Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't log in to mail, messenger, secure sites


  • This topic is locked This topic is locked

#1
cato1978

cato1978

    Member

  • Member
  • PipPip
  • 40 posts
Honestly I'm a little puzzled. I have had my system running smoothly for quite a long time. I recently had it shut down while I was out to sea and now that I'm back I'm noticing some odd issues. I've definitely had issues getting malware-bytes installed but I did get it and ran it. I've ran CCleaner to try to clear up some junk. Ad-Aware found a few issues and removed them and my active scanner is Avast (which is valid and up to date). Specifically, no matter which browser I use I'm getting an inconsistent error trying to log in to gmail. Sometimes when I try to scan, I get a crash or an error stopping the scan. The computer doesn't like what I'm trying to do so far, but I've yet to fix the problem. When I try to log on to yahoo messenger, I now get an error saying as follows (IP addresses deleted because I didn't know if it mattered):

Yahoo error:
Checking virtual IP servers...
[VIP Raw] Connecting to Virtual IP server IP ADDRESS DELETED... [PASSED]
[VIP Raw] Sending HTTP request to the server... [PASSED]
[VIP Raw] Receiving response... [PASSED]
[VIP Raw] Checking HTTP response code... [PASSED]
[VIP Raw] Parsing connection server IP address... [PASSED]
[VIP Raw] Connecting to Virtual IP server IP ADDRESS DELETED... [PASSED]
[VIP Raw] Sending HTTP request to the server... [PASSED]
[VIP Raw] Receiving response... [PASSED]
[VIP Raw] Checking HTTP response code... [PASSED]
[VIP Raw] Parsing connection server IP address... [PASSED]
[VIP Raw] PASSED *** IP ADDRESS DELETED ***

Checking connection servers...
[CS Raw] Connecting to connection server port '5050'... [PASSED]
[CS Raw] Sending port check command... [PASSED]
[CS Raw] PASSED

Checking login servers...
[Login] Connecting to login server IP ADDRESS DELETED... [PASSED]
[Login] TIMEOUT

Below are my OTL reports:


Logfile created: 5/12/2011 21:44:55
Ad-Aware version: 9.0.5
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: user

*********************** Definitions database information ***********************
Lavasoft definition file: 150.402
Genotype definition file version: 2011/05/11 09:53:59
Extended engine definition file: 9264.0

******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 78985
Objects detected: 4


Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 4
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0



Quarantined items:
Description: c:\program files\ares\ares.exe Family Name: Trojan.Win32.Generic!SB.0 Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 132227d553c8261c501080c10a9cd24f
Description: c:\users\user\desktop\current\desktop junk\new folder\svchost.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: 285fee12264472dfe00f72b7656b95bf
Description: c:\program files\aimersoft\keygen.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: 688ad3b098dae3b25569591487a55d18
Description: c:\$recycle.bin\s-1-5-21-4149202785-989440042-3916684815-1000\$r0v4bzt.exe Family Name: Win32.Hoax.Screensaver Engine: 1 Clean status: Success Item ID: 0 Family ID: 836076 MD5: 8210cbb21e66dac91d2ad38e9ee8e525

Scan and cleaning complete: Stopped by request after 2749 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Full Scan
ID: folderstoscan, enabled:1, value: C:\,D:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Thu May 12 21:35:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Thu May 12 03:35:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Thu May 12 09:35:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Thu May 12 15:35:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Thu May 12 21:35:00 2011
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: true
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: true
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true


****************************** System information ******************************
Computer name: USER-PC
Processor name: AMD Athlon™ 64 X2 Dual-Core Processor TK-55
Processor identifier: x86 Family 15 Model 104 Stepping 1
Processor speed: ~1800MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 26625, number of processors 2, processor features: [MMX,SSE,SSE2,SSE3,3DNow]
Physical memory available: 903266304 bytes
Physical memory total: 2078461952 bytes
Virtual memory available: 1880850432 bytes
Virtual memory total: 2147352576 bytes
Memory load: 56%
Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Windows startup mode:

Running processes:
PID: 480 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 548 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 600 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY
PID: 612 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 644 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 660 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 668 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY
PID: 716 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 852 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 908 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 936 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 980 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1112 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1144 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1156 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1264 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1284 name: C:\Windows\System32\SLsvc.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1312 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1464 name: C:\Windows\System32\rundll32.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1520 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1668 name: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1684 name: C:\Program Files\Alwil Software\Avast4\ashServ.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1712 name: C:\Windows\System32\wlanext.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2016 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2040 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1556 name: C:\Windows\System32\taskeng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1960 name: C:\Windows\System32\dwm.exe owner: user domain: user-PC
PID: 1132 name: C:\Windows\System32\taskeng.exe owner: user domain: user-PC
PID: 740 name: C:\Windows\explorer.exe owner: user domain: user-PC
PID: 2364 name: C:\Windows\System32\wercon.exe owner: user domain: user-PC
PID: 2432 name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2472 name: C:\Program Files\AskBarDis\bar\bin\AskService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2492 name: C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2516 name: C:\Windows\System32\bgsvcgen.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2544 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2560 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2572 name: C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2656 name: C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2768 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2844 name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2872 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2908 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2932 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2952 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3004 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3064 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3144 name: C:\Windows\System32\drivers\XAudio.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3176 name: C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3204 name: C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3464 name: C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4084 name: C:\Program Files\Windows Defender\MSASCui.exe owner: user domain: user-PC
PID: 832 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: user domain: user-PC
PID: 2052 name: C:\Program Files\HP\QuickPlay\QPService.exe owner: user domain: user-PC
PID: 1428 name: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe owner: user domain: user-PC
PID: 2160 name: C:\Program Files\Synaptics\SynTP\SynTPStart.exe owner: user domain: user-PC
PID: 2344 name: C:\Windows\WindowsMobile\wmdc.exe owner: user domain: user-PC
PID: 1476 name: C:\Program Files\HP\HP Software Update\hpwuSchd2.exe owner: user domain: user-PC
PID: 1380 name: C:\Program Files\Alwil Software\Avast4\ashDisp.exe owner: user domain: user-PC
PID: 1508 name: C:\Windows\System32\wpcumi.exe owner: user domain: user-PC
PID: 2424 name: C:\Windows\System32\rundll32.exe owner: user domain: user-PC
PID: 1044 name: C:\Windows\vsnpstd3.exe owner: user domain: user-PC
PID: 2672 name: C:\Windows\tsnpstd3.exe owner: user domain: user-PC
PID: 2064 name: C:\Program Files\iTunes\iTunesHelper.exe owner: user domain: user-PC
PID: 3032 name: C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe owner: user domain: user-PC
PID: 1308 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1032 name: C:\Windows\System32\wbem\unsecapp.exe owner: user domain: user-PC
PID: 2640 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 4108 name: C:\Program Files\Windows Media Player\wmpnscfg.exe owner: user domain: user-PC
PID: 4148 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 4472 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 5228 name: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1628 name: C:\Program Files\Synaptics\SynTP\SynTPHelper.exe owner: user domain: user-PC
PID: 3312 name: C:\Windows\System32\wuauclt.exe owner: user domain: user-PC
PID: 5148 name: C:\Windows\System32\msiexec.exe owner: SYSTEM domain: NT AUTHORITY
PID: 5668 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 5744 name: C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe owner: user domain: user-PC
PID: 4700 name: C:\Windows\System32\taskeng.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 6024 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: user domain: user-PC
PID: 2504 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4424 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: user domain: user-PC
PID: 5704 name: C:\Windows\System32\rundll32.exe owner: user domain: user-PC
PID: 4720 name: C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe owner: user domain: user-PC
PID: 5092 name: C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe owner: user domain: user-PC

Startup items:
Name: MySpaceIM
imagepath: C:\Program Files\MySpace\IM\MySpaceIM.exe
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: Launcher
imagepath: %WINDIR%\SMINST\launcher.exe
Name: Windows Defender
imagepath: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
Name: SynTPEnh
imagepath: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Name: QPService
imagepath: "C:\Program Files\HP\QuickPlay\QPService.exe"
Name: QlbCtrl
imagepath: %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
Name: HP Health Check Scheduler
imagepath: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
Name: SynTPStart
imagepath: C:\Program Files\Synaptics\SynTP\SynTPStart.exe
Name: Windows Mobile Device Center
imagepath: %windir%\WindowsMobile\wmdc.exe
Name: Adobe Reader Speed Launcher
imagepath: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Name: MSConfig
imagepath: "C:\Windows\system32\msconfig.exe" /auto
Name: HP Software Update
imagepath: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Name: avast!
imagepath: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Name: WPCUMI
imagepath: C:\Windows\system32\WpcUmi.exe
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Name: NvMediaCenter
imagepath: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Name: snpstd3
imagepath: C:\Windows\vsnpstd3.exe
Name: tsnpstd3
imagepath: C:\Windows\tsnpstd3.exe
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Name: iTunesHelper
imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MotionSD STUDIO - SD Browser auto start -.lnk
imagepath: C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED\Adobe Reader Speed Launch.lnk
imagepath: C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED\Adobe Reader Synchronizer.lnk
imagepath: C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
imagepath: C:\Program Files\Paltalk Messenger\paltalk.exe

Bootexecute items:
Name:
imagepath: autocheck autochk *

Running services:
Name: AeLookupSvc
displayname: Application Experience
Name: Appinfo
displayname: Application Information
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: ASKService
displayname: ASKService
Name: ASKUpgrade
displayname: ASKUpgrade
Name: aswUpdSv
displayname: avast! iAVS4 Control Service
Name: AudioEndpointBuilder
displayname: Windows Audio Endpoint Builder
Name: Audiosrv
displayname: Windows Audio
Name: avast! Antivirus
displayname: avast! Antivirus
Name: BFE
displayname: Base Filtering Engine
Name: bgsvcgen
displayname: B's Recorder GOLD Library General Service
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Bonjour Service
displayname: Bonjour Service
Name: Browser
displayname: Computer Browser
Name: BthServ
displayname: Bluetooth Support Service
Name: CLCapSvc
displayname: CyberLink Background Capture Service (CBCS)
Name: CLSched
displayname: CyberLink Task Scheduler (CTS)
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: DPS
displayname: Diagnostic Policy Service
Name: EapHost
displayname: Extensible Authentication Protocol
Name: EMDMgmt
displayname: ReadyBoost
Name: Eventlog
displayname: Windows Event Log
Name: EventSystem
displayname: COM+ Event System
Name: fdPHost
displayname: Function Discovery Provider Host
Name: FDResPub
displayname: Function Discovery Resource Publication
Name: FreeAgentGoNext Service
displayname: Seagate Service
Name: gpsvc
displayname: Group Policy Client
Name: hidserv
displayname: Human Interface Device Access
Name: HP Health Check Service
displayname: HP Health Check Service
Name: hpqcxs08
displayname: hpqcxs08
Name: hpqddsvc
displayname: HP CUE DeviceDiscovery Service
Name: hpqwmiex
displayname: hpqwmiex
Name: IKEEXT
displayname: IKE and AuthIP IPsec Keying Modules
Name: iphlpsvc
displayname: IP Helper
Name: iPod Service
displayname: iPod Service
Name: KeyIso
displayname: CNG Key Isolation
Name: KtmRm
displayname: KtmRm for Distributed Transaction Coordinator
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Workstation
Name: LightScribeService
displayname: LightScribeService Direct Disc Labeling Service
Name: lmhosts
displayname: TCP/IP NetBIOS Helper
Name: MMCSS
displayname: Multimedia Class Scheduler
Name: MpsSvc
displayname: Windows Firewall
Name: msiserver
displayname: Windows Installer
Name: Net Driver HPZ12
displayname: Net Driver HPZ12
Name: Netman
displayname: Network Connections
Name: netprofm
displayname: Network List Service
Name: NlaSvc
displayname: Network Location Awareness
Name: nsi
displayname: Network Store Interface Service
Name: nvsvc
displayname: NVIDIA Display Driver Service
Name: PcaSvc
displayname: Program Compatibility Assistant Service
Name: PlugPlay
displayname: Plug and Play
Name: Pml Driver HPZ12
displayname: Pml Driver HPZ12
Name: PolicyAgent
displayname: IPsec Policy Agent
Name: ProfSvc
displayname: User Profile Service
Name: RapiMgr
displayname: Windows Mobile-based device connectivity
Name: RasMan
displayname: Remote Access Connection Manager
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification Service
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: slsvc
displayname: Software Licensing
Name: Spooler
displayname: Print Spooler
Name: SSDPSRV
displayname: SSDP Discovery
Name: SstpSvc
displayname: Secure Socket Tunneling Protocol Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: SysMain
displayname: Superfetch
Name: TabletInputService
displayname: Tablet PC Input Service
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: upnphost
displayname: UPnP Device Host
Name: UxSms
displayname: Desktop Window Manager Session Manager
Name: W32Time
displayname: Windows Time
Name: WcesComm
displayname: Windows Mobile-2003-based device connectivity
Name: WdiSystemHost
displayname: Diagnostic System Host
Name: WebClient
displayname: WebClient
Name: WerSvc
displayname: Windows Error Reporting Service
Name: WinDefend
displayname: Windows Defender
Name: WinHttpAutoProxySvc
displayname: WinHTTP Web Proxy Auto-Discovery Service
Name: Winmgmt
displayname: Windows Management Instrumentation
Name: Wlansvc
displayname: WLAN AutoConfig
Name: WMPNetworkSvc
displayname: Windows Media Player Network Sharing Service
Name: WPCSvc
displayname: Parental Controls
Name: WPDBusEnum
displayname: Portable Device Enumerator Service
Name: wscsvc
displayname: Security Center
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Windows Update
Name: wudfsvc
displayname: Windows Driver Foundation - User-mode Driver Framework
Name: XAudioService
displayname: XAudioService
Name: YahooAUService
displayname: Yahoo! Updater
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service


EXTRAS FILE:

OTL Extras logfile created on: 5/13/2011 4:19:45 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.62 Gb Total Space | 52.67 Gb Free Space | 37.45% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 1.81 Gb Free Space | 21.52% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{081F287C-1178-467C-82E2-D9310E54F18D}" = lport=137 | protocol=17 | dir=in | app=system |
"{0AA25A7C-19E0-473F-A789-7DB8B463A312}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0EF46342-68C1-4715-98C9-8D0669BCD8E4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{10A9A4F5-7183-4799-BA58-98375919B8A5}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{11B5557A-C946-4D95-9F61-6D5EE12EC845}" = rport=137 | protocol=17 | dir=out | app=system |
"{140C7605-D9E1-4111-B3F2-2D2F2694A537}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{1436954D-6F88-4E0A-869A-9CABA6B7DB54}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{186B282F-2B71-4E03-9C81-4003B1285ACE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{214102A7-7BBF-49D8-8299-4B624E53FD72}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{218F1F5A-B9B2-43D4-8C5E-D3F09485D5F1}" = rport=139 | protocol=6 | dir=out | app=system |
"{29272E93-76EA-4BBF-BA09-5782795C7AFA}" = lport=445 | protocol=6 | dir=in | app=system |
"{2CDB940E-8BE8-4E83-A975-31236C827243}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{30E2DD74-5CF7-461F-BFFA-E170B5A75E67}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{34E0E615-C590-49DE-A3FC-6FCCF41B0ECB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3CD4EAAD-6314-4D46-AB1C-D925C5F18B79}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3E98FF27-1AD7-420D-82C6-7E7923235A3F}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{4DADF6DE-18F5-4D55-BACB-EF667D98E8F1}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{516AC2D9-7E38-437F-8FBB-1B679C517163}" = lport=138 | protocol=17 | dir=in | app=system |
"{534F6719-1C05-4E91-A74E-0BE0CCDD86BC}" = rport=138 | protocol=17 | dir=out | app=system |
"{55E53B00-09D4-4C13-AD8F-C3631A80D332}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{59E1076A-CCF1-41C7-A49B-3014F575E0B7}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5BC14BC7-F955-4C95-981A-0D064C2521EA}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5F1940B4-BCE3-488F-B7D5-12C961EC9A12}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{63E7AA93-DD1C-42EE-8BED-3AB918D4C32D}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{68CBE06B-7D8D-49F7-BAFB-59164FF79A75}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6CCCF001-9F9B-4839-8CA8-8C6CFAB2ADE3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{701FE1A5-EF8B-4764-9CDB-9D17C04EAE65}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7173B4F6-0F03-4671-A148-6BAF0F331CD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{720B9A96-7FD8-4F96-880D-384DCEB51907}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8F688DC1-DD91-4D7E-A459-7C4EAD1355BD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{90C50C3F-4C2D-487E-9B56-AAF2631137A7}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9615E08E-1B6C-4617-8CAC-3D9292A45103}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A18E3B13-5C69-458C-ABCC-0748CB83443F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A88FE419-D7EC-4AA2-93DE-F5BF29E539F4}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A99D5FE2-A412-4129-BAFD-5907F75ED3D2}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B9E38076-079D-4769-967E-14BA49BA1E96}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C0821682-FF47-44BD-9242-4246BEA4D849}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C33255C1-8D6F-45D0-B908-D314468EB560}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C34CBC62-5C70-4D58-9E6D-901DA8191E0A}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{CC1AF3A5-22AA-4E1D-9E8E-7F27C616E9BC}" = lport=139 | protocol=6 | dir=in | app=system |
"{CEF8FCD6-A713-4B22-9FA9-DB12743A2708}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D2A224B4-C3E7-4218-8978-F6C941126416}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{DE1FFA90-4702-48A5-9DD0-79F99DFBA3E9}" = rport=445 | protocol=6 | dir=out | app=system |
"{E01E1AD7-E65B-4111-887F-AA787B09B489}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{F119C8F4-7D3F-4DEA-8638-945D78EFFB5F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F246141A-C35F-497A-8997-DD33B1A65DD3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F3299F30-35C4-4816-8491-664EFB2A248D}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{F419C372-82B7-4505-85E9-67F8597D6750}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A07731-1CB2-4546-BB10-5778E2CC54BD}" = protocol=58 | dir=out | [email protected],-28546 |
"{01E6A81C-ABC1-4225-A6EF-04E996FB87DD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{03C9749D-1A74-42F7-8F3A-1C56AF087A77}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{05F6F3EF-B25C-4001-8372-FE26E6D1B328}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{0D338F03-D74F-48E1-A0D5-CC03EA4C5985}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{12B2D499-6826-4A71-8118-1CCB6340E927}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1350FF53-F2D0-4074-8FF7-1DEA4CCBDC72}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{16BC0068-3EC5-4FBC-BB52-D0A24986A9B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1765C68A-D8F6-4453-A4DD-15638B604C35}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1974EA75-B4C7-4083-94BB-FF9660EC3347}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{199FA715-6127-466A-9070-8EBFC710E254}" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"{1B6C9EB6-3889-4694-8E72-AFFC6DF64B5B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1ED18757-2535-4D9A-9AED-2B04E86AC216}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1F91FEDE-7447-4864-873C-C8A754DC2D41}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{214AD21E-58FB-4D34-BE80-65799DC6DBA2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{22BC3807-5BB9-4BE2-B896-FDFCF8A0549C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2B2C4DA4-C08D-4361-B7C1-553A8D7633CF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2B594F9C-F2E3-468C-A6E9-813F34F36858}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2B6CCB26-F52C-47B9-BD6E-264CE7192E88}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2CFEF947-1DA2-4ED1-B5EA-F2F2C5870B96}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2DC01FA0-2B09-4A28-9FAF-1D32B660956C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2F6C7CA9-8F0E-4AB6-BE28-16A3D69250D8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{3053DA8B-FEE1-42A7-AB36-AB79A7A296CD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{327D36A0-4879-4D08-BFA6-29DC8F29A271}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{32BCEC29-76CE-4C4C-BA4B-F555296E4CE6}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{35ECDF05-455C-4D07-93FB-F0C6795E30D3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{38DEEC01-9F18-4223-BD8D-54E77A48F060}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{395A8243-6392-4AB1-8F30-23B9B8AD42B6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3A6557C7-5F7F-4D7C-87B5-0118B6A2749B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3B3E309E-5DED-4720-AEE8-F411B420D194}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3F331E9C-7E90-4E45-8216-0D4EF25A13BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4516C0BE-B643-4654-89B3-313222BBA99B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{4D78A337-D4CD-47E4-8603-A2CB62F10ACD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4E22F028-5DC4-40C9-9483-E02DAE0A3634}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{5BC58A37-88F1-48D7-8BE5-98236F326965}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{62ABF5E0-BDDF-4DCF-82C5-C1CA42844494}" = protocol=1 | dir=out | [email protected],-28544 |
"{62DAD364-9054-4450-8B64-1E97F59A49D1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{63717CAC-D251-471B-9795-6D4C83A0759F}" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"{64159568-4996-4C5C-B2F8-C153B9DD8E21}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{65A7BB12-7585-4C86-BE8E-947EA4095A6D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{66CC07F9-1B48-4D9A-96EB-E2A15D79CBA4}" = protocol=58 | dir=in | [email protected],-28545 |
"{67E71EF6-5216-4E36-8AAD-C82BC9C8DDD2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6B5B1878-9DB3-4FC0-8436-E2FFEE0804BC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{72BF7C3D-E137-458A-B1DF-2CAAF1754707}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7CEED379-D9E4-4E83-A5CF-752EE259FC23}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8256F643-F088-4494-9AB4-51EF8E1ABB4C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{828B8549-3607-4CF0-8ED9-9F2646C28851}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8790D7AE-E903-4B57-ADA0-60955239934B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{896D062A-72CA-411E-82F8-DD9F44C3A5C8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8A40C410-82AB-416E-93F9-74924ECF373F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8F09D557-1F93-4AA7-80EC-00714D5806C8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{93FFC8E6-ED48-4340-9B36-C42362758C26}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{977244DC-0C6F-4602-9E5D-F53F4137696A}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{9785128D-7197-454C-A394-6E75F619F139}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9B435993-115D-45CD-B669-9761329A4F61}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9F496A76-713D-425A-82D5-EB67762B92B2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A57E98A6-28E9-46A1-A86E-CCE6F369AC46}" = protocol=1 | dir=in | [email protected],-28543 |
"{BD3AD72D-AD66-4BC5-B5C7-158B28187303}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BD71DF3B-17F0-4E2F-84D0-8DC7400F309C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BE223DE9-77E2-4EB5-B7B8-F1FBD3A03DFE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BF98866C-8C3E-4E0D-BFE5-84FE01CF1099}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C1085424-F309-4DB2-B7F9-C6EB971C435E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C48AA3D5-CC50-4098-B2A1-48864B1A3983}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C4A70EEA-9B51-4FBD-91BE-C501AA8F57EB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CEC38892-4512-4493-B630-51164B73880F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D5D3C99E-3191-4F7A-A170-A92E6C978037}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D99B69B9-B5A0-49E4-9E36-8047A9571813}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DBF0783D-97E1-4E16-BC3A-83D588851CB7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DC998ED8-A436-4326-AD09-D6A441C83B30}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DD69FB53-043D-402B-BFF0-13172CB96341}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DDB79537-BE1B-49D8-9E35-865252F6818E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E5D4E461-057A-41BF-AEB7-F4B282A036A4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E7793006-414A-4E38-8467-8E47A481554D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EA33BD6B-189B-4E5A-A6F2-04DD8A45563E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EB2EB383-EF02-4973-A584-EEEC66DEA6F0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EC7B4A3E-AA2A-4594-95F3-4C7E37C30462}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EC8731B5-C2C8-4479-924A-4706B3B4AD91}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F238082B-3978-480D-B122-CF2A1C1231A2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FF0635DB-56BC-4877-8290-5C502437DB20}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"TCP Query User{1544212A-5ED7-4EB2-B06E-5D68447B161B}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{5485E9CA-106F-40F8-99EC-0C774915ED1B}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{5CA3D98C-D8F7-4CD4-A16A-9B8DF6239C6C}C:\program files\myspace\im\myspaceim.exe" = protocol=6 | dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"TCP Query User{67F4FFF4-5EF8-4E2A-8E3F-E330D6638C91}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{6DD88675-202C-4040-BEB8-509221479A37}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{95F8C3CC-5D8A-413A-83AA-48D00CF8436B}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{AE85D338-7019-4E16-89F5-5AF494410925}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B1690D74-F4B2-4948-9538-C7457FE74BCB}C:\users\user\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{B87F3D8F-BC65-4FA3-8335-A89B3C534403}C:\users\user\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\imvuclient\1vivoxvoice.exe |
"TCP Query User{DA1C75A8-461C-4035-923E-152B86F1DFC8}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{E2EC4F3B-CCA5-466E-8C86-2F7280FECD2C}C:\program files\myspace\im\myspaceim.exe" = protocol=6 | dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"TCP Query User{E8E30184-51A0-41E9-B35D-F3421B4EA655}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{04C5E2F7-245A-4D9A-A1B8-6E72CDD24121}C:\program files\myspace\im\myspaceim.exe" = protocol=17 | dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"UDP Query User{13C44334-A15C-4B45-AEF0-39FBECB7E0F5}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{24646A1F-146C-4B52-9763-0437E0039D56}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{503BEC88-6FCC-4883-ACD3-AF45601228E7}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{66E8A740-BC4D-417A-9FBE-CDBB7BB627C8}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{67F6E8EC-6728-4923-A60B-84875D869945}C:\users\user\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{6BDD503E-5F85-4C93-8567-E521EEECA216}C:\program files\myspace\im\myspaceim.exe" = protocol=17 | dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"UDP Query User{6C1D82C4-7F81-4EE8-9B6A-1AE3FD35ACD1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{700029BC-D67A-43F4-9F3D-9F637E4FB1BE}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9636CAB3-D399-4E56-9CBD-705F36D524E9}C:\users\user\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\imvuclient\1vivoxvoice.exe |
"UDP Query User{F71A6432-8647-48DD-9DE2-81780A0DC9C0}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{FB8E7FD8-0B11-48F2-944D-B9F462BD118A}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0FE6B77F-54CD-45ED-BB64-A99477B0A8F1}" = 5600
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{44D21B77-D4FC-49E8-A726-CD00D5016703}" = DBsign Web Signer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A712D29-DBE3-4381-A331-AF4AE5BEB244}" = ArcSoft Software Suite
"{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}" = ESU for Microsoft Vista
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}" = TSP_CODEC
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA47D951-588B-48A5-8183-21C44B1EA6EA}" = VRWriter4
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CDCBF62D-8E74-44A5-91AD-44AB4C2EFD89}" = InterVideo FilterSDK for Panasonic
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{E045A5E3-0FC6-4AC2-BBE3-C49D68BA54DA}" = MotionSD STUDIO 1.3E
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}" = USB PC Camera (SN9C103)
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = GE MiniCam Pro
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Aimersoft Video Converter_is1" = Aimersoft Video Converter(Build 1.1.52)
"Ares" = Ares 2.1.1
"Ask Toolbar_is1" = Vuze Toolbar
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner (remove only)
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"IrfanView" = IrfanView (remove only)
"KC Softwares VideoInspector_is1" = KC Softwares VideoInspector
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Basic)
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MWSnap 3" = MWSnap 3
"MySpaceIM" = MySpaceIM
"NVIDIA Drivers" = NVIDIA Drivers
"Palringo" = Palringo
"Photo Viewer_is1" = Uninstall Photo Viewer
"Picasa2" = Picasa 2
"Polarity" = Polarity
"Pro Media Director_is1" = Pro Media Director Version 2.0.0.1
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"SmartAudio" = SmartAudio
"Sony Digital Voice Editor 3" = Sony Digital Voice Editor 3
"ST6UNST #1" = NavFit98A
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4149202785-989440042-3916684815-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"FileZilla Client" = FileZilla Client 3.3.0
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 8/23/2010 4:22:32 PM | Computer Name = user-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\user\Music\iTunes\iTunes Library Extras.itdb failed, 00000005.

[ Application Events ]
Error - 7/22/2009 9:27:06 AM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =

Error - 7/22/2009 10:27:06 AM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =

Error - 7/22/2009 11:27:06 AM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =

Error - 7/22/2009 11:35:32 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application FreeAgentService.exe, version 4.7.0.1, time stamp
0x4907a2dc, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000000, process id 0x96c, application start time
0x01ca0ac893c6174e.

Error - 7/23/2009 1:27:06 AM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =

Error - 7/25/2009 9:27:05 AM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =

Error - 7/25/2009 10:27:06 AM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =

Error - 8/2/2009 2:07:26 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application FreeAgentService.exe, version 4.7.0.1, time stamp
0x4907a2dc, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000000, process id 0x98c, application start time
0x01ca1397e1d645aa.

Error - 8/4/2009 3:23:02 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application FreeAgentService.exe, version 4.7.0.1, time stamp
0x4907a2dc, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000000, process id 0x978, application start time
0x01ca14d03968b1c1.

Error - 8/4/2009 7:27:06 AM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =

[ Media Center Events ]
Error - 11/8/2008 10:57:51 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/8/2009 8:15:47 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ OSession Events ]
Error - 7/5/2008 4:17:08 PM | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 879
seconds with 720 seconds of active time. This session ended with a crash.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

MALWARE BITES FILE:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6569

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

5/13/2011 10:54:32 PM
mbam-log-2011-05-13 (22-54-32).txt

Scan type: Full scan (C:\|)
Objects scanned: 392528
Time elapsed: 1 hour(s), 41 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\$RECYCLE.BIN\s-1-5-21-4149202785-989440042-3916684815-1000\$R0V4BZT.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

EDIT/UPDATE:
Additionally, some pages only partially load (like ebay, yahoo, etc...). What I mean is lots of graphics look like broken links or the site pops up as if it's a low bandwidth version (mobile version) of the site... I'm sure it's just a partial load but it's what it looks like to me. I've done a speed test and I'm getting great transfer rates. I've also noticed I am getting more caught up in what it effects... while it was hitting me on some secure sites, not it's almost all of them. If I click reload sometimes the site will come up, sometimes it'll just say site unavailable over and over. Is this a common issue? I think I've had too many years malware free and now it's coming back to collect all the time those sneaky little buggers lost on me. Thanks in advance for any help.

Edited by cato1978, 14 May 2011 - 09:11 AM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello cato1978 and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please delete your version of OTL and download new OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • In Extra Registry section select Use SafeList option
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • TDSSKiller log
It would be helpful if you could post each log in separate post
  • 0

#3
cato1978

cato1978

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Sir,

OTL created an OTL log, but it did not create an Extras log. Should I run the program again? Here is the OTL log:


OTL logfile created on: 5/17/2011 5:55:20 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.62 Gb Total Space | 52.96 Gb Free Space | 37.66% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 1.81 Gb Free Space | 21.52% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\user\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
PRC - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wercon.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Windows\tsnpstd3.exe ()
PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Windows\vsnpstd3.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\user\Desktop\OTL.scr (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (ASKUpgrade) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (ICDSPTSV) -- C:\Windows\System32\IcdSptSv.exe (Sony Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (JL2004A) -- C:\Windows\System32\drivers\pv_wdm.sys (Windows ® 2000 DDK provider)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (ICDUSB2) Sony IC Recorder (P) -- C:\Windows\System32\drivers\IcdUsb2.sys (Sony Corporation)
DRV - (ICAM3NT5) -- C:\Windows\System32\drivers\Icam3.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/04 18:45:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/14 15:14:49 | 000,000,000 | ---D | M]

[2009/11/03 10:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2009/11/03 10:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/05/13 05:26:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\irhfcvu0.default\extensions
[2010/09/01 17:53:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\irhfcvu0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/03 19:34:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\irhfcvu0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/10/24 19:26:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\irhfcvu0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/13 05:26:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\irhfcvu0.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/09/28 21:46:40 | 000,002,160 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\irhfcvu0.default\searchplugins\MySpace.xml
[2007/10/31 15:36:45 | 000,002,386 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\irhfcvu0.default\searchplugins\siteadvisor.xml
[2007/10/08 22:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/05/31 20:49:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/03/29 19:00:35 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\USER\APPDATA\ROAMING\MOVE NETWORKS
[2004/08/18 12:00:00 | 000,270,336 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\DCAENTU.dll
[2004/08/18 12:00:00 | 001,294,336 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\DCARSA.dll
[2004/08/18 12:00:00 | 000,348,160 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\GuiUtils.dll
[2004/08/18 12:00:00 | 000,393,216 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npDBsignWeb.dll
[2004/08/18 12:00:00 | 000,122,880 | ---- | M] (Netscape Communications Corporation) -- C:\Program Files\Mozilla Firefox\plugins\nsldap32v30.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: select2perform.com ([www] * in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 07:08:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{57542626-80c3-11de-84ea-001a73845a16}\Shell\AutoRun\command - "" = setup.exe
O33 - MountPoints2\{904aadbf-37b9-11dd-b6ea-001b2497b887}\Shell - "" = AutoRun
O33 - MountPoints2\{904aadbf-37b9-11dd-b6ea-001b2497b887}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{ba1a1018-334e-11de-a2dd-001b2497b887}\Shell\AutoRun\command - "" = F:\.\EncryptionTool\MaxtorEncryption.exe
O33 - MountPoints2\{c3588c26-81a0-11de-b9d4-001a73845a16}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{cbe7ea0c-aaa6-11de-a756-001a73845a16}\Shell - "" = AutoRun
O33 - MountPoints2\{cbe7ea0c-aaa6-11de-a756-001a73845a16}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\EncryptionTool\MaxtorEncryption.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/05/17 17:51:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.scr
[2011/05/17 17:50:06 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\17mayreview
[2011/05/12 21:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/04/19 20:16:26 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Ordnance
[2010/11/02 17:07:34 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll
[2010/11/02 17:07:34 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2010/09/07 18:27:27 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd2.dll
[2010/09/07 18:27:27 | 000,040,960 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd2.dll
[2010/09/07 18:27:27 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd2.dll
[2007/03/12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005/11/23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll

========== Files - Modified Within 30 Days ==========

[2011/05/17 18:01:12 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6B4BD7CF-D72E-4ACE-A8D8-CE7512E058CC}.job
[2011/05/17 17:58:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B75D508B-3094-47D6-BDE5-25BA29819A60}.job
[2011/05/17 17:53:57 | 001,280,208 | ---- | M] () -- C:\Users\user\Desktop\tdsskiller.zip
[2011/05/17 17:51:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.scr
[2011/05/17 17:50:02 | 000,069,140 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/17 17:44:08 | 000,000,147 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/05/17 17:42:06 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/05/17 17:41:54 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/17 17:41:49 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 17:41:49 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 17:41:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/16 23:14:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/16 22:38:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4149202785-989440042-3916684815-1000UA.job
[2011/05/16 22:33:24 | 000,069,140 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/16 22:25:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/14 20:31:20 | 000,125,397 | ---- | M] () -- C:\Users\user\Desktop\me2.jpg
[2011/05/14 20:27:09 | 000,113,152 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/14 16:38:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4149202785-989440042-3916684815-1000Core.job
[2011/05/13 21:41:06 | 000,002,037 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2011/05/13 21:41:06 | 000,001,999 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/24 14:33:58 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/24 14:33:58 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/05/17 17:54:03 | 001,280,208 | ---- | C] () -- C:\Users\user\Desktop\tdsskiller.zip
[2011/05/14 20:31:19 | 000,125,397 | ---- | C] () -- C:\Users\user\Desktop\me2.jpg
[2010/11/02 17:07:38 | 000,270,336 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2010/11/02 17:07:36 | 000,003,968 | ---- | C] () -- C:\Windows\System32\drivers\DeNoise.sys
[2010/09/07 18:27:57 | 000,040,960 | ---- | C] () -- C:\Windows\vsnpstd2.exe
[2010/09/07 18:27:56 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsnpstd2.dll
[2010/09/07 18:27:56 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd2.ini
[2010/09/07 18:27:33 | 000,302,720 | ---- | C] () -- C:\Windows\System32\drivers\snpstd2.sys
[2010/09/07 18:27:21 | 000,020,480 | ---- | C] () -- C:\Windows\usnpstd2.exe
[2010/01/03 10:55:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/02 03:01:57 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/02 03:01:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/27 14:12:49 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/03/26 09:47:36 | 000,069,140 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/03/26 09:47:35 | 000,069,140 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/07/23 12:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/07/23 12:46:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/07/02 07:28:06 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2008/07/01 22:36:45 | 000,148,784 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2008/07/01 22:36:45 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2008/07/01 22:27:35 | 000,148,901 | ---- | C] () -- C:\Windows\hpoins19.dat
[2008/06/19 19:23:19 | 000,000,094 | ---- | C] () -- C:\Windows\awshkwv.ini
[2008/01/31 20:35:41 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IcdSptSvps.dll
[2008/01/31 20:35:40 | 000,122,880 | ---- | C] () -- C:\Windows\System32\trc.dll
[2008/01/31 20:35:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dsp_trc.dll
[2007/11/19 06:35:15 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/11/08 05:20:15 | 000,006,944 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2007/10/18 17:18:52 | 000,113,152 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/11 20:56:48 | 000,027,744 | ---- | C] () -- C:\Users\user\AppData\Roaming\nvModes.001
[2007/10/11 17:50:40 | 000,027,744 | ---- | C] () -- C:\Users\user\AppData\Roaming\nvModes.dat
[2007/10/08 22:10:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/08/04 06:53:25 | 000,103,437 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/04 05:35:06 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/05/24 13:29:14 | 000,000,901 | ---- | C] () -- C:\Windows\System32\drivers\JL2004A_PhotoViewer_Tools.sys
[2007/02/27 16:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 001,806,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/19 09:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2006/03/09 20:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 08:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004/02/27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2008/01/27 22:57:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.purple
[2011/04/01 13:49:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Azureus
[2009/08/04 09:25:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Datel
[2009/08/20 06:29:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDFab
[2009/11/11 17:11:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FileZilla
[2010/09/06 18:37:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GARMIN
[2011/05/16 23:07:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IMVU
[2011/04/15 18:46:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IMVUClient
[2007/12/06 00:42:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera
[2008/08/19 16:45:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Paltalk
[2007/11/30 18:52:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SystemRequirementsLab
[2009/12/23 17:42:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vivox
[2011/05/16 23:14:48 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/17 18:01:12 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6B4BD7CF-D72E-4ACE-A8D8-CE7512E058CC}.job
[2011/05/17 17:58:00 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B75D508B-3094-47D6-BDE5-25BA29819A60}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/15 14:25:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/15 14:25:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2009/10/07 21:07:18 | 000,212,992 | -H-- | M] (Realtek Semiconductor Corp.) MD5=285FEE12264472DFE00F72B7656B95BF -- C:\Users\user\Desktop\current\desktop junk\New Folder\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2009/05/31 20:48:51 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2009/05/31 20:48:51 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/05/31 20:48:51 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2009/05/31 20:48:41 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2009/05/31 20:48:41 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2009/05/31 20:48:41 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/02/23 00:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/02/23 00:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/02/23 00:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/02/23 02:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/02/23 02:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2009/08/06 10:01:18 | 001,794,856 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2009/08/06 10:01:18 | 001,794,856 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2009/08/06 10:01:18 | 001,794,856 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2009/08/06 10:01:18 | 001,794,856 | ---- | M] (Apple Inc.)

< End of report >
  • 0

#4
cato1978

cato1978

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
TDSS Log:


2011/05/17 19:43:29.0576 5612 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/17 19:43:30.0013 5612 ================================================================================
2011/05/17 19:43:30.0013 5612 SystemInfo:
2011/05/17 19:43:30.0013 5612
2011/05/17 19:43:30.0013 5612 OS Version: 6.0.6001 ServicePack: 1.0
2011/05/17 19:43:30.0013 5612 Product type: Workstation
2011/05/17 19:43:30.0013 5612 ComputerName: USER-PC
2011/05/17 19:43:30.0013 5612 UserName: user
2011/05/17 19:43:30.0013 5612 Windows directory: C:\Windows
2011/05/17 19:43:30.0013 5612 System windows directory: C:\Windows
2011/05/17 19:43:30.0013 5612 Processor architecture: Intel x86
2011/05/17 19:43:30.0013 5612 Number of processors: 2
2011/05/17 19:43:30.0013 5612 Page size: 0x1000
2011/05/17 19:43:30.0013 5612 Boot type: Normal boot
2011/05/17 19:43:30.0029 5612 ================================================================================
2011/05/17 19:43:31.0557 5612 Initialize success
2011/05/17 19:43:52.0539 4556 ================================================================================
2011/05/17 19:43:52.0539 4556 Scan started
2011/05/17 19:43:52.0539 4556 Mode: Manual;
2011/05/17 19:43:52.0539 4556 ================================================================================
2011/05/17 19:43:53.0553 4556 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/05/17 19:43:53.0772 4556 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/17 19:43:53.0865 4556 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/17 19:43:53.0943 4556 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/17 19:43:53.0990 4556 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/17 19:43:54.0115 4556 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
2011/05/17 19:43:54.0224 4556 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/05/17 19:43:54.0302 4556 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/17 19:43:54.0349 4556 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/17 19:43:54.0411 4556 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/17 19:43:54.0474 4556 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/17 19:43:54.0521 4556 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/17 19:43:54.0567 4556 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/17 19:43:54.0630 4556 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/17 19:43:54.0770 4556 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/17 19:43:54.0817 4556 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/17 19:43:54.0926 4556 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\Windows\system32\DRIVERS\aswFsBlk.sys
2011/05/17 19:43:54.0973 4556 aswMonFlt (e2851cb7dbb831888eaea46c55c05e44) C:\Windows\system32\DRIVERS\aswMonFlt.sys
2011/05/17 19:43:55.0035 4556 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\Windows\system32\drivers\aswRdr.sys
2011/05/17 19:43:55.0113 4556 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\Windows\system32\drivers\aswSP.sys
2011/05/17 19:43:55.0145 4556 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\Windows\system32\drivers\aswTdi.sys
2011/05/17 19:43:55.0238 4556 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/17 19:43:55.0316 4556 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/05/17 19:43:55.0503 4556 BCM43XV (d029131abaee5645dd04a7919bb480a6) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/17 19:43:55.0597 4556 BCM43XX (d029131abaee5645dd04a7919bb480a6) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/17 19:43:55.0753 4556 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/17 19:43:55.0987 4556 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/17 19:43:56.0065 4556 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/17 19:43:56.0112 4556 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/17 19:43:56.0190 4556 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/17 19:43:56.0361 4556 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/17 19:43:56.0471 4556 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/17 19:43:56.0580 4556 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/17 19:43:56.0642 4556 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/17 19:43:56.0736 4556 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
2011/05/17 19:43:56.0845 4556 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/17 19:43:56.0923 4556 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys
2011/05/17 19:43:57.0001 4556 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/17 19:43:57.0048 4556 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/17 19:43:57.0251 4556 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/05/17 19:43:57.0391 4556 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/17 19:43:57.0485 4556 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/17 19:43:57.0563 4556 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/17 19:43:57.0672 4556 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/17 19:43:57.0703 4556 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/17 19:43:57.0812 4556 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/05/17 19:43:57.0999 4556 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/05/17 19:43:58.0265 4556 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/05/17 19:43:58.0436 4556 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/05/17 19:43:58.0545 4556 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/05/17 19:43:58.0608 4556 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/17 19:43:58.0686 4556 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/17 19:43:58.0779 4556 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2011/05/17 19:43:58.0842 4556 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/17 19:43:58.0920 4556 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
2011/05/17 19:43:59.0060 4556 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/05/17 19:43:59.0169 4556 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/17 19:43:59.0357 4556 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/05/17 19:43:59.0450 4556 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/05/17 19:43:59.0513 4556 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/17 19:43:59.0606 4556 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/17 19:43:59.0669 4556 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/17 19:43:59.0809 4556 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/17 19:43:59.0996 4556 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/05/17 19:44:00.0137 4556 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/17 19:44:00.0183 4556 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/17 19:44:00.0261 4556 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/05/17 19:44:00.0527 4556 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/05/17 19:44:00.0729 4556 HdAudAddService (5ab09c8b9da9e5dae0090eb62a9d035a) C:\Windows\system32\drivers\CHDART.sys
2011/05/17 19:44:00.0807 4556 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/17 19:44:00.0854 4556 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/17 19:44:00.0901 4556 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/17 19:44:00.0963 4556 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/17 19:44:01.0026 4556 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/17 19:44:01.0119 4556 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/17 19:44:01.0307 4556 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/05/17 19:44:01.0463 4556 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/05/17 19:44:01.0634 4556 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/05/17 19:44:01.0697 4556 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/17 19:44:01.0790 4556 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/17 19:44:01.0977 4556 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/17 19:44:02.0399 4556 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/17 19:44:02.0523 4556 ICAM3NT5 (7e9dce459be666ab54f67e77cb7d1297) C:\Windows\system32\Drivers\Icam3.sys
2011/05/17 19:44:02.0804 4556 ICDUSB2 (60b044a221cf76cc6077b0c3e9136cff) C:\Windows\system32\Drivers\ICDUSB2.sys
2011/05/17 19:44:03.0069 4556 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/17 19:44:03.0163 4556 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/05/17 19:44:03.0241 4556 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/17 19:44:03.0335 4556 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/17 19:44:03.0553 4556 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/17 19:44:03.0647 4556 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/17 19:44:03.0756 4556 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/17 19:44:03.0818 4556 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/17 19:44:03.0881 4556 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/17 19:44:03.0912 4556 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/17 19:44:03.0943 4556 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/17 19:44:04.0021 4556 JL2004A (126eb5e418c20510b0863507f5c48708) C:\Windows\system32\Drivers\pv_wdm.sys
2011/05/17 19:44:04.0083 4556 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/17 19:44:04.0146 4556 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/17 19:44:04.0224 4556 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/17 19:44:04.0520 4556 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/17 19:44:04.0817 4556 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/17 19:44:04.0895 4556 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/17 19:44:04.0988 4556 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/17 19:44:05.0051 4556 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/17 19:44:05.0113 4556 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/17 19:44:05.0238 4556 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/17 19:44:05.0331 4556 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/17 19:44:05.0456 4556 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/17 19:44:05.0753 4556 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/17 19:44:05.0940 4556 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/17 19:44:06.0111 4556 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/17 19:44:06.0205 4556 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/17 19:44:06.0299 4556 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/17 19:44:06.0408 4556 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/17 19:44:06.0470 4556 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/05/17 19:44:06.0564 4556 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/17 19:44:06.0595 4556 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/17 19:44:06.0642 4556 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/17 19:44:06.0689 4556 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/05/17 19:44:06.0751 4556 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/17 19:44:06.0860 4556 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/17 19:44:07.0079 4556 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/17 19:44:07.0188 4556 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/17 19:44:07.0266 4556 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/17 19:44:07.0313 4556 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/17 19:44:07.0359 4556 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/05/17 19:44:07.0469 4556 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/17 19:44:07.0609 4556 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/17 19:44:07.0796 4556 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/05/17 19:44:07.0874 4556 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/17 19:44:07.0968 4556 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/05/17 19:44:08.0061 4556 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/17 19:44:08.0139 4556 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/17 19:44:08.0186 4556 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/17 19:44:08.0249 4556 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/17 19:44:08.0342 4556 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/17 19:44:08.0405 4556 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/17 19:44:08.0483 4556 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/17 19:44:08.0529 4556 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/05/17 19:44:08.0592 4556 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/17 19:44:08.0685 4556 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/05/17 19:44:08.0795 4556 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/17 19:44:08.0841 4556 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/17 19:44:08.0935 4556 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/05/17 19:44:09.0356 4556 nvlddmkm (b36c3b866b0d47e2e2856ec8fd746e39) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/17 19:44:09.0621 4556 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/17 19:44:09.0699 4556 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/05/17 19:44:09.0731 4556 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/17 19:44:09.0809 4556 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/17 19:44:09.0980 4556 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/17 19:44:10.0105 4556 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/17 19:44:10.0167 4556 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/05/17 19:44:10.0214 4556 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/17 19:44:10.0277 4556 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/05/17 19:44:10.0323 4556 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/17 19:44:10.0370 4556 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/17 19:44:10.0495 4556 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/17 19:44:10.0698 4556 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/17 19:44:10.0760 4556 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/17 19:44:10.0854 4556 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/17 19:44:10.0885 4556 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/17 19:44:11.0025 4556 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/17 19:44:11.0119 4556 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/17 19:44:11.0166 4556 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/17 19:44:11.0291 4556 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/17 19:44:11.0369 4556 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/17 19:44:11.0447 4556 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/17 19:44:11.0509 4556 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/17 19:44:11.0603 4556 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/17 19:44:11.0681 4556 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/17 19:44:11.0759 4556 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/17 19:44:11.0837 4556 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/17 19:44:11.0946 4556 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/05/17 19:44:12.0086 4556 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/05/17 19:44:12.0117 4556 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/05/17 19:44:12.0211 4556 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/05/17 19:44:12.0289 4556 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/17 19:44:12.0351 4556 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/17 19:44:12.0476 4556 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/17 19:44:12.0539 4556 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/17 19:44:12.0601 4556 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/17 19:44:12.0663 4556 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/17 19:44:12.0710 4556 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/17 19:44:12.0835 4556 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/17 19:44:12.0882 4556 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/17 19:44:12.0944 4556 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/17 19:44:12.0991 4556 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/17 19:44:13.0085 4556 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/17 19:44:13.0163 4556 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/17 19:44:13.0225 4556 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/17 19:44:13.0303 4556 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/05/17 19:44:13.0833 4556 SNPSTD3 (a37e84eb12c39d36eddeb7966429e75f) C:\Windows\system32\DRIVERS\snpstd3.sys
2011/05/17 19:44:14.0270 4556 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/17 19:44:14.0395 4556 sptd (d390675b8ce45e5fb359338e5e649329) C:\Windows\system32\Drivers\sptd.sys
2011/05/17 19:44:14.0395 4556 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/05/17 19:44:14.0395 4556 sptd - detected LockedFile.Multi.Generic (1)
2011/05/17 19:44:14.0489 4556 srv (8e5fc19b3b38364c5f44ccecec5248e9) C:\Windows\system32\DRIVERS\srv.sys
2011/05/17 19:44:14.0567 4556 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/17 19:44:14.0645 4556 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/17 19:44:14.0723 4556 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/05/17 19:44:14.0785 4556 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/05/17 19:44:14.0832 4556 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/05/17 19:44:14.0910 4556 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\Windows\system32\DRIVERS\sscdserd.sys
2011/05/17 19:44:15.0019 4556 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/17 19:44:15.0097 4556 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/17 19:44:15.0144 4556 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/17 19:44:15.0175 4556 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/17 19:44:15.0269 4556 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/17 19:44:15.0378 4556 Tcpip (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\drivers\tcpip.sys
2011/05/17 19:44:15.0518 4556 Tcpip6 (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/17 19:44:15.0581 4556 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/17 19:44:15.0643 4556 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/17 19:44:15.0705 4556 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/17 19:44:15.0768 4556 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/17 19:44:15.0846 4556 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/17 19:44:15.0971 4556 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/17 19:44:16.0033 4556 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/17 19:44:16.0127 4556 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/17 19:44:16.0189 4556 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/17 19:44:16.0251 4556 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/17 19:44:16.0361 4556 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/17 19:44:16.0423 4556 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/17 19:44:16.0485 4556 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/17 19:44:16.0548 4556 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/17 19:44:16.0626 4556 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/17 19:44:16.0766 4556 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/17 19:44:16.0907 4556 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
2011/05/17 19:44:17.0000 4556 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/17 19:44:17.0078 4556 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/17 19:44:17.0172 4556 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/17 19:44:17.0265 4556 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/17 19:44:17.0312 4556 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/17 19:44:17.0359 4556 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/17 19:44:17.0453 4556 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/17 19:44:17.0515 4556 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/17 19:44:17.0577 4556 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/17 19:44:17.0655 4556 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/17 19:44:17.0718 4556 usb_rndisx (ee181a08e09db23cf4a49b46a1e66bb8) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/05/17 19:44:17.0811 4556 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/17 19:44:17.0889 4556 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/17 19:44:17.0936 4556 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/17 19:44:17.0983 4556 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/17 19:44:18.0045 4556 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/17 19:44:18.0077 4556 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/17 19:44:18.0139 4556 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/05/17 19:44:18.0201 4556 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/05/17 19:44:18.0279 4556 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/17 19:44:18.0373 4556 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/17 19:44:18.0451 4556 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/17 19:44:18.0482 4556 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/17 19:44:18.0607 4556 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/17 19:44:18.0732 4556 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/17 19:44:18.0919 4556 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/17 19:44:19.0137 4556 WINUSB (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\WinUSB.SYS
2011/05/17 19:44:19.0215 4556 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/17 19:44:19.0403 4556 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/17 19:44:19.0481 4556 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/17 19:44:19.0637 4556 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/17 19:44:19.0715 4556 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/17 19:44:19.0839 4556 ================================================================================
2011/05/17 19:44:19.0839 4556 Scan finished
2011/05/17 19:44:19.0839 4556 ================================================================================
2011/05/17 19:44:19.0855 4752 Detected object count: 1
2011/05/17 19:44:37.0904 4752 LockedFile.Multi.Generic(sptd) - User select action: Skip
  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi cato1978 ,

Let's remove something and do some other scans.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = setup.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [emptyflash]
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply.
Step 2


Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Confirm deletion to all infection AVP finds
Once it has finished select report and post that.

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply
Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • AVPTool log
  • AVP analysis
  • aswMBR
It would be helpful if you could post each log in separate post
  • 0

#6
cato1978

cato1978

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
After running OTL fix:


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
File setup.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 49660 bytes
->Temporary Internet Files folder emptied: 161648 bytes
->FireFox cache emptied: 2521828 bytes

User: Jenna
->Temp folder emptied: 139734 bytes
->Temporary Internet Files folder emptied: 182970 bytes
->FireFox cache emptied: 82249725 bytes
->Flash cache emptied: 1235 bytes

User: Public

User: user
->Temp folder emptied: 113270105 bytes
->Temporary Internet Files folder emptied: 12279016 bytes
->Java cache emptied: 26116276 bytes
->FireFox cache emptied: 35892465 bytes
->Google Chrome cache emptied: 358093771 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 4595 bytes

User: You Can Use Me

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 84190 bytes
RecycleBin emptied: 582423 bytes

Total Files Cleaned = 602.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guest

User: Jenna
->Flash cache emptied: 0 bytes

User: Public

User: user
->Flash cache emptied: 0 bytes

User: You Can Use Me

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05182011_172609

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#7
cato1978

cato1978

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
This one took a long time to run, but here it is. :)

Attached Files


  • 0

#8
cato1978

cato1978

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
AVPTOOL LOG:




Autoscan: completed 3 hours ago (events: 6, objects: 744407, time: 03:09:56)
5/18/2011 8:16:32 PM Task started
5/18/2011 9:11:59 PM Detected: Trojan.Win32.CryptoVB.ic C:\Documents and Settings\user\Desktop\current\desktop junk\New Folder\svchost.exe
5/18/2011 9:38:29 PM Deleted: Trojan.Win32.CryptoVB.ic C:\Documents and Settings\user\Desktop\current\desktop junk\New Folder\svchost.exe
5/18/2011 9:55:18 PM Detected: Trojan-Mailfinder.Win32.Blen.ys C:\SwSetup\HPGame\games\wheeloffortune-setup.exe/data0029/data0000
5/18/2011 9:56:36 PM Deleted: Trojan-Mailfinder.Win32.Blen.ys C:\SwSetup\HPGame\games\wheeloffortune-setup.exe
5/18/2011 11:26:28 PM Task completed
  • 0

#9
cato1978

cato1978

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Maliprog, here is the final log requested. Thanks again for your help.


aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-19 03:14:19
-----------------------------
03:14:19.552 OS Version: Windows 6.0.6001 Service Pack 1
03:14:19.552 Number of processors: 2 586 0x6801
03:14:19.554 ComputerName: USER-PC UserName: user
03:14:20.970 Initialize success
03:14:37.791 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
03:14:37.791 Disk 0 Vendor: ST9160821AS 3.BHD Size: 152627MB BusType: 3
03:14:39.835 Disk 0 MBR read successfully
03:14:39.835 Disk 0 MBR scan
03:14:39.850 Disk 0 unknown MBR code
03:14:41.863 Disk 0 scanning sectors +312576705
03:14:41.941 Disk 0 scanning C:\Windows\system32\drivers
03:14:55.388 Service scanning
03:14:57.572 Disk 0 trace - called modules:
03:14:57.603 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x843fe1e8]<<
03:14:57.603 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8555cac8]
03:14:57.619 3 CLASSPNP.SYS[8819e745] -> nt!IofCallDriver -> [0x84df35a8]
03:14:57.634 5 acpi.sys[8072e6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x84e5dba0]
03:14:57.634 \Driver\atapi[0x84e50828] -> IRP_MJ_CREATE -> 0x843fe1e8
03:14:57.666 Scan finished successfully
03:15:11.659 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
03:15:11.659 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi cato1978,

Test your system after this step and report here for me.

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt log in your next reply.
  • 0

Advertisements


#11
cato1978

cato1978

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
The log that came up at the end of running combofix:


ComboFix 11-05-18.04 - user 05/19/2011 19:44:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.946 [GMT -4:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\sys
.
.
((((((((((((((((((((((((( Files Created from 2011-04-20 to 2011-05-20 )))))))))))))))))))))))))))))))
.
.
2011-05-20 00:01 . 2011-05-20 00:01 -------- d-----w- c:\users\Jenna\AppData\Local\temp
2011-05-20 00:01 . 2011-05-20 00:01 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-05-20 00:01 . 2011-05-20 00:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-18 22:28 . 2011-05-19 20:46 -------- d-----w- c:\programdata\Kaspersky Lab
2011-05-18 22:05 . 2011-05-18 22:05 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-05-18 21:26 . 2011-05-18 21:26 -------- d-----w- C:\_OTL
2011-05-18 00:01 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{190D5AE3-B09B-4A4C-AB59-2BD7020D0B93}\mpengine.dll
2011-05-13 01:35 . 2011-05-13 01:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Sunbelt Software
2011-05-13 01:33 . 2011-05-13 01:33 -------- d-----w- c:\program files\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-08-18 16:00 . 2007-10-12 17:13 270336 ------w- c:\program files\mozilla firefox\plugins\DCAENTU.dll
2004-08-18 16:00 . 2007-10-12 17:13 1294336 ------w- c:\program files\mozilla firefox\plugins\DCARSA.dll
2004-08-18 16:00 . 2007-10-12 17:13 348160 ------w- c:\program files\mozilla firefox\plugins\GuiUtils.dll
2004-08-18 16:00 . 2007-10-12 17:13 122880 ------w- c:\program files\mozilla firefox\plugins\nsldap32v30.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 17:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-09-29 9347072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MotionSD STUDIO - SD Browser auto start -.lnk - c:\program files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe [2008-9-19 66952]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-1-11 39792]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-5-11 738968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-11-28 00:53 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 135664]
R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-29 39048]
R3 JL2004A;JL2004A Photo Viewer;c:\windows\system32\Drivers\pv_wdm.sys [2007-02-13 63289]
R3 uty2otaw;AVZ Kernel Driver;c:\windows\system32\Drivers\uty2otaw.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-12-06 685816]
S1 aswSP;avast! Self Protection; [x]
S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 16:57]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 16:57]
.
2011-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4149202785-989440042-3916684815-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 21:08]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4149202785-989440042-3916684815-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 21:08]
.
2011-05-20 c:\windows\Tasks\User_Feed_Synchronization-{6B4BD7CF-D72E-4ACE-A8D8-CE7512E058CC}.job
- c:\windows\system32\msfeedssync.exe [2010-06-05 04:54]
.
2011-05-20 c:\windows\Tasks\User_Feed_Synchronization-{B75D508B-3094-47D6-BDE5-25BA29819A60}.job
- c:\windows\system32\msfeedssync.exe [2010-06-05 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: select2perform.com\www
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\irhfcvu0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: [email protected] - c:\users\user\AppData\Roaming\Move Networks

.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 20:01
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4149202785-989440042-3916684815-1000\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b
.
[HKEY_USERS\S-1-5-21-4149202785-989440042-3916684815-1000\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000003
"State"=dword:0000000b
.
[HKEY_USERS\S-1-5-21-4149202785-989440042-3916684815-1000\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000002
"State"=dword:0000000b
.
[HKEY_USERS\S-1-5-21-4149202785-989440042-3916684815-1000\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:00000013
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-05-19 20:18:00
ComboFix-quarantined-files.txt 2011-05-20 00:17
.
Pre-Run: 61,698,064,384 bytes free
Post-Run: 63,796,453,376 bytes free
.
- - End Of File - - C46CBE1919D6DB8042541235D525BD49
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi cato1978,

I don't see infections in your logs any more. How is your system now?
  • 0

#13
cato1978

cato1978

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hmmmm, I don't doubt we've cleaned a lot so far, but I'm still having the same initial problems... I'm unable to load mail in my browser (or any secure site for that matter) and unable to log in to yahoo messenger. If I start a program it sometimes seems to take a REALLY long time. I don't know what's going on.
  • 0

#14
cato1978

cato1978

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
For reference, here is a screen shot of what I get when I try to get to secure sites (using gmail log in page as an example) and the log I'm getting from yahoo messenger:


Checking virtual IP servers...
[VIP Raw] Resolving host name vcs1.msg.yahoo.com... [PASSED]
[VIP Raw] Connecting to Virtual IP server 98.136.48.32... [PASSED]
[VIP Raw] Sending HTTP request to the server... [PASSED]
[VIP Raw] Receiving response... [PASSED]
[VIP Raw] Checking HTTP response code... [PASSED]
[VIP Raw] Parsing connection server IP address... [PASSED]
[VIP Raw] Resolving host name vcs2.msg.yahoo.com... [PASSED]
[VIP Raw] Connecting to Virtual IP server 67.195.186.241... [PASSED]
[VIP Raw] Sending HTTP request to the server... [PASSED]
[VIP Raw] Receiving response... [PASSED]
[VIP Raw] Checking HTTP response code... [PASSED]
[VIP Raw] Parsing connection server IP address... [PASSED]
[VIP Raw] PASSED *** 98.136.48.81 ***

Checking connection servers...
[CS Raw] Connecting to connection server port '5050'... [PASSED]
[CS Raw] Sending port check command... [PASSED]
[CS Raw] PASSED

Checking login servers...
[Login] Resolving host name login.yahoo.com... [PASSED]
[Login] Connecting to login server 69.147.112.160... [PASSED]
[Login] TIMEOUT

I've researched this a good bit online, and over the last couple of months it seems to be that people randomly clean some malware/trojan and it fixes this issue, but what I find doesn't seem to isolate EXACTLY what they cleaned. Crazy, huh?

Attached Thumbnails

  • error.jpg

  • 0

#15
cato1978

cato1978

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
and you'll notice that contacting yahoo and gmail were both timeout errors. It's like that for every secure site. This makes no sense.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP