-03-09 09:10 - 00179712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcht.lrc
2013-11-09 22:07 - 2009-03-09 09:10 - 00178176 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrchs.lrc
2013-11-09 22:07 - 2009-03-09 09:08 - 00199168 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpph.dll
2013-11-09 22:07 - 2009-03-09 09:08 - 00166912 _____ (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
2013-11-09 22:07 - 2009-03-09 09:08 - 00165888 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2013-11-09 22:07 - 2009-03-09 09:08 - 00134656 _____ (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
2013-11-09 22:07 - 2009-03-09 09:08 - 00130048 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdo.dll
2013-11-09 22:07 - 2009-03-09 09:08 - 00119296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcpl.cpl
2013-11-09 22:07 - 2009-03-09 09:08 - 00023552 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2013-11-09 22:07 - 2009-03-09 09:07 - 05702656 _____ (Intel Corporation) C:\WINDOWS\system32\igfxress.dll
2013-11-09 22:07 - 2009-03-09 09:07 - 00275968 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrenu.lrc
2013-11-09 22:07 - 2009-03-09 09:07 - 00243712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
2013-11-09 22:07 - 2009-03-09 09:07 - 00205824 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdev.dll
2013-11-09 22:07 - 2009-03-09 09:07 - 00178176 _____ (Intel Corporation) C:\WINDOWS\system32\oemdspif.dll
2013-11-09 22:07 - 2009-03-09 09:07 - 00135680 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
2013-11-09 22:07 - 2009-03-09 09:07 - 00093696 _____ (Intel Corporation) C:\WINDOWS\system32\hccutils.dll
2013-11-09 22:07 - 2009-03-09 09:07 - 00051712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.dll
2013-11-09 22:07 - 2009-03-09 09:01 - 00002096 _____ C:\WINDOWS\system32\igxpxk32.vp
2013-11-09 22:06 - 2010-02-05 16:13 - 00250392 _____ (Intel Corporation) C:\WINDOWS\system32\SET334.tmp
2013-11-09 22:06 - 2010-02-05 16:13 - 00250392 _____ (Intel Corporation) C:\WINDOWS\system32\SET2D1.tmp
2013-11-09 22:06 - 2010-02-05 16:13 - 00172568 _____ (Intel Corporation) C:\WINDOWS\system32\SET359.tmp
2013-11-09 22:06 - 2010-02-05 16:13 - 00172568 _____ (Intel Corporation) C:\WINDOWS\system32\SET31B.tmp
2013-11-09 22:06 - 2010-01-13 12:18 - 03773952 _____ (Intel Corporation) C:\WINDOWS\system32\SET327.tmp
2013-11-09 22:06 - 2010-01-13 12:18 - 03773952 _____ (Intel Corporation) C:\WINDOWS\system32\SET2C1.tmp
2013-11-09 22:06 - 2010-01-13 12:18 - 02685280 _____ (Intel Corporation) C:\WINDOWS\system32\SET326.tmp
2013-11-09 22:06 - 2010-01-13 12:18 - 02685280 _____ (Intel Corporation) C:\WINDOWS\system32\SET2BF.tmp
2013-11-09 22:06 - 2010-01-13 12:18 - 00185856 _____ (Intel Corporation) C:\WINDOWS\system32\SET325.tmp
2013-11-09 22:06 - 2010-01-13 12:18 - 00185856 _____ (Intel Corporation) C:\WINDOWS\system32\SET2BD.tmp
2013-11-09 22:06 - 2010-01-13 12:18 - 00057344 _____ (Intel Corporation) C:\WINDOWS\system32\SET324.tmp
2013-11-09 22:06 - 2010-01-13 12:18 - 00057344 _____ (Intel Corporation) C:\WINDOWS\system32\SET2BB.tmp
2013-11-09 22:06 - 2010-01-13 11:46 - 00199168 _____ (Intel Corporation) C:\WINDOWS\system32\SET335.tmp
2013-11-09 22:06 - 2010-01-13 11:46 - 00199168 _____ (Intel Corporation) C:\WINDOWS\system32\SET2D3.tmp
2013-11-09 22:06 - 2010-01-13 11:46 - 00051712 _____ (Intel Corporation) C:\WINDOWS\system32\SET333.tmp
2013-11-09 22:06 - 2010-01-13 11:46 - 00051712 _____ (Intel Corporation) C:\WINDOWS\system32\SET2CF.tmp
2013-11-09 22:06 - 2010-01-13 11:46 - 00023552 _____ (Intel Corporation) C:\WINDOWS\system32\SET35A.tmp
2013-11-09 22:06 - 2010-01-13 11:46 - 00023552 _____ (Intel Corporation) C:\WINDOWS\system32\SET31D.tmp
2013-11-09 22:06 - 2010-01-13 11:45 - 00275968 _____ (Intel Corporation) C:\WINDOWS\system32\SET343.tmp
2013-11-09 22:06 - 2010-01-13 11:45 - 00275968 _____ (Intel Corporation) C:\WINDOWS\system32\SET2EF.tmp
2013-11-09 22:06 - 2010-01-13 11:45 - 00205824 _____ (Intel Corporation) C:\WINDOWS\system32\SET338.tmp
2013-11-09 22:06 - 2010-01-13 11:45 - 00205824 _____ (Intel Corporation) C:\WINDOWS\system32\SET2D9.tmp
2013-11-09 22:06 - 2010-01-13 11:45 - 00093696 _____ (Intel Corporation) C:\WINDOWS\system32\SET332.tmp
2013-11-09 22:06 - 2010-01-13 11:45 - 00093696 _____ (Intel Corporation) C:\WINDOWS\system32\SET2CD.tmp
2013-11-09 22:05 - 2013-11-09 22:05 - 08916672 _____ (Lenovo Group Limited                                        ) C:\Documents and Settings\dhuff\Desktop\7ld152ww.exe
2013-11-08 23:48 - 2013-11-17 09:00 - 00039135 _____ C:\WINDOWS\setupapi.log
2013-11-08 23:48 - 2013-11-08 23:48 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-08 23:48 - 2013-11-08 23:48 - 00000000 _____ C:\WINDOWS\setupact.log
2013-11-08 23:27 - 2013-11-08 23:20 - 00069584 ____H C:\WINDOWS\Minidump\Mini110813-01.dmp
2013-11-08 11:03 - 2013-11-08 11:03 - 00000165 ____H C:\Documents and Settings\dhuff\Desktop\~$Copy of 3PWC3 - survey.xlsx
2013-11-04 17:07 - 2013-11-04 17:07 - 00012716 _____ C:\Documents and Settings\dhuff\Desktop\Copy of 3PWC3 - survey.xlsx
2013-11-01 14:36 - 2013-11-01 14:36 - 00000000 ____D C:\Program Files\wzgrapher
2013-11-01 14:02 - 2013-11-01 14:02 - 00001555 _____ C:\Documents and Settings\dhuff\Start Menu\FreeMind.lnk
2013-11-01 14:02 - 2013-11-01 14:02 - 00000000 ____D C:\Program Files\FreeMind
2013-11-01 14:02 - 2013-11-01 14:02 - 00000000 ____D C:\Documents and Settings\dhuff\.freemind
2013-11-01 14:02 - 2013-11-01 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\FreeMind
2013-11-01 13:58 - 2013-11-01 13:58 - 00038964 _____ C:\temp.pcapng
2013-11-01 13:58 - 2013-11-01 13:58 - 00000000 ____D C:\Documents and Settings\dhuff\Application Data\Wireshark
2013-11-01 13:51 - 2013-11-01 13:51 - 00001481 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Wireshark.lnk
2013-11-01 13:51 - 2013-11-01 13:51 - 00000000 ____D C:\Program Files\WinPcap
2013-11-01 13:51 - 2013-11-01 13:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
2013-11-01 13:50 - 2013-11-01 13:51 - 00000000 ____D C:\Program Files\Wireshark
2013-10-28 17:45 - 2013-10-28 17:45 - 00000000 ____D C:\Program Files\Citrix
2013-10-28 17:45 - 2013-10-28 17:45 - 00000000 ____D C:\Documents and Settings\dhuff\Start Menu\Programs\Citrix
2013-10-28 08:31 - 2013-10-28 08:31 - 00000000 ____D C:\Program Files\bin
2013-10-27 15:22 - 2013-10-27 15:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Box Sync
2013-10-23 16:47 - 2013-10-23 16:47 - 00427008 _____ C:\Documents and Settings\dhuff\Desktop\mfcdoc-SAP-Quality-PO-Notes.xls
2013-10-19 08:10 - 2013-10-19 08:10 - 07007206 _____ C:\Documents and Settings\dhuff\Desktop\GenericWorkInstructions.zip

==================== One Month Modified Files and Folders =======

2013-11-17 20:49 - 2013-11-17 20:47 - 00050224 _____ C:\Documents and Settings\dhuff\Desktop\FRST.txt
2013-11-17 20:47 - 2013-11-17 20:47 - 00000000 ____D C:\FRST
2013-11-17 20:47 - 2012-03-11 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WRData
2013-11-17 20:46 - 2013-11-17 20:47 - 01090935 _____ (Farbar) C:\Documents and Settings\dhuff\Desktop\FRST.exe
2013-11-17 20:46 - 2006-04-30 18:11 - 02076599 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-17 20:42 - 2013-02-22 11:17 - 00000978 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-65210520-528169522-2851600264-1266UA.job
2013-11-17 20:38 - 2013-11-17 20:36 - 00007838 _____ C:\Documents and Settings\dhuff\Desktop\Rkill.txt
2013-11-17 20:36 - 2013-11-17 20:36 - 00000000 ____D C:\Documents and Settings\dhuff\Desktop\rkill
2013-11-17 19:52 - 2010-06-09 06:09 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-17 17:52 - 2013-11-17 16:33 - 00005720 _____ C:\WINDOWS\system32\ICAutoUpdate.log
2013-11-17 16:54 - 2013-11-17 13:17 - 00007024 _____ C:\Documents and Settings\dhuff\Desktop\AdwCleaner[R0].txt
2013-11-17 16:46 - 2013-11-15 23:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-17 16:46 - 2012-05-07 08:08 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-17 16:45 - 2013-11-17 16:45 - 00000000 ____D C:\WINDOWS\LastGood
2013-11-17 16:35 - 2010-03-31 15:32 - 00000300 _____ C:\WINDOWS\Tasks\PMTask.job
2013-11-17 16:33 - 2013-11-10 01:25 - 00000362 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-11-17 16:33 - 2012-11-12 15:13 - 00000268 _____ C:\WINDOWS\Tasks\ASC6_PerformanceMonitor.job
2013-11-17 16:33 - 2010-06-09 06:09 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-17 16:32 - 2007-03-02 07:15 - 00025269 _____ C:\WINDOWS\system32\PROCDB.INI
2013-11-17 16:31 - 2013-11-11 13:29 - 00001040 _____ C:\WINDOWS\system32\ICAutoUpdate.log.bak
2013-11-17 16:31 - 2013-06-06 08:40 - 00000624 _____ C:\Documents and Settings\All Users\Desktop\Webroot SecureAnywhere.lnk
2013-11-17 16:31 - 2013-04-25 13:26 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-17 16:31 - 2013-04-25 13:26 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-17 16:31 - 2007-03-02 07:15 - 00000380 _____ C:\WINDOWS\system32\IPSCtrl.INI
2013-11-17 16:31 - 2006-04-30 18:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-17 16:30 - 2013-10-09 20:33 - 00485440 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-11-17 16:30 - 2013-04-25 13:26 - 00032602 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-17 16:30 - 2009-01-30 16:43 - 00524288 _____ C:\WINDOWS\system32\config\ACS.evt
2013-11-17 16:27 - 2008-12-18 21:30 - 00000368 ___SH C:\Documents and Settings\dhuff\ntuser.ini
2013-11-17 16:27 - 2008-12-18 21:30 - 00000000 ____D C:\Documents and Settings\dhuff
2013-11-17 13:39 - 2013-11-17 13:39 - 00004612 _____ C:\Documents and Settings\dhuff\Desktop\JRT.txt
2013-11-17 13:26 - 2013-11-17 13:26 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-17 13:21 - 2013-11-17 13:13 - 00000000 ____D C:\AdwCleaner
2013-11-17 13:20 - 2012-12-22 10:18 - 178029310 _____ C:\Documents and Settings\dhuff\Desktop\RegbackupExp.reg
2013-11-17 13:11 - 2013-11-17 13:11 - 00003727 _____ C:\Documents and Settings\dhuff\Desktop\RKreport[0]_D_11172013_131123.txt
2013-11-17 13:11 - 2013-11-14 09:55 - 00000000 ____D C:\Documents and Settings\dhuff\Desktop\RK_Quarantine
2013-11-17 13:10 - 2013-11-17 13:10 - 00004392 _____ C:\Documents and Settings\dhuff\Desktop\RKreport[0]_S_11172013_131048.txt
2013-11-17 09:01 - 2010-06-10 08:57 - 00000332 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2013-11-17 09:00 - 2013-11-08 23:48 - 00039135 _____ C:\WINDOWS\setupapi.log
2013-11-17 08:42 - 2013-02-22 11:17 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-65210520-528169522-2851600264-1266Core.job
2013-11-15 18:11 - 2008-12-18 22:25 - 00000000 __SHD C:\WINDOWS\CSC
2013-11-15 18:04 - 2013-11-15 18:04 - 00000000 _____ C:\WINDOWS\system32\A
2013-11-15 15:43 - 2013-02-20 20:35 - 00000000 ____D C:\Documents and Settings\dhuff\Application Data\Box Sync
2013-11-14 14:34 - 2008-12-21 16:22 - 00000000 ____D C:\MAIL
2013-11-14 10:23 - 2013-11-13 21:29 - 00065536 _____ C:\WINDOWS\system32\config\Cobian B.evt
2013-11-14 10:13 - 2013-11-14 10:13 - 00011277 _____ C:\WINDOWS\KB2868626.log
2013-11-14 10:13 - 2013-11-14 10:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-14 10:13 - 2013-11-14 10:11 - 00033987 _____ C:\WINDOWS\iis6.log
2013-11-14 10:13 - 2013-11-14 10:11 - 00030918 _____ C:\WINDOWS\FaxSetup.log
2013-11-14 10:13 - 2013-11-14 10:11 - 00014780 _____ C:\WINDOWS\ocgen.log
2013-11-14 10:13 - 2013-11-14 10:11 - 00014106 _____ C:\WINDOWS\tsoc.log
2013-11-14 10:13 - 2013-11-14 10:11 - 00010442 _____ C:\WINDOWS\comsetup.log
2013-11-14 10:13 - 2013-11-14 10:11 - 00009628 _____ C:\WINDOWS\msmqinst.log
2013-11-14 10:13 - 2013-11-14 10:11 - 00006312 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-14 10:13 - 2013-11-14 10:11 - 00005415 _____ C:\WINDOWS\netfxocm.log
2013-11-14 10:13 - 2013-11-14 10:11 - 00004094 _____ C:\WINDOWS\updspapi.log
2013-11-14 10:13 - 2013-11-14 10:11 - 00002125 _____ C:\WINDOWS\MedCtrOC.log
2013-11-14 10:13 - 2013-11-14 10:11 - 00001710 _____ C:\WINDOWS\ocmsn.log
2013-11-14 10:13 - 2013-11-14 10:11 - 00001555 _____ C:\WINDOWS\tabletoc.log
2013-11-14 10:13 - 2013-11-14 10:11 - 00001545 _____ C:\WINDOWS\msgsocm.log
2013-11-14 10:13 - 2013-11-14 10:11 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-14 10:13 - 2012-06-27 07:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-11-14 10:12 - 2013-11-14 10:12 - 00009846 _____ C:\WINDOWS\KB2900986.log
2013-11-14 10:12 - 2013-11-14 10:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-14 10:12 - 2013-11-14 10:11 - 00010323 _____ C:\WINDOWS\KB2862152.log
2013-11-14 10:12 - 2013-11-14 10:11 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-14 10:11 - 2013-11-14 10:11 - 00009757 _____ C:\WINDOWS\KB2876331.log
2013-11-14 10:11 - 2013-11-14 10:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-14 10:11 - 2013-11-14 10:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-14 10:11 - 2013-11-14 10:10 - 00012088 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-14 10:11 - 2009-06-04 07:32 - 00000000 ____D C:\WINDOWS\ie8updates
2013-11-14 09:54 - 2013-11-14 09:55 - 03679744 _____ C:\Documents and Settings\dhuff\Desktop\RogueKiller.exe
2013-11-13 21:29 - 2006-04-30 04:09 - 00000000 ____D C:\WINDOWS\Registration
2013-11-13 20:50 - 2013-11-13 20:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Webroot SecureAnywhere
2013-11-12 22:32 - 2006-04-29 20:56 - 00000000 ____D C:\WINDOWS\repair
2013-11-12 22:16 - 2013-11-12 22:16 - 00000000 ____D C:\Program Files\Cobian Backup 11
2013-11-12 22:16 - 2013-11-12 22:16 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Cobian Backup 11
2013-11-12 15:32 - 2013-11-11 13:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-11-12 12:29 - 2013-11-12 12:29 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-11-12 12:29 - 2013-11-10 18:38 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-11-11 14:28 - 2013-11-12 12:09 - 01085542 _____ C:\Documents and Settings\dhuff\Desktop\AdwCleaner.exe
2013-11-11 14:27 - 2013-11-12 12:09 - 01034531 _____ (Thisisu) C:\Documents and Settings\dhuff\Desktop\JRT.exe
2013-11-11 13:58 - 2013-11-11 13:58 - 00000114 _____ C:\local.conf
2013-11-11 13:28 - 2010-03-07 21:28 - 00000000 ____D C:\Program Files\McAfee
2013-11-11 13:16 - 2013-11-11 13:16 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2013-11-11 13:08 - 2013-11-11 13:08 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\03187423.sys
2013-11-11 10:43 - 2009-01-06 11:37 - 00000109 _____ C:\WINDOWS\cdlli40.INI
2013-11-11 08:41 - 2008-12-18 20:33 - 00000611 _____ C:\WINDOWS\ODBC.INI
2013-11-10 23:55 - 2013-11-10 23:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Apps Sync
2013-11-10 17:39 - 2013-11-10 17:39 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-10 17:39 - 2013-11-10 17:39 - 00000000 ____D C:\Documents and Settings\dhuff\Application Data\SUPERAntiSpyware.com
2013-11-10 17:39 - 2013-11-10 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2013-11-10 17:39 - 2013-11-10 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-11-10 17:06 - 2008-12-20 20:06 - 00000000 ____D C:\Documents and Settings\admin\Application Data\Adobe
2013-11-10 17:03 - 2013-11-10 17:03 - 00000000 _____ C:\WINDOWS\Minidump\Mini111013-02.dmp
2013-11-10 17:02 - 2008-12-18 21:23 - 173404160 _____ C:\WINDOWS\MEMORY.DMP
2013-11-10 13:51 - 2008-12-20 20:06 - 00000278 ___SH C:\Documents and Settings\admin\ntuser.ini
2013-11-10 13:34 - 2013-11-10 07:27 - 00000000 ____D C:\Documents and Settings\admin\Application Data\WTablet
2013-11-10 07:27 - 2013-11-10 07:27 - 00001820 _____ C:\Documents and Settings\admin\Desktop\Google Chrome.lnk
2013-11-10 07:27 - 2013-11-10 07:27 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Application Data\Box Sync
2013-11-10 07:27 - 2013-11-10 01:25 - 00403440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2013-11-10 07:27 - 2009-06-02 10:36 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Application Data\Google
2013-11-10 06:43 - 2008-12-18 21:30 - 00000000 ____D C:\Documents and Settings\dhuff\Application Data\Mozilla
2013-11-10 01:25 - 2013-11-10 01:25 - 00774392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-11-10 01:25 - 2013-11-10 01:25 - 00178304 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-11-10 01:25 - 2013-11-10 01:25 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-11-10 01:25 - 2013-11-10 01:25 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-11-10 01:25 - 2013-11-10 01:25 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-11-10 01:25 - 2013-11-10 01:25 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-11-10 01:25 - 2013-11-10 01:25 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-11-10 01:25 - 2013-11-10 01:25 - 00035656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-11-10 01:25 - 2013-11-10 01:25 - 00001740 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-11-10 01:25 - 2013-11-10 01:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2013-11-10 01:25 - 2013-11-09 22:12 - 00269216 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-11-10 01:24 - 2013-11-10 01:24 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-10 01:24 - 2013-11-09 22:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-11-10 01:16 - 2009-07-07 19:46 - 00001024 ____H C:\WINDOWS\system32\default_user_class.dat.LOG
2013-11-10 01:11 - 2012-06-04 10:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Security
2013-11-10 00:56 - 2013-11-10 00:56 - 00065536 _____ C:\WINDOWS\Minidump\Mini111013-01.dmp
2013-11-10 00:56 - 2009-01-04 22:39 - 00000000 ____D C:\WINDOWS\Minidump
2013-11-10 00:45 - 2013-11-10 00:45 - 00000000 ____D C:\Program Files\WRData
2013-11-09 22:14 - 2013-11-09 22:14 - 00000000 ____D C:\Documents and Settings\dhuff\Application Data\AVAST Software
2013-11-09 22:09 - 2012-11-16 15:02 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2013-11-09 22:07 - 2008-12-18 19:55 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2013-11-09 22:05 - 2013-11-09 22:05 - 08916672 _____ (Lenovo Group Limited                                        ) C:\Documents and Settings\dhuff\Desktop\7ld152ww.exe
2013-11-09 09:00 - 2012-07-03 08:37 - 00001984 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-11-08 23:48 - 2013-11-08 23:48 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-08 23:48 - 2013-11-08 23:48 - 00000000 _____ C:\WINDOWS\setupact.log
2013-11-08 23:30 - 2008-12-18 21:37 - 00088040 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-11-08 23:27 - 2006-04-30 11:02 - 00313968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-11-08 23:20 - 2013-11-08 23:27 - 00069584 ____H C:\WINDOWS\Minidump\Mini110813-01.dmp
2013-11-08 23:12 - 2013-04-25 11:06 - 64237568 _____ C:\WINDOWS\system32\config\software.iobit
2013-11-08 23:12 - 2013-04-25 11:06 - 17924096 _____ C:\WINDOWS\system32\config\system.iobit
2013-11-08 23:12 - 2013-04-25 11:06 - 03342336 _____ C:\WINDOWS\system32\config\default.iobit
2013-11-08 23:12 - 2013-04-25 11:06 - 00032768 _____ C:\WINDOWS\system32\config\SAM.iobit
2013-11-08 23:12 - 2006-04-29 21:22 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-11-08 23:12 - 2006-04-29 21:21 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-11-08 23:11 - 2013-04-25 11:06 - 00065536 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2013-11-08 23:07 - 2013-04-25 13:26 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2013-11-08 23:07 - 2013-04-25 13:26 - 00000000 _____ C:\WINDOWS\dkcip.log
2013-11-08 22:58 - 2008-12-20 22:07 - 00000000 ____D C:\Program Files\CCleaner
2013-11-08 11:03 - 2013-11-08 11:03 - 00000165 ____H C:\Documents and Settings\dhuff\Desktop\~$Copy of 3PWC3 - survey.xlsx
2013-11-07 11:34 - 2013-06-03 12:16 - 00000000 ____D C:\Documents and Settings\dhuff\Local Settings\Application Data\Citrix
2013-11-07 08:38 - 2008-12-18 20:43 - 00002317 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 9 Pro.lnk
2013-11-07 08:12 - 2008-12-20 10:03 - 00000000 ____D C:\Documents and Settings\dhuff\Application Data\GoodSync
2013-11-05 09:34 - 2008-12-31 08:32 - 00000000 ____D C:\Documents and Settings\dhuff\Application Data\Spam Control
2013-11-04 17:07 - 2013-11-04 17:07 - 00012716 _____ C:\Documents and Settings\dhuff\Desktop\Copy of 3PWC3 - survey.xlsx
2013-11-04 14:19 - 2006-04-30 11:03 - 00608204 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-04 08:46 - 2008-12-18 20:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
2013-11-04 08:22 - 2006-04-30 17:52 - 00002278 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-01 14:36 - 2013-11-01 14:36 - 00000000 ____D C:\Program Files\wzgrapher
2013-11-01 14:09 - 2012-03-11 19:30 - 00154312 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2013-11-01 14:09 - 2012-03-11 19:30 - 00117792 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2013-11-01 14:02 - 2013-11-01 14:02 - 00001555 _____ C:\Documents and Settings\dhuff\Start Menu\FreeMind.lnk
2013-11-01 14:02 - 2013-11-01 14:02 - 00000000 ____D C:\Program Files\FreeMind
2013-11-01 14:02 - 2013-11-01 14:02 - 00000000 ____D C:\Documents and Settings\dhuff\.freemind
2013-11-01 14:02 - 2013-11-01 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\FreeMind
2013-11-01 13:58 - 2013-11-01 13:58 - 00038964 _____ C:\temp.pcapng
2013-11-01 13:58 - 2013-11-01 13:58 - 00000000 ____D C:\Documents and Settings\dhuff\Application Data\Wireshark
2013-11-01 13:58 - 2006-04-30 17:52 - 00000983 _____ C:\WINDOWS\win.ini
2013-11-01 13:51 - 2013-11-01 13:51 - 00001481 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Wireshark.lnk
2013-11-01 13:51 - 2013-11-01 13:51 - 00000000 ____D C:\Program Files\WinPcap
2013-11-01 13:51 - 2013-11-01 13:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
2013-11-01 13:51 - 2013-11-01 13:50 - 00000000 ____D C:\Program Files\Wireshark
2013-10-30 10:10 - 2013-07-25 16:53 - 00000000 ____D C:\Documents and Settings\dhuff\Desktop\AS9100work
2013-10-29 10:08 - 2013-06-07 10:22 - 00000000 ____D C:\Program Files\Blue Coat K9 Web Protection
2013-10-28 17:45 - 2013-10-28 17:45 - 00000000 ____D C:\Program Files\Citrix
2013-10-28 17:45 - 2013-10-28 17:45 - 00000000 ____D C:\Documents and Settings\dhuff\Start Menu\Programs\Citrix
2013-10-28 08:31 - 2013-10-28 08:31 - 00000000 ____D C:\Program Files\bin
2013-10-28 07:50 - 2011-12-02 08:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RoboForm
2013-10-27 15:35 - 2006-04-30 04:08 - 00000000 ____D C:\WINDOWS\Microsoft.Net
2013-10-27 15:23 - 2013-02-20 20:36 - 00001594 _____ C:\Documents and Settings\dhuff\Desktop\My Box Files.lnk
2013-10-27 15:22 - 2013-10-27 15:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Box Sync
2013-10-27 15:22 - 2013-04-30 19:33 - 00000000 ____D C:\Program Files\Box Sync
2013-10-25 09:40 - 2012-01-19 08:03 - 08340666 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-65210520-528169522-2851600264-1266-0.dat
2013-10-25 09:40 - 2012-01-19 08:02 - 00327178 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-10-24 13:03 - 2013-05-30 16:27 - 00065024 _____ C:\Documents and Settings\dhuff\Desktop\RMA proc.vsd
2013-10-24 10:47 - 2008-12-18 20:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\FLEXnet
2013-10-23 16:47 - 2013-10-23 16:47 - 00427008 _____ C:\Documents and Settings\dhuff\Desktop\mfcdoc-SAP-Quality-PO-Notes.xls
2013-10-21 06:48 - 2009-07-26 21:39 - 00000000 ____D C:\Program Files\dl_Cats
2013-10-20 15:00 - 2013-01-29 16:55 - 00000000 ____D C:\Documents and Settings\dhuff\Local Settings\Application Data\Paint.NET
2013-10-19 08:10 - 2013-10-19 08:10 - 07007206 _____ C:\Documents and Settings\dhuff\Desktop\GenericWorkInstructions.zip
2013-10-18 10:36 - 2009-04-11 21:34 - 00000000 ____D C:\Documents and Settings\dhuff\Start Menu\Programs\Unlocker

Some content of TEMP:
====================
C:\Documents and Settings\Administrator.CLEARALIGN\Local Settings\Temp\applnch.exe
C:\Documents and Settings\ClearAlign\Local Settings\Temp\jre-6u11-windows-i586-p-iftw_196cf524.exe
C:\Documents and Settings\ClearAlign\Local Settings\Temp\SymLCSVC.EXE
C:\Documents and Settings\ClearAlign\Local Settings\Temp\WindowsUpdateAgent30-x86.exe
C:\Documents and Settings\dhuff\Local Settings\Temp\MFB.exe
C:\Documents and Settings\dhuff\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\dhuff\Local Settings\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-11-2013 02
Ran by dhuff at 2013-11-17 20:50:52
Running from C:\Documents and Settings\dhuff\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Webroot SecureAnywhere (Disabled - Up to date) {D486329C-1488-4CEB-9CC8-D662B732D904}

==================== Installed Programs ======================

"Nero SoundTrax Help (Version: 4.0.15.0)
7-Zip 9.20
7-Zip 9.22 (Version: 9.22.00.0)
Acrobat.com (Version: 1.6.65)
Adobe Acrobat 9 Pro (Version: 9.5.5)
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe AIR (Version: 3.4.0.2540)
Adobe Bridge 1.0 (Version: 001.000.004)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Creative Suite 2
Adobe Flash Player 11 ActiveX (Version: 11.7.700.169)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Advanced SystemCare 6 (Version: 6.0)
Advertising Center (Version: 0.0.0.2)
AnyBizSoft PDF Converter (Build 2.5.0)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.1.116)
avast! Free Antivirus (Version: 9.0.2007)
Bible Explorer 4 Download Edition
Bible Explorer 4 Download Edition (Version: 1.1)
BitTorrent
Blue Coat K9 Web Protection (Version: 4.4.268)
Box Sync (Version: 3.4.25.0)
Calculator Powertoy for Windows XP (Version: 1.00.0001)
CardScan 7.0.5 (Version: 7.0.5)
CCleaner (Version: 4.07)
Cisco WebEx Meetings
Citrix Online Launcher (Version: 1.0.141)
ClearType Tuning Control Panel Applet (Version: 1.01.0000)
Client Security - Password Manager (Version: 8.21.0006.00)
ClipboardPath (Version: 1.2.4)
CmdHere Powertoy For Windows XP (Version: 1.00.0001)
Cobian Backup 11 Gravity
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Update for Windows Media Player 11 (KB959772)
CrystalDiskMark 3.0.0e (Version: 3.0.0e)
Defraggler (Version: 2.10)
Delete as Spam Add-in (Version: 2.0.0.82)
Diskeeper Lite (Version: 9.0.541)
DolbyFiles (Version: 2.0)
Dropbox (HKCU Version: 1.6.16)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EaseUS Partition Master 9.2.1 Home Edition
EPSON Scan
eRoom 7 Client (Version: 502.38)
Evernote v. 4.6.7 (Version: 4.6.7.8409)
ExpensAble 6 (Version: 6.0.0.0)
FreeMind (Version: 1.0.0)
GoodSync (Version: 8.9.9.2)
Google Apps Sync™ for Microsoft Outlook® 3.4.360.960 (Version: 3.4.360.960)
Google Chrome (Version: 31.0.1650.57)
Google Drive (Version: 1.12.5329.1887)
Google Earth Plug-in (Version: 7.1.1.1888)
Google Talk (remove only)
Google Talk Plugin (Version: 4.9.1.16010)
Google Update Helper (Version: 1.3.21.165)
GoToMeeting 5.7.0.1172 (HKCU Version: 5.7.0.1172)
GPL Ghostscript (Version: 9.05)
Gupta Runtime 4.0 (Version: 4.00)
Help Center (Version: 2.00n)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HxD Hex Editor version 1.7.7.0 (Version: 1.7.7.0)
ImageR 32
ImagXpress (Version: 7.0.74.0)
ImgBurn (Version: 2.5.1.0)
ImportQIF (Version: 2.5.25.0)
IndexR (Version: 5.0.1965.14439)
Ink Art (Version: 1.3)
Intel® Graphics Media Accelerator Driver (Version: 0.0.0.0000)
Intel® Network Connections Drivers (Version: 13.5)
InterVideo Register Manager (Version: 1.0.4.0)
InterVideo VirtualDrive
InterVideo WinDVD (Version: 5.0-B11.1294)
InterVideo WinDVD Creator 3 (Version: 3.0.01.231)
ISD Tablet (Version: 7.0.2-29)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java DB 10.6.2.1 (Version: 10.6.2.1)
Java™ SE Development Kit 6 Update 35 (Version: 1.6.0.350)
Jello.Dashboard 5.22 beta (Labdanum) (Version: 5.22 beta (Labdanum))
Lenovo System Interface Driver (Version: 1.01)
Lenovo ThinkVantage Toolbox (Version: 6.0.5514.55)
LinkedIn Outlook Toolbar (Version: 2.7.2.1002)
Logitech QuickCam Driver Package
Look2Skype 1.4.0.8 (HKCU Version: 1.4.0.8)
Magic MP3 Tagger 2.2.6
Maintenance Manager (Version: 3.0.5.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee SiteAdvisor (Version: 3.6.160)
Menu Templates - Starter Kit (Version: 9.4.6.0)
Message Center (Version: 2.01f)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.0 Security Update (KB2833951)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Education Pack for Windows XP Tablet PC Edition (Version: 1.0.0)
Microsoft Energy Blue Theme Pack (Version: 1.0.0)
Microsoft Experience Pack for Tablet PC (Version: 1.0.0)
Microsoft Ink Crossword (Version: 1.1)
Microsoft Ink Desktop (Version: 1.0.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Media Transfer (Version: 1.0)
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Project Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2003 (Version: 11.0.8173.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Pro Photo Tools (Version: 2.2)
Microsoft Reader for Pocket PC
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Snipping Tool 2.0 (Version: 2.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Windows XP Tablet PC Edition 2005 Recognizer Pack (Version: 1.7)
Microsoft WinUsb 1.0
Microsoft WinUsb 2.0
Movie Templates - Starter Kit (Version: 9.4.6.0)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MultiTouch Driver (Version: 3.0.0.3)
MusicBrainz Picard (Version: 1.2)
MVision (Version: 11.50.1169)
MyCalculator (Version: 2.0.0)
Nero 9 Trial
Nero BackItUp (Version: 4.2.0.100)
Nero BackItUp (Version: 4.2.3.100)
Nero BackItUp 4
Nero Burning ROM Help (Version: 9.2.2.100)
Nero BurnRights (Version: 2.99.6.100)
Nero BurnRights (Version: 3.4.13.100)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.4.12.100)
Nero CoverDesigner Help (Version: 4.2.2.100)
Nero Disc Copy Gadget Help (Version: 2.2.7.0)
Nero DiscSpeed (Version: 4.99.5.105)
Nero DiscSpeed (Version: 5.4.13.100)
Nero DriveSpeed (Version: 3.99.5.105)
Nero DriveSpeed (Version: 4.4.12.100)
Nero Express Help (Version: 9.2.2.100)
Nero InfoTool (Version: 5.99.5.105)
Nero InfoTool (Version: 6.4.12.100)
Nero Installer (Version: 4.4.9.0)
Nero Live (Version: 1.4.40.0)
Nero Live Help (Version: 1.0.162.0)
Nero PhotoSnap (Version: 2.4.28.0)
Nero PhotoSnap Help (Version: 1.53.2.0)
Nero Recode (Version: 4.4.38.1)
Nero Recode Help (Version: 3.53.0.0)
Nero Rescue Agent (Version: 2.4.14.100)
Nero RescueAgent Help (Version: 1.99.0.1)
Nero ShowTime (Version: 4.99.0.0)
Nero ShowTime (Version: 5.4.21.100)
Nero StartSmart (Version: 9.4.19.100)
Nero StartSmart Help (Version: 9.2.4.100)
Nero Vision (Version: 0.0.0.2)
Nero Vision (Version: 6.4.16.100)
Nero WaveEditor (Version: 5.4.37.1)
Nero WaveEditor Help (Version: 5.0.15.0)
NeroBurningROM (Version: 9.4.26.100)
NeroExpress (Version: 9.4.26.100)
NeroLiveGadget (Version: 1.2.7.100)
NeroLiveGadget Help (Version: 1.0.6.100)
neroxml (Version: 1.0.0)
Network ScanGear Ver.2.21 (Version: 2.21.0000)
NOOK for PC (Version: 2.5.6.9575)
Notepad++ (Version: 6.3.2)
OMNIKEY 3x21 PC/SC Driver (Version: 3.0.0.0)
On Screen Display (Version: 5.32.00)
OpenDNS Updater 2.2.1 (Version: 2.2.1)
Paint.NET v3.5.10 (Version: 3.60.0)
PC CCID (Version: 1.0.0)
PGP Desktop (Version: 9.0.6.6060)
Pic2Pic Pro 2.7
Picasa 3 (Version: 3.9)
PocketMan
Productivity Center Supplement for ThinkPad (Version: 3.00b)
Qualcomm Gobi Driver Package for Lenovo (Version: 1.0.8)
Qualcomm Gobi Images for Lenovo (Version: 1.0.9)
Quicken 2013 (Version: 22.1.12.7)
Quicken WillMaker Plus 2008
Quicken WillMaker Plus 2010
QuickTime (Version: 7.69.80.9)
RecordNow Audio (Version: 2.0.4)
RecordNow Copy (Version: 2.0.4)
RecordNow Data (Version: 2.0.4)
Remove Multimedia Center
Rescue and Recovery (Version: 4.21.0016.00)
Revo Uninstaller 1.94 (Version: 1.94)
RoboForm 7-9-2-5 (All Users) (Version: 7-9-2-5)
SafeNet Borderless Security PK Client (Version: 7.2.0)
SafeNet iKey Driver v4.1.1.1006 (Version: 4.1.1)
Salesforce Outlook Edition 3 (Version: 3.3.114)
SCR331 Smart Card Reader (Version: 1.01.0000)
SDFormatter (Version: 4.0.0)
SeaTools for Windows (Version: 1.2.0.5)
Sierra Wireless MC57xx Package for Access Connections (Version: 6.30.0.3)
Skype Click to Call (Version: 6.13.13771)
Skype™ 6.0 (Version: 6.0.126)
Solicitation Viewer
SolidWorks eDrawings 2012 (Version: 12.1.130)
SolidWorks eDrawings 2013 (Version: 13.4.107)
Sonic DLA (Version: 5.2.0)
Sonic Express Labeler (Version: 2.1.0)
Sonic Icons for Lenovo (Version: 1.0.2)
Sonic Update Manager (Version: 3.0.0)
SoundTrax (Version: 4.4.37.1)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
Suite Specific (Version: 2.0.0)
SUPERAntiSpyware (Version: 5.6.1042)
swMSM (Version: 12.0.0.1)
System Migration Assistant (Version: 5.20.0171)
System Requirements Lab
System Update (Version: 3.14.0024)
Tablet PC Tutorials for Microsoft Windows XP SP2 (Version: 1.7)
TBS WMP Plug-in (Version: 1.00.676)
ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter (Version: 7.6.1.260b)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 5.5.0.9100)
ThinkPad EasyEject Utility  (Version: 2.32)
ThinkPad FullScreen Magnifier (Version: 2.10)
ThinkPad Modem (Version: 7.70.00)
ThinkPad PC Card Power Policy (Version: 1.02)
ThinkPad Power Management Driver (Version: 1.55)
ThinkPad Power Manager (Version: 1.73)
ThinkPad Tablet Button Driver (Version: 3.02.000)
ThinkPad Tablet Shortcut Menu (Version: 4.14)
ThinkPad TrackPoint Driver (Version: 4.65.0.0)
ThinkVantage Access Connections (Version: 5.62)
ThinkVantage Active Protection System (Version: 1.71)
ThinkVantage Fingerprint Software (Version: 5.8.5.6014)
ThinkVantage Productivity Center (Version: 3.11)
ThinkVantage Technologies Welcome Message (Version: 1.18)
Time Zone Data Update Tool for Microsoft Office Outlook (Version: 12.0.4518.1093)
TrueCrypt (Version: 7.1a)
Turbo Lister 2 (Version: 2.00.0000)
TurboMeeting (HKCU Version: 3.0.340)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.3236)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0404)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0192)
TurboTax 2010 wrapper (Version: 010.000.0155)
TurboTax 2011
TurboTax 2011 WinPerFedFormset (Version: 011.000.2999)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0474)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214)
TurboTax 2011 wpaiper (Version: 011.000.1684)
TurboTax 2011 wrapper (Version: 011.000.0121)
TurboTax 2012 (Version: 2012.0)
TurboTax 2012 WinPerFedFormset (Version: 012.000.1842)
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0419)
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0178)
TurboTax 2012 wrapper (Version: 012.000.0127)
Tweak UI
Unlocker 1.9.2 (Version: 1.9.2)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955704) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
User Profile Hive Cleanup Service (Version: 1.6.30)
VISUAL Quality Management (Version: 6.5)
Wallpapers
WealthBuilder (Version: 1.00.000)
WebFldrs XP (Version: 9.50.7523)
Webroot SecureAnywhere (Version: 8.0.4.24)
WebTablet IE Plugin (Version: 1.1.0.11)
WebTablet Netscape Plugin (Version: 1.1.0.9)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Toolbar (Version: 03.01.0130)
Windows Media Connect
Windows Media Format 11 runtime
Windows PowerShell™ 1.0 (Version: 2)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows Small Business Server 2011 Standard ClientAgent (Version: 6.1.7900.1)
Windows Small Business Server 2011 Standard WMI Provider (Version: 6.1.7900.1)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPcap 4.1.3 (Version: 4.1.0.2980)
WinZip 15.5 (Version: 15.5.9510)
WinZip Self-Extractor
Wireshark 1.10.2 (32-bit) (Version: 1.10.2)
XML Notepad 2007 (Version: 2.3.0.0)
XML Paper Specification Shared Components Pack 1.0
XnView 1.99.5 (Version: 1.99.5)
XP Themes (Version: 1.00.0000)
Yahoo! Detect

==================== Restore Points  =========================

29-08-2013 14:20:51 Software Distribution Service 3.0
30-08-2013 12:26:25 Software Distribution Service 3.0
02-09-2013 14:00:19 Software Distribution Service 3.0
03-09-2013 12:41:36 Software Distribution Service 3.0
04-09-2013 03:42:30 Software Distribution Service 3.0
04-09-2013 07:58:46 Software Distribution Service 3.0
05-09-2013 12:55:39 Software Distribution Service 3.0
06-09-2013 12:51:04 Software Distribution Service 3.0
09-09-2013 12:15:28 Software Distribution Service 3.0
10-09-2013 03:55:12 Software Distribution Service 3.0
10-09-2013 13:13:17 Software Distribution Service 3.0
11-09-2013 12:39:27 Software Distribution Service 3.0
11-09-2013 14:15:53 Software Distribution Service 3.0
12-09-2013 12:29:43 Software Distribution Service 3.0
12-09-2013 12:49:32 Software Distribution Service 3.0
12-09-2013 19:07:40 Software Distribution Service 3.0
12-09-2013 21:00:40 Software Distribution Service 3.0
13-09-2013 12:13:21 Software Distribution Service 3.0
13-09-2013 12:19:36 Software Distribution Service 3.0
16-09-2013 10:54:01 Software Distribution Service 3.0
16-09-2013 11:06:34 Software Distribution Service 3.0
17-09-2013 03:57:13 Software Distribution Service 3.0
18-09-2013 12:47:37 Software Distribution Service 3.0
19-09-2013 12:44:39 Software Distribution Service 3.0
20-09-2013 12:34:01 Software Distribution Service 3.0
21-09-2013 17:58:39 Software Distribution Service 3.0
22-09-2013 03:20:20 Software Distribution Service 3.0
22-09-2013 17:48:34 Software Distribution Service 3.0
23-09-2013 12:46:03 Software Distribution Service 3.0
24-09-2013 03:39:01 Software Distribution Service 3.0
25-09-2013 12:19:48 Software Distribution Service 3.0
26-09-2013 12:52:38 Software Distribution Service 3.0
27-09-2013 12:23:18 Software Distribution Service 3.0
28-09-2013 14:32:04 Software Distribution Service 3.0
30-09-2013 12:15:03 Software Distribution Service 3.0
01-10-2013 04:03:18 Software Distribution Service 3.0
01-10-2013 14:25:26 Software Distribution Service 3.0
02-10-2013 12:49:22 Software Distribution Service 3.0
03-10-2013 03:27:38 Software Distribution Service 3.0
03-10-2013 12:53:10 Software Distribution Service 3.0
04-10-2013 13:04:21 Software Distribution Service 3.0
05-10-2013 14:33:21 Software Distribution Service 3.0
07-10-2013 12:13:17 Software Distribution Service 3.0
08-10-2013 03:48:58 Software Distribution Service 3.0
09-10-2013 07:42:23 Software Distribution Service 3.0
09-10-2013 13:44:09 Software Distribution Service 3.0
10-10-2013 01:33:16 Software Distribution Service 3.0
10-10-2013 12:15:24 Software Distribution Service 3.0
11-10-2013 03:31:51 Software Distribution Service 3.0
14-10-2013 01:13:28 Software Distribution Service 3.0
15-10-2013 03:27:38 Software Distribution Service 3.0
15-10-2013 14:37:07 Software Distribution Service 3.0
16-10-2013 13:04:55 Software Distribution Service 3.0
17-10-2013 12:49:03 Software Distribution Service 3.0
17-10-2013 15:25:42 Removed Java 7 Update 25
18-10-2013 13:07:05 Software Distribution Service 3.0
19-10-2013 15:29:05 Software Distribution Service 3.0
20-10-2013 03:30:06 Software Distribution Service 3.0
20-10-2013 15:29:52 Software Distribution Service 3.0
22-10-2013 00:07:57 Software Distribution Service 3.0
23-10-2013 12:50:04 Software Distribution Service 3.0
24-10-2013 12:50:34 Software Distribution Service 3.0
25-10-2013 12:52:08 Software Distribution Service 3.0
27-10-2013 20:16:49 Installed Box Sync
28-10-2013 22:41:31 Removed Citrix Online Launcher
29-10-2013 12:48:59 Software Distribution Service 3.0
30-10-2013 12:50:24 Software Distribution Service 3.0
31-10-2013 12:58:33 Software Distribution Service 3.0
01-11-2013 12:55:26 Software Distribution Service 3.0
04-11-2013 13:35:57 Software Distribution Service 3.0
05-11-2013 03:41:22 Software Distribution Service 3.0
05-11-2013 13:39:49 Software Distribution Service 3.0
06-11-2013 14:01:13 Software Distribution Service 3.0
07-11-2013 13:31:07 Software Distribution Service 3.0
08-11-2013 13:47:55 Software Distribution Service 3.0
09-11-2013 16:31:22 System Checkpoint
10-11-2013 03:11:25 avast! antivirus system restore point
10-11-2013 06:09:00 avast! antivirus system restore point
10-11-2013 06:15:09 avast! antivirus system restore point
10-11-2013 06:24:54 avast! antivirus system restore point
11-11-2013 10:26:34 System Checkpoint
12-11-2013 12:55:15 System Checkpoint
13-11-2013 19:58:38 System Checkpoint
14-11-2013 15:09:20 Software Distribution Service 3.0
15-11-2013 19:33:53 System Checkpoint
17-11-2013 00:00:46 System Checkpoint

==================== Hosts content: ==========================

2006-04-30 17:51 - 2011-01-11 22:58 - 00292042 ____A C:\WINDOWS\system32\Drivers\etc\hosts
192.168.101.10 clearalign01.clearalign.com
127.0.0.1       localhost
127.0.0.1    007guard.com
127.0.0.1    www.007guard.com
127.0.0.1    008i.com
127.0.0.1    008k.com
127.0.0.1    www.008k.com
127.0.0.1    00hq.com
127.0.0.1    www.00hq.com
127.0.0.1    010402.com
127.0.0.1    032439.com
127.0.0.1    www.032439.com
127.0.0.1    0scan.com
127.0.0.1    www.0scan.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-domains-registrations.com
127.0.0.1    www.1-domains-registrations.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\ASC6_PerformanceMonitor.job => C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-65210520-528169522-2851600264-1266Core.job => C:\Documents and Settings\dhuff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-65210520-528169522-2851600264-1266UA.job => C:\Documents and Settings\dhuff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\WINDOWS\Tasks\PMTask.job => C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2013-11-16 18:20 - 2013-11-16 13:28 - 02141184 _____ () C:\Program Files\AVAST Software\Avast\defs\13111601\algo.dll
2006-10-20 00:33 - 2006-10-20 00:33 - 00117760 ____N () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\dlcxdrpp.dll
2010-06-10 08:47 - 2010-04-22 16:00 - 00020480 ____N () C:\Program Files\ThinkPad\ConnectUtilities\ACNewBiosHelper.dll
2011-03-19 21:06 - 2011-03-19 21:06 - 00854016 _____ () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-03-19 21:06 - 2011-03-19 21:06 - 00476520 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2013-01-11 12:55 - 2012-04-10 16:36 - 00962936 _____ () C:\Program Files\Tablet\ISD\libxml2.dll
2008-05-14 16:08 - 2008-05-14 16:08 - 00139264 ____N () C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
2010-06-10 08:47 - 2010-04-22 16:18 - 00167936 ____N () C:\Program Files\ThinkPad\ConnectUtilities\ACAthV2MSVC6.dll
2010-06-10 08:48 - 2010-04-22 15:42 - 00043520 ____N () C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll
2010-06-10 08:48 - 2010-04-22 15:42 - 00077824 ____N () C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll
2008-12-18 19:55 - 2010-01-06 00:13 - 00031744 ____N () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
2010-07-04 16:32 - 2010-07-04 16:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-11-12 15:12 - 2012-09-19 17:18 - 00105344 _____ () C:\Program Files\IObit\Advanced SystemCare 6\ASCComputerMenu.dll
2010-05-25 09:57 - 2010-05-25 09:57 - 02860384 ____N () C:\WINDOWS\system32\btwicons.dll
2012-01-05 15:18 - 2011-06-21 08:09 - 01662976 _____ () C:\Program Files\XnView\ShellEx\XnViewShellExt.dll
2012-06-18 10:24 - 2012-06-18 10:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2012-11-12 15:12 - 2012-09-19 17:19 - 00142208 _____ () C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll
2012-11-12 15:12 - 2012-10-30 15:37 - 00348032 _____ () C:\Program Files\IObit\Advanced SystemCare 6\madExcept_.bpl
2012-11-12 15:12 - 2012-10-30 15:37 - 00182656 _____ () C:\Program Files\IObit\Advanced SystemCare 6\madBasic_.bpl
2012-11-12 15:12 - 2012-10-30 15:37 - 00050048 _____ () C:\Program Files\IObit\Advanced SystemCare 6\madDisAsm_.bpl
2008-12-18 19:55 - 2010-01-06 00:13 - 00051712 ____N () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL
2013-11-15 23:25 - 2013-11-15 23:25 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BD280B1D

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TurboMeeting => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Faulty Device Manager Devices =============

Name: IVI Virtual CD SCSI CdRom Device
Description: CD-ROM Drive
Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Android ADB Interface
Description: Android ADB Interface
Class Guid: {3F966BD9-FA04-4EC5-991C-D326973B5128}
Manufacturer: Google, Inc.
Service: WinUSB
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2013 04:34:21 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for CLEARALIGN\dhuff failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (11/17/2013 04:33:09 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (11/17/2013 04:31:41 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (11/17/2013 04:31:34 PM) (Source: UserInit) (User: )
Description: Could not execute the following script \\clearalign.com\SysVol\clearalign.com\ClientAgent\ClientAgent.vbs. No network provider accepted the given network path.
.

Error: (11/17/2013 04:31:34 PM) (Source: UserInit) (User: )
Description: Could not execute the following script \\clearalign.com\SysVol\clearalign.com\ClientAgent\ClientAgent.vbs. No network provider accepted the given network path.
.

Error: (11/17/2013 04:31:25 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (11/17/2013 01:21:31 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: Faulting application adwcleaner.exe, version 3.0.1.2, stamp 4f25baec, faulting module ole32.dll, version 5.1.2600.6435, stamp 51ffa8f8, debug? 0, fault address 0x00020fd5.

Error: (11/17/2013 10:07:17 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for CLEARALIGN\dhuff failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (11/17/2013 10:06:06 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (11/17/2013 02:09:22 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for CLEARALIGN\dhuff failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.


System errors:
=============
Error: (11/17/2013 08:36:43 PM) (Source: Service Control Manager) (User: )
Description: The SafeNet Token Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/17/2013 08:36:41 PM) (Source: Service Control Manager) (User: )
Description: The PGPserv service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/17/2013 08:36:40 PM) (Source: Service Control Manager) (User: )
Description: The SafeNet Virtual Channel Monitor service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/17/2013 08:36:40 PM) (Source: Service Control Manager) (User: )
Description: The SafeNet Log Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/17/2013 08:36:40 PM) (Source: Service Control Manager) (User: )
Description: The Atheros Configuration Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/17/2013 08:16:43 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 239 minutes.
NtpClient has no source of accurate time.

Error: (11/17/2013 06:33:58 PM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (11/17/2013 06:16:43 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 119 minutes.
NtpClient has no source of accurate time.

Error: (11/17/2013 05:16:42 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.

Error: (11/17/2013 04:46:42 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.


Microsoft Office Sessions:
=========================
Error: (10/25/2013 04:24:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18276 seconds with 2940 seconds of active time.  This session ended with a crash.

Error: (10/03/2013 02:59:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 111906 seconds with 10680 seconds of active time.  This session ended with a crash.

Error: (09/05/2013 00:27:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 693138 seconds with 23160 seconds of active time.  This session ended with a crash.

Error: (07/22/2013 07:20:44 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 39824 seconds with 960 seconds of active time.  This session ended with a crash.

Error: (07/11/2013 02:41:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 285 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (07/11/2013 10:54:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8613 seconds with 2340 seconds of active time.  This session ended with a crash.

Error: (07/02/2013 10:48:05 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7519 seconds with 1920 seconds of active time.  This session ended with a crash.

Error: (06/03/2013 04:03:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 286186 seconds with 4800 seconds of active time.  This session ended with a crash.

Error: (05/21/2013 02:18:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 858 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/07/2013 01:44:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 792 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 3046.22 MB
Available physical RAM: 1754.56 MB
Total Pagefile: 4930.43 MB
Available Pagefile: 3497.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.18 MB

==================== Drives ================================

Drive c: (Preload) (Fixed) (Total:226.93 GB) (Free:49.65 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive s: (Offline) (Network) (Total:226.93 GB) (Free:49.65 GB) *NT5CSC
Drive u: (Offline) (Network) (Total:226.93 GB) (Free:49.65 GB) *NT5CSC
Drive v: (Offline) (Network) (Total:226.93 GB) (Free:49.65 GB) *NT5CSC
Drive x: (Offline) (Network) (Total:226.93 GB) (Free:49.65 GB) *NT5CSC

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: E11595F6)
Partition 1: (Active) - (Size=227 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=6 GB) - (Type=12)

==================== End Of Log ============================



#9 dbh369

dbh369
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:55 AM

Posted 27 November 2013 - 09:19 AM

 Results of screen317's Security Check version 0.99.77  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
a
v
a
s
t
!
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
W
e
b
r
o
t
ECHO is off.
S
e
c
u
r
e
A
n
y
w
h
e
r
e
ECHO is off.
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 SUPERAntiSpyware     
 McAfee SiteAdvisor    
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 45  
 Java™ SE Development Kit 6 Update 35
 Java DB 10.6.2.1   
 Adobe Flash Player     11.9.900.117  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (25.0.1)
 Google Chrome 31.0.1650.48  
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#10 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:04:55 AM

Posted 28 November 2013 - 11:08 AM

Hello dbh369, and Happy Thanksgiving! :)

 

Looking over your logs, I have a question concerning an entry that I found:

 

clearalign01.clearalign.com

 

Does this site look familiar, and if so, are you having issues trying to access it?

 

==========

 

Let's perform the following:

 

We need to run a scan with Combofix:

 

Please download and Run ComboFix. To do so, please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


Best Regards,
oneof4.


#11 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:04:55 AM

Posted 02 December 2013 - 12:37 PM

Are you still with us?


Best Regards,
oneof4.


#12 dbh369

dbh369
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:55 AM

Posted 02 December 2013 - 05:56 PM

Alas, no, had a crash when I tried to get the recovery installed, then kept fiddling around with it really wonky, and finally said no, going to reinstall the operating system. In fact, put Win 7 on, and replaced the hard disk with a SSD. Sorry, but it had taken too long (been posting since 10 November) and needed to get this working. Thanks for trying to help!


Edited by dbh369, 02 December 2013 - 05:58 PM.


#13 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:04:55 AM

Posted 02 December 2013 - 10:38 PM

Thanks dbh369 for letting us know.  Hope everything goes well with the upgrade.

 

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.


Edited by oneof4, 02 December 2013 - 10:40 PM.

Best Regards,
oneof4.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users