Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

WIndows Security Alert Malware

Started by jmf1234 , Jun 28 2011 12:33 PM

  • Please log in to reply

#1
jmf1234
Posted 28 June 2011 - 12:33 PM

jmf1234

    New Member

  • Member
  • Pip
  • 5 posts
Hi,
I have encountered a program called windows security alert. It has a red circle with a white x in the middle in the bottom right icon tray. I get the pop-ups it creates, and pop-ups stating that I have memory cluster errors. Also, all icons on my desktop and quick start menu are gone. I ran a malware bytes scan, nothing came up.

I disabled a newly created startup item in msconfig called OLESRV, from a manufacturer called eSafe, located at: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Once I restarted, that stopped the pop-ups, however all my files and icons are still gone and I haven't done anything to attempt to remove the program yet, not sure where to start...

PLEASE HELP!! THANKS!!

here is the OTL file:

OTL logfile created on: 6/28/2011 12:22:09 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\fredrickannie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 40.24% Memory free
4.21 Gb Paging File | 2.94 Gb Available in Paging File | 69.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.69 Gb Total Space | 180.09 Gb Free Space | 80.15% Space Free | Partition Type: NTFS
Drive D: | 8.20 Gb Total Space | 1.54 Gb Free Space | 18.74% Space Free | Partition Type: NTFS

Computer Name: JASONSCOMPUTER | User Name: fredrickannie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/28 12:14:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\fredrickannie\Desktop\OTL.exe
PRC - [2011/06/27 09:39:19 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/06/28 13:59:47 | 000,043,912 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2010/05/18 08:57:06 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/04/30 08:47:00 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2009/12/18 08:58:20 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/02/12 08:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 08:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2011/06/28 12:14:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\fredrickannie\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [On_Demand | Stopped] -- -- (CAATT)
SRV - [2010/06/28 13:59:47 | 000,043,912 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2010/05/18 08:57:06 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/04/30 08:47:00 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/04/23 19:11:44 | 000,106,593 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/23 19:11:42 | 000,262,243 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/02/12 08:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2009/04/10 21:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/12/29 05:54:07 | 000,025,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/09/05 16:26:38 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/07/09 15:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007/06/27 11:42:34 | 000,073,856 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
DRV - [2007/06/27 11:41:48 | 000,101,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
DRV - [2007/06/26 14:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007/04/30 13:59:30 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/04/18 06:03:26 | 000,141,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/04/05 16:04:16 | 000,017,920 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/03/30 14:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007/03/21 16:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/01 06:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/02/24 08:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 20:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2007/01/23 10:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/06 18:33:54 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2006/11/30 11:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/28 10:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 01:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/04/04 15:20:37 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www3.mymicros-es.net/login.jsp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://email.secure...n.php?logout=1"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.652
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..keyword.enabled: false
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 09:39:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 12:28:36 | 000,000,000 | ---D | M]

[2009/02/09 19:54:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\fredrickannie\AppData\Roaming\mozilla\Extensions
[2011/06/27 11:20:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\fredrickannie\AppData\Roaming\mozilla\Firefox\Profiles\ht2hxx82.default\extensions
[2009/09/26 14:02:32 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\fredrickannie\AppData\Roaming\mozilla\Firefox\Profiles\ht2hxx82.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/06/27 11:20:35 | 000,000,000 | -H-D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\fredrickannie\AppData\Roaming\mozilla\Firefox\Profiles\ht2hxx82.default\extensions\[email protected]
[2010/12/19 16:15:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/19 16:15:30 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/29 15:09:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/11 22:43:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/27 09:39:20 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/09 12:28:30 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2007/07/26 13:05:16 | 000,001,329 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - C:\Program Files\ScanSoft\PDF Converter 4\cnvres_eng.dll ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\fredrickannie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\fredrickannie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/16 05:22:04 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0e7f0de0-b003-11dc-8a3c-00a0d5ffffa1}\Shell\AutoRun\command - "" = F:\EasyTransferCable.exe
O33 - MountPoints2\{100deaa0-5ed0-11df-a7ab-ba87032ce9dc}\Shell - "" = AutoRun
O33 - MountPoints2\{100deaa0-5ed0-11df-a7ab-ba87032ce9dc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{17a1c2f5-1491-11dd-aa18-8dbfbde4aeac}\Shell - "" = AutoRun
O33 - MountPoints2\{17a1c2f5-1491-11dd-aa18-8dbfbde4aeac}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{70f77515-b51c-11dd-9819-9a66de138778}\Shell - "" = AutoRun
O33 - MountPoints2\{70f77515-b51c-11dd-9819-9a66de138778}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{a2175eb6-cceb-11dd-bca5-a400fbc05bee}\Shell - "" = AutoRun
O33 - MountPoints2\{a2175eb6-cceb-11dd-bca5-a400fbc05bee}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{a86e5e18-af2f-11dc-810b-001cbf3b90d5}\Shell - "" = AutoRun
O33 - MountPoints2\{a86e5e18-af2f-11dc-810b-001cbf3b90d5}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/28 12:14:54 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\fredrickannie\Desktop\OTL.exe
[2011/06/27 22:11:06 | 000,000,000 | -H-D | C] -- C:\Users\fredrickannie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Repair
[2011/06/27 22:02:39 | 000,465,408 | -H-- | C] (eSafe) -- C:\ProgramData\JoKAkqVcGyedlHU.exe
[2011/06/23 09:11:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/09 18:06:34 | 000,000,000 | -H-D | C] -- C:\Users\fredrickannie\Desktop\rendohouse_emailready
[2011/06/01 22:41:06 | 000,000,000 | -H-D | C] -- C:\Users\fredrickannie\Desktop\cost increase spreadsheet_files
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/28 12:20:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{037D1BCB-C5FC-477A-B001-9C1B9DA63194}.job
[2011/06/28 12:14:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\fredrickannie\Desktop\OTL.exe
[2011/06/28 11:31:26 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/06/28 11:11:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/28 11:11:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/28 11:11:27 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/06/28 11:11:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/28 11:09:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/27 22:58:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\Kodak AiO Scheduled Maintenance.job
[2011/06/27 22:11:08 | 000,000,248 | -H-- | M] () -- C:\ProgramData\~54124008
[2011/06/27 22:11:07 | 000,000,591 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\Windows Vista Repair.lnk
[2011/06/27 22:11:07 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~54124008r
[2011/06/27 22:10:55 | 000,000,344 | -H-- | M] () -- C:\ProgramData\54124008
[2011/06/27 22:10:44 | 000,411,136 | -H-- | M] () -- C:\ProgramData\54124008.exe
[2011/06/27 22:07:24 | 1306,346,496 | ---- | M] () -- C:\Windows\outlook (3).pst
[2011/06/27 22:02:36 | 000,465,408 | -H-- | M] (eSafe) -- C:\ProgramData\JoKAkqVcGyedlHU.exe
[2011/06/24 11:58:16 | 001,532,565 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00052.jpg
[2011/06/24 11:57:40 | 001,492,321 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00051.jpg
[2011/06/24 11:57:34 | 001,436,129 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00050.jpg
[2011/06/24 11:57:24 | 001,311,430 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00049.jpg
[2011/06/24 11:57:20 | 001,573,377 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00048.jpg
[2011/06/24 11:57:12 | 001,701,325 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00047.jpg
[2011/06/24 10:53:45 | 000,082,966 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\Mikado Rent Counter Proposal 8-12-10.pdf
[2011/06/23 23:47:12 | 001,532,214 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110622-00042.jpg
[2011/06/23 23:47:02 | 001,506,709 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\IMG-20110622-00041.jpg
[2011/06/23 13:02:41 | 000,634,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/23 13:02:41 | 000,117,244 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/23 12:56:18 | 000,888,377 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110623-00046.jpg
[2011/06/23 12:55:06 | 001,586,826 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110623-00044.jpg
[2011/06/23 12:54:54 | 001,674,705 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110623-00043.jpg
[2011/06/23 08:57:18 | 215,349,527 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/22 16:54:04 | 002,527,183 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\SellSheet_JapanUSA.pdf
[2011/06/17 16:08:33 | 001,067,600 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\Copper Cup Ad.pdf
[2011/06/15 23:50:01 | 000,027,648 | -H-- | M] () -- C:\Users\fredrickannie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/13 14:12:53 | 000,010,823 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\cost increase spreadsheet.htm
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/27 22:11:07 | 000,000,591 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\Windows Vista Repair.lnk
[2011/06/27 22:11:07 | 000,000,248 | -H-- | C] () -- C:\ProgramData\~54124008
[2011/06/27 22:11:07 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~54124008r
[2011/06/27 22:10:55 | 000,000,344 | -H-- | C] () -- C:\ProgramData\54124008
[2011/06/27 22:10:43 | 000,411,136 | -H-- | C] () -- C:\ProgramData\54124008.exe
[2011/06/27 18:20:00 | 001,701,325 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00047.jpg
[2011/06/27 18:20:00 | 001,573,377 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00048.jpg
[2011/06/27 18:20:00 | 001,532,565 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00052.jpg
[2011/06/27 18:20:00 | 001,492,321 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00051.jpg
[2011/06/27 18:20:00 | 001,436,129 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00050.jpg
[2011/06/27 18:20:00 | 001,311,430 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00049.jpg
[2011/06/24 10:53:45 | 000,082,966 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\Mikado Rent Counter Proposal 8-12-10.pdf
[2011/06/23 13:14:14 | 000,888,377 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110623-00046.jpg
[2011/06/23 13:14:02 | 001,506,709 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\IMG-20110622-00041.jpg
[2011/06/23 13:13:58 | 001,532,214 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110622-00042.jpg
[2011/06/23 13:13:53 | 001,674,705 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110623-00043.jpg
[2011/06/23 13:13:42 | 001,586,826 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110623-00044.jpg
[2011/06/22 16:54:04 | 002,527,183 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\SellSheet_JapanUSA.pdf
[2011/06/21 11:25:39 | 001,365,009 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\IMG-20110511-00002.jpg
[2011/06/17 16:08:58 | 001,067,600 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\Copper Cup Ad.pdf
[2011/06/01 22:41:06 | 000,010,823 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\cost increase spreadsheet.htm
[2011/05/25 15:59:16 | 000,000,000 | -H-- | C] () -- C:\Program Files\error.dat
[2011/03/28 14:43:29 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7040.dat
[2010/12/19 16:16:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/28 15:05:48 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/06/23 21:15:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\VPN.dll
[2010/06/10 18:30:30 | 000,004,096 | -H-- | C] () -- C:\Users\fredrickannie\AppData\Local\keyfile3.drm
[2010/05/29 22:58:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/05/29 22:56:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/05/20 12:19:57 | 000,000,103 | ---- | C] () -- C:\Windows\System32\hptrace.ini
[2010/05/20 12:19:22 | 000,017,774 | ---- | C] () -- C:\Windows\hplj1010.ini
[2010/05/04 11:44:08 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7840W.DAT
[2010/04/13 22:20:48 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/04/13 22:20:43 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM08A.DAT
[2010/04/13 22:20:02 | 000,000,074 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/01/25 13:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/04/16 14:21:25 | 000,000,101 | -H-- | C] () -- C:\Users\fredrickannie\AppData\Local\fusioncache.dat
[2009/02/26 13:39:18 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008/12/11 22:16:06 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hpzids01.dll
[2008/10/07 12:15:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/02 16:11:31 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/08/02 16:04:41 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2008/08/02 16:04:40 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2008/07/29 18:31:35 | 000,000,272 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2008/07/29 18:31:35 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2008/07/29 18:23:42 | 000,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2008/07/29 18:23:40 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008/07/29 18:18:40 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2008/06/10 19:11:27 | 000,005,972 | -H-- | C] () -- C:\Users\fredrickannie\AppData\Local\d3d9caps.dat
[2008/05/04 02:01:39 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2008/03/04 14:08:37 | 000,008,130 | -H-- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/01/13 20:35:05 | 000,000,338 | -H-- | C] () -- C:\Users\fredrickannie\AppData\Roaming\wklnhst.dat
[2008/01/07 21:26:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/02 22:52:17 | 000,023,116 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/12/23 17:15:44 | 000,027,648 | -H-- | C] () -- C:\Users\fredrickannie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/21 00:15:24 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/12/20 23:00:00 | 000,025,736 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2007/08/16 05:12:14 | 000,103,437 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/03/30 06:27:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/03/30 05:55:46 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,459,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,634,088 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,117,244 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/07/17 12:11:36 | 000,667,280 | ---- | C] () -- C:\Windows\System32\tx12.dll
[2006/02/09 03:20:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2005/05/07 06:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/05/17 12:02:39 | 000,000,000 | -H-D | M] -- C:\Users\fredrickannie\AppData\Roaming\Blackberry Desktop
[2010/04/17 19:00:25 | 000,000,000 | -H-D | M] -- C:\Users\fredrickannie\AppData\Roaming\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2010/11/18 20:20:01 | 000,000,000 | -H-D | M] -- C:\Users\fredrickannie\AppData\Roaming\FileZilla
[2008/12/04 16:53:09 | 000,000,000 | -H-D | M] -- C:\Users\fredrickannie\AppData\Roaming\funkitron
[2008/12/07 01:09:04 | 000,000,000 | -H-D | M] -- C:\Users\fredrickannie\AppData\Roaming\Laplink
[2011/02/23 17:56:52 | 000,000,000 | -H-D | M] -- C:\Users\fredrickannie\AppData\Roaming\Leadertech
[2008/04/28 02:34:43 | 000,000,000 | -H-D | M] -- C:\Users\fredrickannie\AppData\Roaming\MusicNet
[2011/05/02 17:57:40 | 000,000,000 | -H-D | M] -- C:\Users\fredrickannie\AppData\Roaming\Research In Motion
[2008/08/20 02:04:45 | 000,000,000 | -H-D | M] -- C:\Users\fredrickannie\AppData\Roaming\ScanSoft
[2011/02/24 15:57:53 | 000,000,000 | -H-D | M] -- C:\Users\fredrickannie\AppData\Roaming\Seagate
[2007/12/20 22:53:52 | 000,000,000 | -H-D | M] -- C:\Users\fredrickannie\AppData\Roaming\Sierra Wireless
[2008/01/13 20:35:07 | 000,000,000 | -H-D | M] -- C:\Users\fredrickannie\AppData\Roaming\Template
[2008/01/15 01:04:10 | 000,000,000 | -H-D | M] -- C:\Users\fredrickannie\AppData\Roaming\WildTangent
[2011/06/28 11:09:40 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/28 12:20:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{037D1BCB-C5FC-477A-B001-9C1B9DA63194}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:89D63297

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 28 June 2011 - 04:25 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************
:Services
RoxLiveShare9
LiveUpdate Notice Ex
CAATT

:OTL
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [On_Demand | Stopped] -- -- (CAATT)
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
[2010/04/29 15:09:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - File not found
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0e7f0de0-b003-11dc-8a3c-00a0d5ffffa1}\Shell\AutoRun\command - "" = F:\EasyTransferCable.exe
O33 - MountPoints2\{100deaa0-5ed0-11df-a7ab-ba87032ce9dc}\Shell - "" = AutoRun
O33 - MountPoints2\{100deaa0-5ed0-11df-a7ab-ba87032ce9dc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{17a1c2f5-1491-11dd-aa18-8dbfbde4aeac}\Shell - "" = AutoRun
O33 - MountPoints2\{17a1c2f5-1491-11dd-aa18-8dbfbde4aeac}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{70f77515-b51c-11dd-9819-9a66de138778}\Shell - "" = AutoRun
O33 - MountPoints2\{70f77515-b51c-11dd-9819-9a66de138778}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{a2175eb6-cceb-11dd-bca5-a400fbc05bee}\Shell - "" = AutoRun
O33 - MountPoints2\{a2175eb6-cceb-11dd-bca5-a400fbc05bee}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{a86e5e18-af2f-11dc-810b-001cbf3b90d5}\Shell - "" = AutoRun
O33 - MountPoints2\{a86e5e18-af2f-11dc-810b-001cbf3b90d5}\Shell\AutoRun\command - "" = F:\setup.exe
[2011/06/27 22:11:06 | 000,000,000 | -H-D | C] -- C:\Users\fredrickannie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Repair
[2011/06/27 22:02:39 | 000,465,408 | -H-- | C] (eSafe) -- C:\ProgramData\JoKAkqVcGyedlHU.exe
[2011/06/27 22:11:08 | 000,000,248 | -H-- | M] () -- C:\ProgramData\~54124008
[2011/06/27 22:11:07 | 000,000,591 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\Windows Vista Repair.lnk
[2011/06/27 22:11:07 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~54124008r
[2011/06/27 22:10:55 | 000,000,344 | -H-- | M] () -- C:\ProgramData\54124008
[2011/06/27 22:10:44 | 000,411,136 | -H-- | M] () -- C:\ProgramData\54124008.exe

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Commands
[purity]
[emptytemp]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image


Ron
  • 0

#3
jmf1234
Posted 29 June 2011 - 10:58 AM

jmf1234

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks Ron! My files and programs are back! Here are the logs:

OTL:
OTL logfile created on: 6/28/2011 10:53:00 PM - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\fredrickannie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.38% Memory free
4.21 Gb Paging File | 3.06 Gb Available in Paging File | 72.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.69 Gb Total Space | 183.78 Gb Free Space | 81.79% Space Free | Partition Type: NTFS
Drive D: | 8.20 Gb Total Space | 1.62 Gb Free Space | 19.78% Space Free | Partition Type: NTFS

Computer Name: JASONSCOMPUTER | User Name: fredrickannie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/28 12:14:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\fredrickannie\Desktop\OTL.exe
PRC - [2011/06/27 09:39:19 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/06/28 13:59:47 | 000,043,912 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2010/05/18 08:57:06 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/04/30 08:47:00 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/02/12 08:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 08:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2011/06/28 12:14:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\fredrickannie\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (All) ==========

SRV - [2011/03/02 09:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2011/02/22 07:33:09 | 000,797,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2011/01/25 16:08:04 | 000,820,008 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2011/01/05 12:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/11/04 12:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/10/07 13:23:00 | 000,345,376 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2010/09/06 10:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/08/17 08:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2010/06/28 13:59:47 | 000,043,912 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2010/05/18 08:57:06 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/04/30 08:47:00 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2009/10/09 15:56:18 | 001,181,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WsmSvc.dll -- (WinRM) Windows Remote Management (WS-Management)
SRV - [2009/10/09 15:55:52 | 000,146,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wecsvc.dll -- (Wecsvc)
SRV - [2009/09/30 19:01:54 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wpdbusenum.dll -- (WPDBusEnum)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/08/24 05:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/08/06 20:23:45 | 001,929,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/11 13:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/07/10 05:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/07/10 05:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/06/15 06:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/06/15 06:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/06/15 06:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (Netlogon)
SRV - [2009/06/15 06:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/06/10 05:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
SRV - [2009/04/10 23:28:28 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2009/04/10 23:28:26 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/10 23:28:26 | 000,558,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sysmain.dll -- (SysMain)
SRV - [2009/04/10 23:28:26 | 000,550,400 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
SRV - [2009/04/10 23:28:26 | 000,550,400 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/10 23:28:26 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2009/04/10 23:28:26 | 000,449,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\termsrv.dll -- (TermService)
SRV - [2009/04/10 23:28:26 | 000,413,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wcncsvc.dll -- (wcncsvc)
SRV - [2009/04/10 23:28:26 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/04/10 23:28:26 | 000,282,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\w32time.dll -- (W32Time)
SRV - [2009/04/10 23:28:26 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/10 23:28:26 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/04/10 23:28:26 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2009/04/10 23:28:26 | 000,199,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\WebClnt.dll -- (WebClient)
SRV - [2009/04/10 23:28:26 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2009/04/10 23:28:26 | 000,140,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wpcsvc.dll -- (WPCSvc)
SRV - [2009/04/10 23:28:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wersvc.dll -- (WerSvc)
SRV - [2009/04/10 23:28:26 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\regsvc.dll -- (RemoteRegistry)
SRV - [2009/04/10 23:28:26 | 000,095,232 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr)
SRV - [2009/04/10 23:28:26 | 000,060,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SLUINotify.dll -- (SLUINotify)
SRV - [2009/04/10 23:28:26 | 000,029,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\uxsms.dll -- (UxSms)
SRV - [2009/04/10 23:28:24 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/10 23:28:24 | 000,644,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (PNRPsvc)
SRV - [2009/04/10 23:28:24 | 000,644,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (PNRPAutoReg)
SRV - [2009/04/10 23:28:24 | 000,644,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (p2psvc)
SRV - [2009/04/10 23:28:24 | 000,644,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (p2pimsvc)
SRV - [2009/04/10 23:28:24 | 000,302,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\QAGENTRT.DLL -- (napagent)
SRV - [2009/04/10 23:28:24 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/10 23:28:22 | 000,438,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IKEEXT.DLL -- (IKEEXT)
SRV - [2009/04/10 23:28:22 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/10 23:28:22 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2009/04/10 23:28:22 | 000,199,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iphlpsvc.dll -- (iphlpsvc)
SRV - [2009/04/10 23:28:20 | 000,576,512 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\gpsvc.dll -- (gpsvc)
SRV - [2009/04/10 23:28:20 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2009/04/10 23:28:20 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2009/04/10 23:28:20 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/10 23:28:20 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2009/04/10 23:28:20 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2009/04/10 23:28:20 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/10 23:28:20 | 000,175,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/04/10 23:28:20 | 000,129,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/10 23:28:20 | 000,040,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bthserv.dll -- (BthServ)
SRV - [2009/04/10 23:28:20 | 000,040,448 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\certprop.dll -- (SCPolicySvc)
SRV - [2009/04/10 23:28:20 | 000,040,448 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\certprop.dll -- (CertPropSvc)
SRV - [2009/04/10 23:28:20 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/04/10 23:28:16 | 000,137,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbem\WmiApSrv.exe -- (wmiApSrv)
SRV - [2009/04/10 23:28:12 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/10 23:28:10 | 000,385,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\vds.exe -- (vds)
SRV - [2009/04/10 23:28:08 | 000,039,424 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller)
SRV - [2009/04/10 23:28:00 | 000,441,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SearchIndexer.exe -- (WSearch)
SRV - [2009/04/10 23:27:50 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2009/04/10 23:27:46 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/10 23:27:32 | 002,092,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dfsr.exe -- (DFSR)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/29 21:42:12 | 000,031,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2009/02/18 11:39:22 | 000,043,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/02/18 11:38:44 | 000,879,448 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/02/18 11:38:44 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/10/14 18:35:19 | 000,168,432 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/09 07:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/07/18 13:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 13:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 01:37:12 | 000,055,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\WUDFSvc.dll -- (wudfsvc)
SRV - [2008/01/19 01:36:52 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wercplsupport.dll -- (wercplsupport)
SRV - [2008/01/19 01:36:50 | 000,073,728 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\wdi.dll -- (WdiSystemHost)
SRV - [2008/01/19 01:36:50 | 000,073,728 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\wdi.dll -- (WdiServiceHost)
SRV - [2008/01/19 01:36:46 | 000,259,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\upnphost.dll -- (upnphost)
SRV - [2008/01/19 01:36:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\trkwks.dll -- (TrkWks)
SRV - [2008/01/19 01:36:39 | 000,056,320 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\tbssvc.dll -- (TBS)
SRV - [2008/01/19 01:36:36 | 000,155,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/01/19 01:36:36 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sstpsvc.dll -- (SstpSvc)
SRV - [2008/01/19 01:36:21 | 000,084,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SessEnv.dll -- (SessionEnv)
SRV - [2008/01/19 01:36:21 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\Sens.dll -- (SENS)
SRV - [2008/01/19 01:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 01:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2008/01/19 01:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2008/01/19 01:36:14 | 000,243,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qwave.dll -- (QWAVE)
SRV - [2008/01/19 01:36:06 | 001,502,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pla.dll -- (pla)
SRV - [2008/01/19 01:36:03 | 000,037,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\pcasvc.dll -- (PcaSvc)
SRV - [2008/01/19 01:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2008/01/19 01:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 01:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/19 01:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 01:34:56 | 000,344,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\msdtckrm.dll -- (KtmRm)
SRV - [2008/01/19 01:34:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008/01/19 01:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\mmcss.dll -- (THREADORDER)
SRV - [2008/01/19 01:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 01:34:44 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2008/01/19 01:34:42 | 000,188,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lltdsvc.dll -- (lltdsvc)
SRV - [2008/01/19 01:34:36 | 000,068,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\KMSVC.DLL -- (hkmsvc)
SRV - [2008/01/19 01:34:35 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\iscsiexe.dll -- (MSiSCSI)
SRV - [2008/01/19 01:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess) Internet Connection Sharing (ICS)
SRV - [2008/01/19 01:34:34 | 000,074,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPBusEnum.dll -- (IPBusEnum)
SRV - [2008/01/19 01:34:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\fdPHost.dll -- (fdPHost)
SRV - [2008/01/19 01:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2008/01/19 01:34:06 | 000,134,656 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\dps.dll -- (DPS)
SRV - [2008/01/19 01:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2008/01/19 01:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 01:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/19 01:33:33 | 000,035,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect)
SRV - [2008/01/19 01:33:16 | 000,105,984 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\msdtc.exe -- (MSDTC)
SRV - [2008/01/19 01:33:09 | 000,292,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2008/01/19 01:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/04/23 19:11:44 | 000,106,593 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/23 19:11:42 | 000,262,243 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/02/12 08:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/12/14 18:49:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/28 10:44:58 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Disabled | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006/11/02 06:35:29 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 06:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 06:35:24 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\TabSvc.dll -- (TabletInputService)
SRV - [2006/11/02 03:46:13 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WcsPlugInService.dll -- (WcsPlugInService)
SRV - [2006/11/02 03:46:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lmhsvc.dll -- (lmhosts)
SRV - [2006/11/02 03:46:04 | 000,027,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FDResPub.dll -- (FDResPub)
SRV - [2006/11/02 03:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2006/11/02 03:45:46 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP)
SRV - [2006/11/02 03:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2006/11/02 03:45:02 | 000,007,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dllhost.exe -- (COMSysApp)
SRV - [2006/05/02 15:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/04/10 21:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/12/29 05:54:07 | 000,025,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/09/05 16:26:38 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/07/09 15:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007/06/27 11:42:34 | 000,073,856 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
DRV - [2007/06/27 11:41:48 | 000,101,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
DRV - [2007/06/26 14:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007/04/30 13:59:30 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/04/18 06:03:26 | 000,141,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/04/05 16:04:16 | 000,017,920 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/03/30 14:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007/03/21 16:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/01 06:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/02/24 08:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 20:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2007/01/23 10:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/06 18:33:54 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2006/11/30 11:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/28 10:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 01:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/04/04 15:20:37 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www3.mymicros-es.net/login.jsp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://email.secure...n.php?logout=1"

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 09:39:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 12:28:36 | 000,000,000 | ---D | M]

[2009/02/09 19:54:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\fredrickannie\AppData\Roaming\mozilla\Extensions
[2011/06/27 11:20:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\fredrickannie\AppData\Roaming\mozilla\Firefox\Profiles\ht2hxx82.default\extensions
[2009/09/26 14:02:32 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\fredrickannie\AppData\Roaming\mozilla\Firefox\Profiles\ht2hxx82.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/06/27 11:20:35 | 000,000,000 | -H-D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\fredrickannie\AppData\Roaming\mozilla\Firefox\Profiles\ht2hxx82.default\extensions\[email protected]
[2011/06/28 16:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/19 16:15:30 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011/05/11 22:43:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/27 09:39:20 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/09 12:28:30 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2007/07/26 13:05:16 | 000,001,329 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - C:\Program Files\ScanSoft\PDF Converter 4\cnvres_eng.dll ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.130.255.3 209.63.0.6
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\fredrickannie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\fredrickannie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/16 05:22:04 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/28 16:34:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/28 14:14:46 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/28 14:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/28 14:14:42 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/28 14:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/28 14:14:09 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\fredrickannie\Desktop\mbam-setup.exe
[2011/06/28 12:14:54 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\fredrickannie\Desktop\OTL.exe
[2011/06/23 09:11:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/16 15:10:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/16 15:10:50 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/16 15:10:49 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/06/16 15:10:49 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/06/16 15:10:49 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/16 15:10:48 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/16 15:10:48 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/16 15:10:48 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/16 15:10:48 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/06/16 15:10:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/06/16 15:10:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/06/16 15:10:48 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/06/16 15:10:48 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/16 15:10:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/16 15:10:47 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/06/16 15:10:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/06/16 15:10:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/06/09 18:06:34 | 000,000,000 | -H-D | C] -- C:\Users\fredrickannie\Desktop\rendohouse_emailready
[2011/06/01 22:41:06 | 000,000,000 | -H-D | C] -- C:\Users\fredrickannie\Desktop\cost increase spreadsheet_files

========== Files - Modified Within 30 Days ==========

[2011/06/28 22:55:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{037D1BCB-C5FC-477A-B001-9C1B9DA63194}.job
[2011/06/28 22:46:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/28 16:41:52 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/06/28 16:41:31 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/06/28 16:41:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/28 16:41:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/28 16:40:15 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/28 14:36:50 | 1306,346,496 | ---- | M] () -- C:\Windows\outlook (3).pst
[2011/06/28 14:14:17 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\fredrickannie\Desktop\mbam-setup.exe
[2011/06/28 13:04:20 | 000,638,230 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/28 13:04:20 | 000,119,188 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/28 12:14:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\fredrickannie\Desktop\OTL.exe
[2011/06/27 22:58:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\Kodak AiO Scheduled Maintenance.job
[2011/06/24 11:58:16 | 001,532,565 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00052.jpg
[2011/06/24 11:57:40 | 001,492,321 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00051.jpg
[2011/06/24 11:57:34 | 001,436,129 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00050.jpg
[2011/06/24 11:57:24 | 001,311,430 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00049.jpg
[2011/06/24 11:57:20 | 001,573,377 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00048.jpg
[2011/06/24 11:57:12 | 001,701,325 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00047.jpg
[2011/06/24 10:53:45 | 000,082,966 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\Mikado Rent Counter Proposal 8-12-10.pdf
[2011/06/23 23:47:12 | 001,532,214 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110622-00042.jpg
[2011/06/23 23:47:02 | 001,506,709 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\IMG-20110622-00041.jpg
[2011/06/23 12:56:18 | 000,888,377 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110623-00046.jpg
[2011/06/23 12:55:06 | 001,586,826 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110623-00044.jpg
[2011/06/23 12:54:54 | 001,674,705 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110623-00043.jpg
[2011/06/23 08:57:18 | 215,349,527 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/22 16:54:04 | 002,527,183 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\SellSheet_JapanUSA.pdf
[2011/06/17 16:08:33 | 001,067,600 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\Copper Cup Ad.pdf
[2011/06/17 14:33:52 | 000,000,938 | -H-- | M] () -- C:\Users\fredrickannie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/15 23:50:01 | 000,027,648 | -H-- | M] () -- C:\Users\fredrickannie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/13 14:12:53 | 000,010,823 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\cost increase spreadsheet.htm

========== Files Created - No Company Name ==========

[2011/06/28 16:34:46 | 000,001,748 | -H-- | C] () -- C:\Users\fredrickannie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/28 16:34:46 | 000,000,943 | -H-- | C] () -- C:\Users\fredrickannie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/28 16:34:46 | 000,000,938 | -H-- | C] () -- C:\Users\fredrickannie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/28 16:34:46 | 000,000,258 | -H-- | C] () -- C:\Users\fredrickannie\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/06/28 16:34:46 | 000,000,240 | -H-- | C] () -- C:\Users\fredrickannie\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/06/27 18:20:00 | 001,701,325 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00047.jpg
[2011/06/27 18:20:00 | 001,573,377 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00048.jpg
[2011/06/27 18:20:00 | 001,532,565 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00052.jpg
[2011/06/27 18:20:00 | 001,492,321 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00051.jpg
[2011/06/27 18:20:00 | 001,436,129 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00050.jpg
[2011/06/27 18:20:00 | 001,311,430 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00049.jpg
[2011/06/24 10:53:45 | 000,082,966 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\Mikado Rent Counter Proposal 8-12-10.pdf
[2011/06/23 13:14:14 | 000,888,377 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110623-00046.jpg
[2011/06/23 13:14:02 | 001,506,709 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\IMG-20110622-00041.jpg
[2011/06/23 13:13:58 | 001,532,214 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110622-00042.jpg
[2011/06/23 13:13:53 | 001,674,705 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110623-00043.jpg
[2011/06/23 13:13:42 | 001,586,826 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110623-00044.jpg
[2011/06/22 16:54:04 | 002,527,183 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\SellSheet_JapanUSA.pdf
[2011/06/21 11:25:39 | 001,365,009 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\IMG-20110511-00002.jpg
[2011/06/17 16:08:58 | 001,067,600 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\Copper Cup Ad.pdf
[2011/06/01 22:41:06 | 000,010,823 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\cost increase spreadsheet.htm
[2011/05/25 15:59:16 | 000,000,000 | -H-- | C] () -- C:\Program Files\error.dat
[2011/03/28 14:43:29 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7040.dat
[2010/12/19 16:16:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/28 15:05:48 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/06/23 21:15:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\VPN.dll
[2010/06/10 18:30:30 | 000,004,096 | -H-- | C] () -- C:\Users\fredrickannie\AppData\Local\keyfile3.drm
[2010/05/29 22:58:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/05/29 22:56:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/05/20 12:19:57 | 000,000,103 | ---- | C] () -- C:\Windows\System32\hptrace.ini
[2010/05/20 12:19:22 | 000,017,774 | ---- | C] () -- C:\Windows\hplj1010.ini
[2010/05/04 11:44:08 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7840W.DAT
[2010/04/13 22:20:48 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/04/13 22:20:43 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM08A.DAT
[2010/04/13 22:20:02 | 000,000,074 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/01/25 13:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/04/16 14:21:25 | 000,000,101 | -H-- | C] () -- C:\Users\fredrickannie\AppData\Local\fusioncache.dat
[2009/02/26 13:39:18 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008/12/11 22:16:06 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hpzids01.dll
[2008/10/07 12:15:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/02 16:11:31 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/08/02 16:04:41 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2008/08/02 16:04:40 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2008/07/29 18:31:35 | 000,000,272 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2008/07/29 18:31:35 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2008/07/29 18:23:42 | 000,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2008/07/29 18:23:40 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008/07/29 18:18:40 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2008/06/10 19:11:27 | 000,005,972 | -H-- | C] () -- C:\Users\fredrickannie\AppData\Local\d3d9caps.dat
[2008/05/04 02:01:39 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2008/03/04 14:08:37 | 000,008,130 | -H-- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/01/13 20:35:05 | 000,000,338 | -H-- | C] () -- C:\Users\fredrickannie\AppData\Roaming\wklnhst.dat
[2008/01/07 21:26:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/02 22:52:17 | 000,023,116 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/12/23 17:15:44 | 000,027,648 | -H-- | C] () -- C:\Users\fredrickannie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/21 00:15:24 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/12/20 23:00:00 | 000,025,736 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2007/08/16 05:12:14 | 000,103,437 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/03/30 06:27:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/03/30 05:55:46 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,459,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,638,230 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,119,188 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/07/17 12:11:36 | 000,667,280 | ---- | C] () -- C:\Windows\System32\tx12.dll
[2006/02/09 03:20:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2005/05/07 06:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:89D63297

< End of report >


OTL2:
OTL logfile created on: 6/28/2011 10:53:00 PM - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\fredrickannie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.38% Memory free
4.21 Gb Paging File | 3.06 Gb Available in Paging File | 72.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.69 Gb Total Space | 183.78 Gb Free Space | 81.79% Space Free | Partition Type: NTFS
Drive D: | 8.20 Gb Total Space | 1.62 Gb Free Space | 19.78% Space Free | Partition Type: NTFS

Computer Name: JASONSCOMPUTER | User Name: fredrickannie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/28 12:14:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\fredrickannie\Desktop\OTL.exe
PRC - [2011/06/27 09:39:19 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/06/28 13:59:47 | 000,043,912 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2010/05/18 08:57:06 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/04/30 08:47:00 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/02/12 08:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 08:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2011/06/28 12:14:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\fredrickannie\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (All) ==========

SRV - [2011/03/02 09:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2011/02/22 07:33:09 | 000,797,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2011/01/25 16:08:04 | 000,820,008 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2011/01/05 12:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/11/04 12:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/10/07 13:23:00 | 000,345,376 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2010/09/06 10:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/08/17 08:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2010/06/28 13:59:47 | 000,043,912 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2010/05/18 08:57:06 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/04/30 08:47:00 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2009/10/09 15:56:18 | 001,181,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WsmSvc.dll -- (WinRM) Windows Remote Management (WS-Management)
SRV - [2009/10/09 15:55:52 | 000,146,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wecsvc.dll -- (Wecsvc)
SRV - [2009/09/30 19:01:54 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wpdbusenum.dll -- (WPDBusEnum)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/08/24 05:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/08/06 20:23:45 | 001,929,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/11 13:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/07/10 05:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/07/10 05:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/06/15 06:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/06/15 06:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/06/15 06:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (Netlogon)
SRV - [2009/06/15 06:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/06/10 05:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
SRV - [2009/04/10 23:28:28 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2009/04/10 23:28:26 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/10 23:28:26 | 000,558,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sysmain.dll -- (SysMain)
SRV - [2009/04/10 23:28:26 | 000,550,400 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
SRV - [2009/04/10 23:28:26 | 000,550,400 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/10 23:28:26 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2009/04/10 23:28:26 | 000,449,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\termsrv.dll -- (TermService)
SRV - [2009/04/10 23:28:26 | 000,413,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wcncsvc.dll -- (wcncsvc)
SRV - [2009/04/10 23:28:26 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/04/10 23:28:26 | 000,282,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\w32time.dll -- (W32Time)
SRV - [2009/04/10 23:28:26 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/10 23:28:26 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/04/10 23:28:26 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2009/04/10 23:28:26 | 000,199,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\WebClnt.dll -- (WebClient)
SRV - [2009/04/10 23:28:26 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2009/04/10 23:28:26 | 000,140,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wpcsvc.dll -- (WPCSvc)
SRV - [2009/04/10 23:28:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wersvc.dll -- (WerSvc)
SRV - [2009/04/10 23:28:26 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\regsvc.dll -- (RemoteRegistry)
SRV - [2009/04/10 23:28:26 | 000,095,232 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr)
SRV - [2009/04/10 23:28:26 | 000,060,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SLUINotify.dll -- (SLUINotify)
SRV - [2009/04/10 23:28:26 | 000,029,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\uxsms.dll -- (UxSms)
SRV - [2009/04/10 23:28:24 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/10 23:28:24 | 000,644,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (PNRPsvc)
SRV - [2009/04/10 23:28:24 | 000,644,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (PNRPAutoReg)
SRV - [2009/04/10 23:28:24 | 000,644,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (p2psvc)
SRV - [2009/04/10 23:28:24 | 000,644,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (p2pimsvc)
SRV - [2009/04/10 23:28:24 | 000,302,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\QAGENTRT.DLL -- (napagent)
SRV - [2009/04/10 23:28:24 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/10 23:28:22 | 000,438,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IKEEXT.DLL -- (IKEEXT)
SRV - [2009/04/10 23:28:22 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/10 23:28:22 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2009/04/10 23:28:22 | 000,199,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iphlpsvc.dll -- (iphlpsvc)
SRV - [2009/04/10 23:28:20 | 000,576,512 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\gpsvc.dll -- (gpsvc)
SRV - [2009/04/10 23:28:20 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2009/04/10 23:28:20 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2009/04/10 23:28:20 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/10 23:28:20 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2009/04/10 23:28:20 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2009/04/10 23:28:20 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/10 23:28:20 | 000,175,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/04/10 23:28:20 | 000,129,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/10 23:28:20 | 000,040,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bthserv.dll -- (BthServ)
SRV - [2009/04/10 23:28:20 | 000,040,448 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\certprop.dll -- (SCPolicySvc)
SRV - [2009/04/10 23:28:20 | 000,040,448 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\certprop.dll -- (CertPropSvc)
SRV - [2009/04/10 23:28:20 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/04/10 23:28:16 | 000,137,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbem\WmiApSrv.exe -- (wmiApSrv)
SRV - [2009/04/10 23:28:12 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/10 23:28:10 | 000,385,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\vds.exe -- (vds)
SRV - [2009/04/10 23:28:08 | 000,039,424 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller)
SRV - [2009/04/10 23:28:00 | 000,441,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SearchIndexer.exe -- (WSearch)
SRV - [2009/04/10 23:27:50 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2009/04/10 23:27:46 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/10 23:27:32 | 002,092,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dfsr.exe -- (DFSR)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/29 21:42:12 | 000,031,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2009/02/18 11:39:22 | 000,043,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/02/18 11:38:44 | 000,879,448 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/02/18 11:38:44 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/10/14 18:35:19 | 000,168,432 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/09 07:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/07/18 13:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 13:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 01:37:12 | 000,055,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\WUDFSvc.dll -- (wudfsvc)
SRV - [2008/01/19 01:36:52 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wercplsupport.dll -- (wercplsupport)
SRV - [2008/01/19 01:36:50 | 000,073,728 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\wdi.dll -- (WdiSystemHost)
SRV - [2008/01/19 01:36:50 | 000,073,728 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\wdi.dll -- (WdiServiceHost)
SRV - [2008/01/19 01:36:46 | 000,259,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\upnphost.dll -- (upnphost)
SRV - [2008/01/19 01:36:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\trkwks.dll -- (TrkWks)
SRV - [2008/01/19 01:36:39 | 000,056,320 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\tbssvc.dll -- (TBS)
SRV - [2008/01/19 01:36:36 | 000,155,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/01/19 01:36:36 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sstpsvc.dll -- (SstpSvc)
SRV - [2008/01/19 01:36:21 | 000,084,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SessEnv.dll -- (SessionEnv)
SRV - [2008/01/19 01:36:21 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\Sens.dll -- (SENS)
SRV - [2008/01/19 01:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 01:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2008/01/19 01:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2008/01/19 01:36:14 | 000,243,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qwave.dll -- (QWAVE)
SRV - [2008/01/19 01:36:06 | 001,502,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pla.dll -- (pla)
SRV - [2008/01/19 01:36:03 | 000,037,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\pcasvc.dll -- (PcaSvc)
SRV - [2008/01/19 01:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2008/01/19 01:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 01:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/19 01:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 01:34:56 | 000,344,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\msdtckrm.dll -- (KtmRm)
SRV - [2008/01/19 01:34:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008/01/19 01:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\mmcss.dll -- (THREADORDER)
SRV - [2008/01/19 01:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 01:34:44 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2008/01/19 01:34:42 | 000,188,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lltdsvc.dll -- (lltdsvc)
SRV - [2008/01/19 01:34:36 | 000,068,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\KMSVC.DLL -- (hkmsvc)
SRV - [2008/01/19 01:34:35 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\iscsiexe.dll -- (MSiSCSI)
SRV - [2008/01/19 01:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess) Internet Connection Sharing (ICS)
SRV - [2008/01/19 01:34:34 | 000,074,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPBusEnum.dll -- (IPBusEnum)
SRV - [2008/01/19 01:34:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\fdPHost.dll -- (fdPHost)
SRV - [2008/01/19 01:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2008/01/19 01:34:06 | 000,134,656 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\dps.dll -- (DPS)
SRV - [2008/01/19 01:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2008/01/19 01:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 01:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/19 01:33:33 | 000,035,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect)
SRV - [2008/01/19 01:33:16 | 000,105,984 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\msdtc.exe -- (MSDTC)
SRV - [2008/01/19 01:33:09 | 000,292,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2008/01/19 01:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/04/23 19:11:44 | 000,106,593 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/23 19:11:42 | 000,262,243 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/02/12 08:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/12/14 18:49:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/28 10:44:58 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Disabled | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006/11/02 06:35:29 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 06:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 06:35:24 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\TabSvc.dll -- (TabletInputService)
SRV - [2006/11/02 03:46:13 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WcsPlugInService.dll -- (WcsPlugInService)
SRV - [2006/11/02 03:46:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lmhsvc.dll -- (lmhosts)
SRV - [2006/11/02 03:46:04 | 000,027,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FDResPub.dll -- (FDResPub)
SRV - [2006/11/02 03:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2006/11/02 03:45:46 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP)
SRV - [2006/11/02 03:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2006/11/02 03:45:02 | 000,007,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dllhost.exe -- (COMSysApp)
SRV - [2006/05/02 15:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/04/10 21:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/12/29 05:54:07 | 000,025,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/09/05 16:26:38 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/07/09 15:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007/06/27 11:42:34 | 000,073,856 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
DRV - [2007/06/27 11:41:48 | 000,101,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
DRV - [2007/06/26 14:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007/04/30 13:59:30 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/04/18 06:03:26 | 000,141,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/04/05 16:04:16 | 000,017,920 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/03/30 14:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007/03/21 16:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/01 06:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/02/24 08:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 20:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2007/01/23 10:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/06 18:33:54 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2006/11/30 11:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/28 10:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 01:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/04/04 15:20:37 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www3.mymicros-es.net/login.jsp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://email.secure...n.php?logout=1"

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 09:39:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 12:28:36 | 000,000,000 | ---D | M]

[2009/02/09 19:54:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\fredrickannie\AppData\Roaming\mozilla\Extensions
[2011/06/27 11:20:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\fredrickannie\AppData\Roaming\mozilla\Firefox\Profiles\ht2hxx82.default\extensions
[2009/09/26 14:02:32 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\fredrickannie\AppData\Roaming\mozilla\Firefox\Profiles\ht2hxx82.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/06/27 11:20:35 | 000,000,000 | -H-D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\fredrickannie\AppData\Roaming\mozilla\Firefox\Profiles\ht2hxx82.default\extensions\[email protected]
[2011/06/28 16:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/19 16:15:30 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011/05/11 22:43:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/27 09:39:20 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/09 12:28:30 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2007/07/26 13:05:16 | 000,001,329 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - C:\Program Files\ScanSoft\PDF Converter 4\cnvres_eng.dll ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.130.255.3 209.63.0.6
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\fredrickannie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\fredrickannie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/16 05:22:04 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/28 16:34:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/28 14:14:46 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/28 14:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/28 14:14:42 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/28 14:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/28 14:14:09 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\fredrickannie\Desktop\mbam-setup.exe
[2011/06/28 12:14:54 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\fredrickannie\Desktop\OTL.exe
[2011/06/23 09:11:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/16 15:10:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/16 15:10:50 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/16 15:10:49 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/06/16 15:10:49 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/06/16 15:10:49 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/16 15:10:48 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/16 15:10:48 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/16 15:10:48 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/16 15:10:48 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/06/16 15:10:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/06/16 15:10:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/06/16 15:10:48 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/06/16 15:10:48 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/16 15:10:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/16 15:10:47 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/06/16 15:10:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/06/16 15:10:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/06/09 18:06:34 | 000,000,000 | -H-D | C] -- C:\Users\fredrickannie\Desktop\rendohouse_emailready
[2011/06/01 22:41:06 | 000,000,000 | -H-D | C] -- C:\Users\fredrickannie\Desktop\cost increase spreadsheet_files

========== Files - Modified Within 30 Days ==========

[2011/06/28 22:55:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{037D1BCB-C5FC-477A-B001-9C1B9DA63194}.job
[2011/06/28 22:46:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/28 16:41:52 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/06/28 16:41:31 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/06/28 16:41:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/28 16:41:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/28 16:40:15 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/28 14:36:50 | 1306,346,496 | ---- | M] () -- C:\Windows\outlook (3).pst
[2011/06/28 14:14:17 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\fredrickannie\Desktop\mbam-setup.exe
[2011/06/28 13:04:20 | 000,638,230 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/28 13:04:20 | 000,119,188 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/28 12:14:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\fredrickannie\Desktop\OTL.exe
[2011/06/27 22:58:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\Kodak AiO Scheduled Maintenance.job
[2011/06/24 11:58:16 | 001,532,565 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00052.jpg
[2011/06/24 11:57:40 | 001,492,321 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00051.jpg
[2011/06/24 11:57:34 | 001,436,129 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00050.jpg
[2011/06/24 11:57:24 | 001,311,430 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00049.jpg
[2011/06/24 11:57:20 | 001,573,377 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00048.jpg
[2011/06/24 11:57:12 | 001,701,325 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00047.jpg
[2011/06/24 10:53:45 | 000,082,966 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\Mikado Rent Counter Proposal 8-12-10.pdf
[2011/06/23 23:47:12 | 001,532,214 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110622-00042.jpg
[2011/06/23 23:47:02 | 001,506,709 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\IMG-20110622-00041.jpg
[2011/06/23 12:56:18 | 000,888,377 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110623-00046.jpg
[2011/06/23 12:55:06 | 001,586,826 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110623-00044.jpg
[2011/06/23 12:54:54 | 001,674,705 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110623-00043.jpg
[2011/06/23 08:57:18 | 215,349,527 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/22 16:54:04 | 002,527,183 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\SellSheet_JapanUSA.pdf
[2011/06/17 16:08:33 | 001,067,600 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\Copper Cup Ad.pdf
[2011/06/17 14:33:52 | 000,000,938 | -H-- | M] () -- C:\Users\fredrickannie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/15 23:50:01 | 000,027,648 | -H-- | M] () -- C:\Users\fredrickannie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/13 14:12:53 | 000,010,823 | -H-- | M] () -- C:\Users\fredrickannie\Desktop\cost increase spreadsheet.htm

========== Files Created - No Company Name ==========

[2011/06/28 16:34:46 | 000,001,748 | -H-- | C] () -- C:\Users\fredrickannie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/28 16:34:46 | 000,000,943 | -H-- | C] () -- C:\Users\fredrickannie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/28 16:34:46 | 000,000,938 | -H-- | C] () -- C:\Users\fredrickannie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/28 16:34:46 | 000,000,258 | -H-- | C] () -- C:\Users\fredrickannie\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/06/28 16:34:46 | 000,000,240 | -H-- | C] () -- C:\Users\fredrickannie\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/06/27 18:20:00 | 001,701,325 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00047.jpg
[2011/06/27 18:20:00 | 001,573,377 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00048.jpg
[2011/06/27 18:20:00 | 001,532,565 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00052.jpg
[2011/06/27 18:20:00 | 001,492,321 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00051.jpg
[2011/06/27 18:20:00 | 001,436,129 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00050.jpg
[2011/06/27 18:20:00 | 001,311,430 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\South Davis-20110624-00049.jpg
[2011/06/24 10:53:45 | 000,082,966 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\Mikado Rent Counter Proposal 8-12-10.pdf
[2011/06/23 13:14:14 | 000,888,377 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110623-00046.jpg
[2011/06/23 13:14:02 | 001,506,709 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\IMG-20110622-00041.jpg
[2011/06/23 13:13:58 | 001,532,214 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110622-00042.jpg
[2011/06/23 13:13:53 | 001,674,705 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110623-00043.jpg
[2011/06/23 13:13:42 | 001,586,826 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\Salt Lake City-20110623-00044.jpg
[2011/06/22 16:54:04 | 002,527,183 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\SellSheet_JapanUSA.pdf
[2011/06/21 11:25:39 | 001,365,009 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\IMG-20110511-00002.jpg
[2011/06/17 16:08:58 | 001,067,600 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\Copper Cup Ad.pdf
[2011/06/01 22:41:06 | 000,010,823 | -H-- | C] () -- C:\Users\fredrickannie\Desktop\cost increase spreadsheet.htm
[2011/05/25 15:59:16 | 000,000,000 | -H-- | C] () -- C:\Program Files\error.dat
[2011/03/28 14:43:29 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7040.dat
[2010/12/19 16:16:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/28 15:05:48 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/06/23 21:15:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\VPN.dll
[2010/06/10 18:30:30 | 000,004,096 | -H-- | C] () -- C:\Users\fredrickannie\AppData\Local\keyfile3.drm
[2010/05/29 22:58:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/05/29 22:56:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/05/20 12:19:57 | 000,000,103 | ---- | C] () -- C:\Windows\System32\hptrace.ini
[2010/05/20 12:19:22 | 000,017,774 | ---- | C] () -- C:\Windows\hplj1010.ini
[2010/05/04 11:44:08 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7840W.DAT
[2010/04/13 22:20:48 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/04/13 22:20:43 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM08A.DAT
[2010/04/13 22:20:02 | 000,000,074 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/01/25 13:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/04/16 14:21:25 | 000,000,101 | -H-- | C] () -- C:\Users\fredrickannie\AppData\Local\fusioncache.dat
[2009/02/26 13:39:18 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008/12/11 22:16:06 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hpzids01.dll
[2008/10/07 12:15:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/02 16:11:31 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/08/02 16:04:41 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2008/08/02 16:04:40 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2008/07/29 18:31:35 | 000,000,272 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2008/07/29 18:31:35 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2008/07/29 18:23:42 | 000,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2008/07/29 18:23:40 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008/07/29 18:18:40 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2008/06/10 19:11:27 | 000,005,972 | -H-- | C] () -- C:\Users\fredrickannie\AppData\Local\d3d9caps.dat
[2008/05/04 02:01:39 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2008/03/04 14:08:37 | 000,008,130 | -H-- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/01/13 20:35:05 | 000,000,338 | -H-- | C] () -- C:\Users\fredrickannie\AppData\Roaming\wklnhst.dat
[2008/01/07 21:26:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/02 22:52:17 | 000,023,116 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/12/23 17:15:44 | 000,027,648 | -H-- | C] () -- C:\Users\fredrickannie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/21 00:15:24 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/12/20 23:00:00 | 000,025,736 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2007/08/16 05:12:14 | 000,103,437 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/03/30 06:27:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/03/30 05:55:46 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,459,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,638,230 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,119,188 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/07/17 12:11:36 | 000,667,280 | ---- | C] () -- C:\Windows\System32\tx12.dll
[2006/02/09 03:20:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2005/05/07 06:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:89D63297

< End of report >

Malware Bytes Log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6970

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

6/28/2011 11:05:00 PM
mbam-log-2011-06-28 (23-05-00).txt

Scan type: Quick scan
Objects scanned: 174080
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



ComboFIx Log:

ComboFix 11-06-29.04 - fredrickannie 06/29/2011 10:15:04.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1061 [GMT -6:00]
Running from: c:\users\fredrickannie\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\ntuser.dat
C:\Thumbs.db
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-29 )))))))))))))))))))))))))))))))
.
.
2011-06-29 16:25 . 2011-06-29 16:25 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-06-29 16:25 . 2011-06-29 16:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-29 16:11 . 2011-06-29 16:12 -------- d-----w- C:\32788R22FWJFW
2011-06-28 22:34 . 2011-06-28 22:34 -------- d-----w- C:\_OTL
2011-06-28 20:14 . 2011-05-29 15:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-28 20:14 . 2011-06-28 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-28 20:14 . 2011-05-29 15:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-28 17:34 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B37A6B6-E7DD-4640-BB07-91FCD157E2A0}\mpengine.dll
2011-06-27 15:39 . 2011-06-27 15:39 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-27 15:39 . 2011-06-27 15:39 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-16 21:11 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 21:11 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 21:11 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 21:11 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 01:14 . 2011-05-12 03:40 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-27 15:39 . 2011-05-09 18:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-03 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-03 133656]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Web Connector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk
backup=c:\windows\pss\QuickBooks Web Connector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 21:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 14:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-02-10 17:03 745472 ------r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]
2009-04-14 18:52 86016 ----a-w- c:\program files\ClamWin\bin\ClamTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-10-30 21:05 77824 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 13:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-12 01:01 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2010-01-27 05:04 1337608 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-08-30 17:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2007-08-30 17:50 205480 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 11:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 22:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-12 01:03 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF4 Registry Controller]
2006-12-19 09:12 46632 ----a-w- c:\program files\ScanSoft\PDF Converter 4\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 15:01 328992 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanSoft PDF Converter 4-reminder]
2006-11-16 18:01 35368 ----a-w- c:\program files\ScanSoft\PDF Converter 4\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2010-04-30 14:47 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 16:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-30 00:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 16:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2007-09-05 19456]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-07-09 95744]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-06-26 51968]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-04-05 17920]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-24 7680]
R3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\DRIVERS\swnc8u56.sys [2007-06-27 101248]
R3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\DRIVERS\swumx56.sys [2007-06-27 73856]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-06-28 43912]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-04-30 14088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-29 c:\windows\Tasks\User_Feed_Synchronization-{037D1BCB-C5FC-477A-B001-9C1B9DA63194}.job
- c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www3.mymicros-es.net/login.jsp
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 68.87.85.102 68.87.69.150
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\fredrickannie\AppData\Roaming\Mozilla\Firefox\Profiles\ht2hxx82.default\
FF - prefs.js: browser.startup.homepage - hxxps://email.secureserver.net/login.php?logout=1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
MSConfigStartUp-JoKAkqVcGyedlHU - c:\programdata\JoKAkqVcGyedlHU.exe
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
MSConfigStartUp-SpywareTerminator - c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-29 10:25
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,cb,1c,02,05,ea,dd,42,8e,cb,e1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,cb,1c,02,05,ea,dd,42,8e,cb,e1,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-06-29 10:34:06
ComboFix-quarantined-files.txt 2011-06-29 16:34
.
Pre-Run: 197,157,834,752 bytes free
Post-Run: 196,589,596,672 bytes free
.
- - End Of File - - C1C93283EC38D909A4BBBA5DD7467773




Tdsskiller Log:

2011/06/29 10:42:46.0698 5084 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/06/29 10:42:47.0194 5084 ================================================================================
2011/06/29 10:42:47.0194 5084 SystemInfo:
2011/06/29 10:42:47.0194 5084
2011/06/29 10:42:47.0194 5084 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/29 10:42:47.0194 5084 Product type: Workstation
2011/06/29 10:42:47.0194 5084 ComputerName: JASONSCOMPUTER
2011/06/29 10:42:47.0195 5084 UserName: fredrickannie
2011/06/29 10:42:47.0195 5084 Windows directory: C:\Windows
2011/06/29 10:42:47.0195 5084 System windows directory: C:\Windows
2011/06/29 10:42:47.0195 5084 Processor architecture: Intel x86
2011/06/29 10:42:47.0195 5084 Number of processors: 2
2011/06/29 10:42:47.0195 5084 Page size: 0x1000
2011/06/29 10:42:47.0195 5084 Boot type: Normal boot
2011/06/29 10:42:47.0195 5084 ================================================================================
2011/06/29 10:42:48.0113 5084 Initialize success
2011/06/29 10:42:52.0409 3452 ================================================================================
2011/06/29 10:42:52.0409 3452 Scan started
2011/06/29 10:42:52.0409 3452 Mode: Manual;
2011/06/29 10:42:52.0409 3452 ================================================================================
2011/06/29 10:42:53.0448 3452 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/29 10:42:53.0666 3452 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/29 10:42:53.0731 3452 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/29 10:42:53.0974 3452 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/29 10:42:54.0199 3452 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/29 10:42:54.0305 3452 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/06/29 10:42:54.0415 3452 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/29 10:42:54.0481 3452 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/29 10:42:54.0538 3452 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/29 10:42:54.0594 3452 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/29 10:42:54.0629 3452 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/29 10:42:54.0731 3452 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/29 10:42:54.0836 3452 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/29 10:42:54.0949 3452 ApfiltrService (b49a709f65bf3beaa2b03f8ec139d568) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/06/29 10:42:55.0063 3452 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/29 10:42:55.0136 3452 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/29 10:42:55.0244 3452 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/29 10:42:55.0372 3452 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/29 10:42:55.0550 3452 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/06/29 10:42:55.0663 3452 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/29 10:42:55.0955 3452 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/29 10:42:56.0061 3452 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/29 10:42:56.0105 3452 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/29 10:42:56.0188 3452 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\DRIVERS\BrSerId.sys
2011/06/29 10:42:56.0270 3452 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\Windows\system32\Drivers\BrSerIf.sys
2011/06/29 10:42:56.0359 3452 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/29 10:42:56.0410 3452 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/29 10:42:56.0473 3452 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys
2011/06/29 10:42:56.0586 3452 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/06/29 10:42:56.0720 3452 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/29 10:42:56.0779 3452 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/29 10:42:56.0881 3452 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/06/29 10:42:57.0164 3452 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/06/29 10:42:57.0551 3452 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/29 10:42:57.0705 3452 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/29 10:42:58.0097 3452 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/29 10:42:58.0478 3452 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/29 10:42:58.0834 3452 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/29 10:42:59.0096 3452 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/29 10:42:59.0275 3452 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2011/06/29 10:42:59.0406 3452 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/29 10:42:59.0576 3452 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/29 10:42:59.0705 3452 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/29 10:42:59.0819 3452 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/06/29 10:42:59.0964 3452 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/29 10:43:00.0085 3452 Dot4Scan (a84d8a9006b1ae515cc7b6b3586c295a) C:\Windows\system32\DRIVERS\Dot4Scan.sys
2011/06/29 10:43:00.0158 3452 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/29 10:43:00.0330 3452 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/29 10:43:00.0504 3452 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2011/06/29 10:43:00.0596 3452 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/29 10:43:00.0666 3452 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
2011/06/29 10:43:00.0794 3452 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/29 10:43:00.0917 3452 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/29 10:43:01.0031 3452 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/29 10:43:01.0110 3452 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/29 10:43:01.0199 3452 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/29 10:43:01.0313 3452 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/29 10:43:01.0350 3452 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/29 10:43:01.0430 3452 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/29 10:43:01.0510 3452 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/29 10:43:01.0601 3452 FlyUsb (85e5ad3a9d56fd6f92db5fc9ca62e2e4) C:\Windows\system32\DRIVERS\FlyUsb.sys
2011/06/29 10:43:01.0724 3452 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/29 10:43:01.0816 3452 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/29 10:43:01.0918 3452 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/29 10:43:02.0056 3452 GT72NDISIPXP (9eb33545bc9b1ca0c9b9e6d780ce0d27) C:\Windows\system32\DRIVERS\Gt51Ip.sys
2011/06/29 10:43:02.0132 3452 GT72UBUS (687a4b740f14c2dff6dd7b848f50f0a6) C:\Windows\system32\DRIVERS\gt72ubus.sys
2011/06/29 10:43:02.0251 3452 GTPTSER (346ddaefa04e49ad804ee12d4baa0ed3) C:\Windows\system32\DRIVERS\gtptser.sys
2011/06/29 10:43:02.0344 3452 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/06/29 10:43:02.0438 3452 HdAudAddService (743e5199a34101a3ee444df5f74d0311) C:\Windows\system32\drivers\CHDART.sys
2011/06/29 10:43:02.0538 3452 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/29 10:43:02.0654 3452 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/29 10:43:02.0720 3452 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/29 10:43:02.0818 3452 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/29 10:43:02.0885 3452 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/29 10:43:02.0993 3452 HPFXBULK (9e3944a558ab84853ef985988e23a8a4) C:\Windows\system32\drivers\hpfxbulk.sys
2011/06/29 10:43:03.0099 3452 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\Windows\system32\DRIVERS\HPZid412.sys
2011/06/29 10:43:03.0156 3452 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\Windows\system32\DRIVERS\HPZipr12.sys
2011/06/29 10:43:03.0264 3452 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\Windows\system32\DRIVERS\HPZius12.sys
2011/06/29 10:43:03.0365 3452 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/06/29 10:43:03.0460 3452 HSF_DPV (0d7a055a840c3099c37d576573a42cd5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/06/29 10:43:03.0543 3452 HSXHWAZL (bcc074692882c056b0e1ac97f3331a02) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/06/29 10:43:03.0667 3452 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/29 10:43:03.0753 3452 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/29 10:43:03.0853 3452 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/29 10:43:04.0039 3452 ialm (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/29 10:43:04.0220 3452 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/29 10:43:04.0313 3452 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/29 10:43:04.0495 3452 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/29 10:43:04.0566 3452 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/29 10:43:04.0644 3452 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/06/29 10:43:04.0726 3452 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/29 10:43:04.0879 3452 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/29 10:43:05.0040 3452 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/29 10:43:05.0098 3452 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/29 10:43:05.0206 3452 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/29 10:43:05.0279 3452 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/29 10:43:05.0366 3452 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/29 10:43:05.0450 3452 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/29 10:43:05.0514 3452 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/29 10:43:05.0588 3452 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/29 10:43:05.0661 3452 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/29 10:43:05.0803 3452 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/29 10:43:05.0955 3452 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/29 10:43:06.0085 3452 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/29 10:43:06.0139 3452 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/29 10:43:06.0219 3452 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/29 10:43:06.0312 3452 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/29 10:43:06.0386 3452 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/29 10:43:06.0474 3452 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/29 10:43:06.0616 3452 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/29 10:43:06.0733 3452 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/29 10:43:06.0849 3452 motccgp (ce5a453095127fba8355322cbb1a995f) C:\Windows\system32\DRIVERS\motccgp.sys
2011/06/29 10:43:06.0924 3452 motccgpfl (aad6191a4daa519f04ab12b2af73e356) C:\Windows\system32\DRIVERS\motccgpfl.sys
2011/06/29 10:43:06.0959 3452 MotoSwitchService (38e0b25d4f9c0e66b456f15006fc118e) C:\Windows\system32\DRIVERS\motswch.sys
2011/06/29 10:43:07.0015 3452 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/29 10:43:07.0102 3452 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/29 10:43:07.0175 3452 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/29 10:43:07.0241 3452 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/29 10:43:07.0309 3452 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/29 10:43:07.0412 3452 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/29 10:43:07.0568 3452 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/29 10:43:07.0628 3452 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/29 10:43:07.0685 3452 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/29 10:43:07.0761 3452 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/29 10:43:07.0841 3452 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/29 10:43:07.0895 3452 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/29 10:43:07.0977 3452 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/29 10:43:08.0086 3452 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/29 10:43:08.0169 3452 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/29 10:43:08.0219 3452 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/29 10:43:08.0272 3452 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/29 10:43:08.0348 3452 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/29 10:43:08.0452 3452 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/29 10:43:08.0528 3452 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/29 10:43:08.0599 3452 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/29 10:43:08.0680 3452 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/29 10:43:08.0792 3452 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/29 10:43:08.0883 3452 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/29 10:43:08.0943 3452 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/29 10:43:08.0994 3452 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/29 10:43:09.0074 3452 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/29 10:43:09.0187 3452 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/29 10:43:09.0250 3452 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/29 10:43:09.0448 3452 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/06/29 10:43:09.0755 3452 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/06/29 10:43:09.0896 3452 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/29 10:43:09.0983 3452 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/29 10:43:10.0048 3452 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/29 10:43:10.0142 3452 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/29 10:43:10.0273 3452 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/29 10:43:10.0339 3452 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/29 10:43:10.0395 3452 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/29 10:43:10.0465 3452 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/29 10:43:10.0577 3452 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/29 10:43:10.0776 3452 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/29 10:43:10.0868 3452 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/29 10:43:10.0956 3452 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/29 10:43:11.0015 3452 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/29 10:43:11.0091 3452 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/29 10:43:11.0163 3452 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/29 10:43:11.0255 3452 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/29 10:43:11.0420 3452 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/29 10:43:11.0651 3452 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/29 10:43:11.0721 3452 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/29 10:43:11.0821 3452 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/29 10:43:11.0890 3452 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/29 10:43:12.0059 3452 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/29 10:43:12.0138 3452 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/29 10:43:12.0215 3452 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/29 10:43:12.0368 3452 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/29 10:43:12.0438 3452 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/29 10:43:12.0509 3452 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/29 10:43:12.0568 3452 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/29 10:43:12.0625 3452 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/29 10:43:12.0732 3452 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/29 10:43:12.0811 3452 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/29 10:43:12.0853 3452 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/29 10:43:12.0943 3452 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/29 10:43:13.0062 3452 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/29 10:43:13.0177 3452 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/06/29 10:43:13.0234 3452 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/06/29 10:43:13.0305 3452 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
2011/06/29 10:43:13.0422 3452 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/06/29 10:43:13.0493 3452 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/06/29 10:43:13.0546 3452 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/06/29 10:43:13.0631 3452 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/29 10:43:13.0730 3452 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/29 10:43:13.0839 3452 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/29 10:43:13.0903 3452 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/29 10:43:13.0995 3452 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/29 10:43:14.0068 3452 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/29 10:43:14.0145 3452 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/29 10:43:14.0244 3452 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/29 10:43:14.0335 3452 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/29 10:43:14.0404 3452 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/29 10:43:14.0478 3452 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/29 10:43:14.0555 3452 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/29 10:43:14.0648 3452 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/29 10:43:14.0722 3452 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/29 10:43:14.0808 3452 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/29 10:43:14.0887 3452 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/29 10:43:15.0044 3452 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/29 10:43:15.0117 3452 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/29 10:43:15.0191 3452 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/29 10:43:15.0333 3452 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/29 10:43:15.0410 3452 swmsflt (a184a1bab187809b144ba32509b9e731) C:\Windows\System32\drivers\swmsflt.sys
2011/06/29 10:43:15.0483 3452 SWNC8U56 (2f6f8b7f821c994de3d1caf399bf9cd3) C:\Windows\system32\DRIVERS\swnc8u56.sys
2011/06/29 10:43:15.0564 3452 SWUMX56 (903a5e596a3910cebfa33f3bd7d9c174) C:\Windows\system32\DRIVERS\swumx56.sys
2011/06/29 10:43:15.0670 3452 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/29 10:43:15.0722 3452 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/29 10:43:15.0781 3452 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/29 10:43:15.0898 3452 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/29 10:43:16.0010 3452 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/29 10:43:16.0127 3452 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/29 10:43:16.0191 3452 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/29 10:43:16.0228 3452 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/29 10:43:16.0285 3452 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/29 10:43:16.0337 3452 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/29 10:43:16.0442 3452 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/29 10:43:16.0524 3452 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/29 10:43:16.0603 3452 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/29 10:43:16.0678 3452 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/29 10:43:16.0742 3452 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/29 10:43:16.0875 3452 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/29 10:43:16.0998 3452 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/29 10:43:17.0053 3452 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/29 10:43:17.0107 3452 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/29 10:43:17.0182 3452 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/29 10:43:17.0285 3452 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/29 10:43:17.0359 3452 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/29 10:43:17.0432 3452 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/29 10:43:17.0585 3452 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/29 10:43:17.0681 3452 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/29 10:43:17.0740 3452 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/29 10:43:17.0807 3452 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/29 10:43:17.0891 3452 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/29 10:43:18.0003 3452 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/29 10:43:18.0058 3452 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/29 10:43:18.0114 3452 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/29 10:43:18.0195 3452 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/06/29 10:43:18.0280 3452 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/29 10:43:18.0340 3452 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/29 10:43:18.0401 3452 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/29 10:43:18.0469 3452 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/29 10:43:18.0540 3452 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/06/29 10:43:18.0609 3452 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/29 10:43:18.0693 3452 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/29 10:43:18.0778 3452 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/29 10:43:18.0879 3452 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/29 10:43:18.0977 3452 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/29 10:43:19.0101 3452 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/29 10:43:19.0128 3452 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/29 10:43:19.0227 3452 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/29 10:43:19.0306 3452 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/29 10:43:19.0477 3452 winachsf (3b4522d0e750bac8fe7ae61622a57014) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/29 10:43:19.0663 3452 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
2011/06/29 10:43:19.0747 3452 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/29 10:43:19.0878 3452 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/29 10:43:19.0940 3452 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/29 10:43:20.0080 3452 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/29 10:43:20.0150 3452 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/06/29 10:43:20.0246 3452 yukonwlh (64b7c777b88d3ad5a3553bafd66f9cae) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/06/29 10:43:20.0369 3452 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
2011/06/29 10:43:20.0417 3452 Boot (0x1200) (5764e1d4b0a7479846e73b8ba890f012) \Device\Harddisk0\DR0\Partition0
2011/06/29 10:43:20.0440 3452 Boot (0x1200) (1119b080147c9a803c539490828a2ed0) \Device\Harddisk0\DR0\Partition1
2011/06/29 10:43:20.0456 3452 ================================================================================
2011/06/29 10:43:20.0456 3452 Scan finished
2011/06/29 10:43:20.0456 3452 ================================================================================
2011/06/29 10:43:20.0475 3556 Detected object count: 0
2011/06/29 10:43:20.0475 3556 Actual detected object count: 0

mbr log: (fix button not enabled)

swMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-29 10:45:08
-----------------------------
10:45:08.939 OS Version: Windows 6.0.6002 Service Pack 2
10:45:08.939 Number of processors: 2 586 0xF0D
10:45:08.942 ComputerName: JASONSCOMPUTER UserName: fredrickannie
10:45:11.156 Initialize success
10:45:40.064 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:45:40.069 Disk 0 Vendor: FUJITSU_ 890B Size: 238475MB BusType: 3
10:45:40.113 Disk 0 MBR read successfully
10:45:40.118 Disk 0 MBR scan
10:45:40.122 Disk 0 unknown MBR code
10:45:40.128 Disk 0 scanning sectors +488392065
10:45:40.166 Disk 0 scanning C:\Windows\system32\drivers
10:45:47.431 Service scanning
10:45:49.027 Disk 0 trace - called modules:
10:45:49.069 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
10:45:49.076 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8603bac8]
10:45:49.082 3 CLASSPNP.SYS[88b9d8b3] -> nt!IofCallDriver -> [0x856167a8]
10:45:49.089 5 acpi.sys[82e8d6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84c6d030]
10:45:49.096 Scan finished successfully
10:46:27.441 Disk 0 MBR has been saved successfully to "C:\Users\fredrickannie\Desktop\MBR.dat"
10:46:27.450 The log file has been saved successfully to "C:\Users\fredrickannie\Desktop\aswMBR.txt"


Thanks Ron!!!
  • 0

#4
RKinner
Posted 29 June 2011 - 07:47 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Looks good. You need an anti-virus:

Let's install the free Avast:

http://www.avast.com...ivirus-download

Download, Save and right click on it and Run As Administrator.

You will need to register once you install it but it's a very simple process. It will lead you through it.

Since you have been infected you should let it do a boot-time scan to be sure we got it all:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

You have traces of Symantec so download, Save and run the Norton Removal tool by right click and Run As Administrator.
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe


We need to clean up System Restore.

The best way is to follow Jim's procedure here http://aumha.net/vie...581099691bf108f
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.


You can uninstall or delete any tools we had you download and their logs.

OTL has a Cleanup tab so if you run it again and go to cleanup it will cleanup its files and many of our tools.

You may not have the latest Java (Java™ 6 Update 26). Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it.

Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Flash Player recently came out with a new version which fixes an exploit hole. See http://aumha.net/vie...&st=0&sk=t&sd=a Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you can download and run the UpdateChecker:
http://www.filehippo.../updatechecker/

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#5
jmf1234
Posted 30 June 2011 - 10:50 PM

jmf1234

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Ron,
I'm going to complete these steps now. While working with the computer again yesterday, I have found two issues that I had missed in my first detail of the problem:

1. When I click on the start menu, no programs show up in it, just on big blank box.
2. When I start up the computer, a pop up from the icon tray states that some programs were blocked during start-up:
Windows defender calls it the "microsoft media Center tray applet"

Can you help me get this fixed also?

Thanks,
Jason
  • 0

#6
RKinner
Posted 01 July 2011 - 12:22 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
It may be a bit late but try it anyway:

Download, Save and run unhide from

http://download.blee...nler/unhide.exe

See if that helps. If not we can fix it but it takes a lot of work.

For the Media Center it's the c:\windows\ehome\ehTray.exe file.

Submit it to http://virustotal.com and see if they think it is dirty. Copy and paste the report that you get.

Ron
  • 0

#7
jmf1234
Posted 01 July 2011 - 11:55 AM

jmf1234

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here is the report on the blocked startup program:

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
B82B282000B12601EC5401E848073A00F0FE5D30.exe
Submission date:
2011-06-30 03:41:49 (UTC)
Current status:
finished
Result:
0 /42 (0.0%)

Should I allow this program to exist? I dont really need another speed button


I ran the unhide program, it didnt work and suggested I turn off avast. I did so and re-ran it but it still did not work. Start menu is still empty.

Thanks Ron!
  • 0

#8
RKinner
Posted 01 July 2011 - 12:19 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
See if this link helps with some of the missing links:

http://www.vistax64....-shortcuts.html

Appears the file is safe but if you don't want it then feel free to block it.

Ron
  • 0

#9
jmf1234
Posted 05 July 2011 - 04:21 PM

jmf1234

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Ron,
The process has restored the start menu to regular use.

Thank you so much for your time and knowledge!

Thanks,
Jason
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP