Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

OTL Registry Please help to remove malware etc -log attached

Started by heatherbrowning2003 , Aug 18 2011 05:55 PM

  • This topic is locked This topic is locked

#1
heatherbrowning2003
Posted 18 August 2011 - 05:55 PM

heatherbrowning2003

    New Member

  • Member
  • Pip
  • 8 posts
Hello. My computer is very slow and often crashes the internet. Also when I try to go to a certain webpage Firefox goes to the wrong page. I have included my OTL log. Can someone please tell me how to proceed to fix my laptop? Thank you!:}

OTL logfile created on: 8/18/2011 4:38:00 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Heather\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 35.06% Memory free
6.14 Gb Paging File | 3.94 Gb Available in Paging File | 64.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.37 Gb Total Space | 197.98 Gb Free Space | 69.13% Space Free | Partition Type: NTFS

Computer Name: HEATHER-PC | User Name: Heather | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/18 16:36:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
PRC - [2011/08/16 13:20:57 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/27 09:40:58 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/10 23:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2009/03/20 20:37:18 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/04 10:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/02/06 16:13:16 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/29 10:21:02 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/12/09 15:00:58 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/13 20:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/08/13 20:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/08/13 16:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/07/18 19:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/03/31 23:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2008/03/31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/10/18 20:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/16 13:20:56 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/08/15 14:45:56 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7785435dab38ed94b6a0a608e91c6cda\Microsoft.VisualBasic.ni.dll
MOD - [2011/08/15 14:09:07 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011/08/15 14:08:50 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011/08/15 14:04:56 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/21 11:53:58 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c8750ecd71abac98fb26b2f4bf3a031a\Accessibility.ni.dll
MOD - [2011/06/21 11:38:33 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/06/07 13:12:35 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/05/04 04:53:15 | 003,182,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/03/29 03:53:25 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2010/12/13 21:14:54 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll
MOD - [2010/01/27 11:41:40 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2010/01/27 11:39:52 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2010/01/27 11:33:26 | 011,503,616 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2010/01/27 11:01:00 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2010/01/27 10:54:48 | 000,171,520 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2010/01/27 10:51:52 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2010/01/27 10:50:28 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2010/01/27 10:39:28 | 000,688,128 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2010/01/27 10:22:34 | 000,761,856 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2010/01/27 10:19:40 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2010/01/27 10:18:06 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2010/01/27 10:17:02 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2010/01/27 10:10:22 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2010/01/27 10:05:14 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2010/01/27 10:01:38 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2010/01/27 09:58:38 | 000,356,352 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2010/01/27 09:57:54 | 000,129,536 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2010/01/27 09:57:32 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2010/01/27 09:53:46 | 000,152,576 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2010/01/27 09:51:52 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2010/01/27 09:51:04 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2010/01/27 09:50:08 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2010/01/27 08:21:30 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2009/09/28 21:21:50 | 001,396,736 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2009/09/28 21:21:18 | 000,528,384 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2009/09/28 21:21:02 | 000,847,872 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2009/09/28 21:20:44 | 000,462,848 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2009/09/28 21:20:34 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2009/09/28 21:19:48 | 000,782,336 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2009/09/28 21:19:32 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2009/09/28 21:19:28 | 000,868,352 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2009/08/18 17:13:56 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2009/08/18 17:13:55 | 001,564,672 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2009/08/18 17:13:54 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2009/03/29 21:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009/03/29 21:42:18 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2009/03/29 21:42:13 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2009/03/29 21:42:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2008/09/19 04:22:14 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2008/07/18 19:52:08 | 000,649,704 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008/06/09 09:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MOD - [2007/08/14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2007/06/15 10:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007/06/01 17:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/19 04:10:53 | 000,110,576 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
SRV - [2008/08/13 20:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2008/03/31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/27 17:22:04 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/30 20:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\0501000.01D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 20:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 17:39:49 | 000,432,760 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011/03/14 19:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011/01/26 23:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2011/01/26 22:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/20 20:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/05 15:27:12 | 001,449,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2009/08/05 07:18:34 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:64bit: - [2009/06/10 21:32:46 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009/03/19 23:22:07 | 001,119,744 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/03/19 02:03:55 | 000,161,280 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ETD.sys -- (ETD)
DRV:64bit: - [2009/02/11 02:26:17 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/01/14 12:51:50 | 000,339,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\srs_PremiumSound_amd64.sys -- (SRS_PremiumSound_Service)
DRV:64bit: - [2008/12/18 05:16:23 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/12/08 17:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008/11/03 00:03:27 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/08/10 19:14:01 | 001,820,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2008/05/29 09:21:02 | 000,016,440 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\lullaby.sys -- (lullaby)
DRV:64bit: - [2008/05/23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
DRV:64bit: - [2008/04/06 23:00:45 | 000,007,168 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CRFILTER.sys -- (CRFILTER)
DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/07/24 11:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2006/10/03 18:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2011/08/05 20:41:19 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110818.003\EX64.SYS -- (NAVEX15)
DRV - [2011/08/05 20:41:18 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110818.003\ENG64.SYS -- (NAVENG)
DRV - [2011/08/02 01:07:58 | 000,488,056 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110817.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/07/27 20:23:44 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/27 20:23:43 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/07/22 17:27:21 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110812.001\BHDrvx64.sys -- (BHDrvx64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=ASUS&bmod=ASUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.5.1: C:\Users\Heather\AppData\Local\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/19 12:43:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/08/18 15:46:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_1_3 [2011/08/18 15:46:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/16 13:20:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/29 12:57:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/19 12:43:28 | 000,000,000 | ---D | M]

[2009/11/02 22:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\Mozilla\Extensions
[2009/11/02 22:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/08/01 12:55:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\54eacnes.default\extensions
[2010/04/27 14:08:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\54eacnes.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/01 12:55:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\54eacnes.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/29 16:34:36 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\54eacnes.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2010/11/20 20:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\54eacnes.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}chrome
[2011/02/19 10:42:06 | 000,002,427 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\54eacnes.default\searchplugins\askcom.xml
[2010/09/14 05:41:12 | 000,002,506 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\54eacnes.default\searchplugins\BearShareWebSearch.xml
[2009/09/28 18:46:40 | 000,002,160 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\54eacnes.default\searchplugins\MySpace.xml
[2011/05/29 11:08:51 | 000,002,469 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\54eacnes.default\searchplugins\safesearch.xml
[2011/07/12 18:00:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/26 17:33:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/12 19:50:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/25 08:45:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/12 18:00:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/04/03 11:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011/04/03 11:08:53 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) --
[2011/08/18 15:46:31 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN_2011_7_1_3
[2011/08/18 15:46:54 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
[2011/08/16 13:20:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/09/14 05:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2011/08/16 13:20:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files (x86)\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files (x86)\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [LoJackForLaptops] File not found
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Heather\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Heather\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9b9f7802-a566-11de-aa48-0026183b3882}\Shell\AutoRun\command - "" = D:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/18 16:39:42 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.com
[2011/08/18 16:36:37 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
[2011/08/16 18:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/08/16 18:05:46 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/08/01 19:29:09 | 000,000,000 | ---D | C] -- C:\Users\Heather\Desktop\New_Resumes_and_CoverLetters
[2011/07/27 18:16:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/07/27 18:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

========== Files - Modified Within 30 Days ==========

[2011/08/18 16:39:43 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.com
[2011/08/18 16:36:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
[2011/08/18 16:34:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/18 16:25:54 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/18 16:25:54 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/18 16:17:10 | 000,002,563 | ---- | M] () -- C:\Users\Heather\Desktop\HiJackThis.lnk
[2011/08/18 15:46:45 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/08/18 15:46:43 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/18 15:46:28 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2011/08/18 15:46:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/16 18:03:16 | 001,402,880 | ---- | M] () -- C:\Users\Heather\Desktop\HijackThis.msi
[2011/08/16 12:30:53 | 000,023,038 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\wklnhst.dat
[2011/07/29 12:57:30 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/07/28 14:24:34 | 000,343,292 | ---- | M] () -- C:\Users\Heather\Desktop\half_apache_tear_pic.jpg

========== Files Created - No Company Name ==========

[2011/08/16 18:05:46 | 000,002,563 | ---- | C] () -- C:\Users\Heather\Desktop\HiJackThis.lnk
[2011/08/16 18:03:09 | 001,402,880 | ---- | C] () -- C:\Users\Heather\Desktop\HijackThis.msi
[2011/07/29 12:57:29 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/07/29 12:57:29 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/28 14:19:21 | 000,343,292 | ---- | C] () -- C:\Users\Heather\Desktop\half_apache_tear_pic.jpg
[2011/05/19 09:56:55 | 000,001,940 | ---- | C] () -- C:\Users\Heather\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/07/28 21:08:46 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/07/28 21:08:44 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/07/28 21:08:42 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/07/28 20:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/07/28 20:14:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/04/20 08:57:53 | 000,000,139 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/08 11:20:33 | 000,000,680 | ---- | C] () -- C:\Users\Heather\AppData\Local\d3d9caps.dat
[2010/03/17 14:26:34 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dynamic Library
[2010/03/17 14:26:34 | 000,000,268 | RH-- | C] () -- C:\Users\Heather\AppData\Roaming\Documentation
[2010/03/17 14:26:34 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/02/19 12:42:57 | 000,023,144 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/12/23 15:32:20 | 000,166,098 | ---- | C] () -- C:\Windows\hpoins28.dat.temp
[2009/12/23 15:32:20 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp
[2009/12/06 14:08:33 | 000,077,408 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/12/06 13:41:11 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/06 13:40:16 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/06 13:39:17 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/13 17:26:16 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/10/13 11:51:29 | 000,023,038 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\wklnhst.dat
[2009/10/05 18:37:42 | 000,031,049 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\UserTile.png
[2009/07/04 23:07:42 | 000,064,512 | ---- | C] () -- C:\Users\Heather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/04 20:01:56 | 000,166,098 | ---- | C] () -- C:\Windows\hpoins28.dat
[2009/07/02 18:19:12 | 000,002,039 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\install.dat
[2009/06/10 21:32:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/06/10 20:37:02 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/02/25 20:44:35 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2008/12/23 13:36:14 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/09/19 04:41:00 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2008/05/22 08:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
[2008/05/11 20:49:03 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 08:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 05:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 05:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 02:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2009/07/10 05:53:09 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Absolute
[2009/10/13 17:26:53 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\aVinci
[2010/04/30 13:06:23 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/17 14:41:14 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Nikon
[2009/10/05 18:37:41 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\PeerNetworking
[2009/08/18 17:16:13 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Skinux
[2010/02/09 12:16:08 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Template
[2011/07/18 19:44:51 | 000,000,404 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2011/08/17 14:45:53 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 19 August 2011 - 02:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, lets try to resolve this for you

Download and Install CombofixDownload ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
heatherbrowning2003
Posted 20 August 2011 - 02:58 PM

heatherbrowning2003

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you.
I ran Combofix and after about an hour it finished running.
After reboot I let the log application run for about an hour and a half but never got a log, it just kept running.
Also Norton 360 kept popping up with a performance warning of high handles for the combofix application.
How should I proceed?
Thank you
  • 0

#4
Essexboy
Posted 20 August 2011 - 03:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you continue with the aswMBR run please and close combofix, I will then work from there
  • 0

#5
heatherbrowning2003
Posted 20 August 2011 - 03:43 PM

heatherbrowning2003

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-20 14:40:23
-----------------------------
14:40:23.054 OS Version: Windows x64 6.0.6002 Service Pack 2
14:40:23.054 Number of processors: 2 586 0x170A
14:40:23.055 ComputerName: HEATHER-PC UserName: Heather
14:40:24.373 Initialize success
14:40:37.129 AVAST engine download error: 0
14:41:02.659 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:41:02.663 Disk 0 Vendor: ST932032 0002 Size: 305245MB BusType: 3
14:41:02.679 Disk 0 MBR read successfully
14:41:02.683 Disk 0 MBR scan
14:41:02.687 Disk 0 unknown MBR code
14:41:02.692 Service scanning
14:41:03.989 Modules scanning
14:41:03.993 Disk 0 trace - called modules:
14:41:03.999 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
14:41:04.008 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800367b790]
14:41:04.015 3 CLASSPNP.SYS[fffffa60013d3c33] -> nt!IofCallDriver -> [0xfffffa800333da00]
14:41:04.024 5 acpi.sys[fffffa60008f5fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800338c050]
14:41:04.029 Scan finished successfully
14:41:36.538 Disk 0 MBR has been saved successfully to "C:\Users\Heather\Desktop\MBR.dat"
14:41:36.545 The log file has been saved successfully to "C:\Users\Heather\Desktop\aswMBR.txt"
  • 0

#6
Essexboy
Posted 20 August 2011 - 03:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets check out the MBR a little deeper

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#7
heatherbrowning2003
Posted 20 August 2011 - 03:52 PM

heatherbrowning2003

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: K50IJ
Logical Drives Mask: 0x00000014

Kernel Drivers (total 153):
0x0201F000 \SystemRoot\system32\ntoskrnl.exe
0x02537000 \SystemRoot\system32\hal.dll
0x00608000 \SystemRoot\system32\kdcom.dll
0x00612000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0064D000 \SystemRoot\system32\PSHED.dll
0x00661000 \SystemRoot\system32\CLFS.SYS
0x006BE000 \SystemRoot\system32\CI.dll
0x00803000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EB000 \SystemRoot\system32\drivers\acpi.sys
0x00941000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094A000 \SystemRoot\system32\drivers\msisadrv.sys
0x00954000 \SystemRoot\system32\drivers\pci.sys
0x00984000 \SystemRoot\System32\drivers\partmgr.sys
0x00999000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x0099D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009A9000 \SystemRoot\system32\drivers\volmgr.sys
0x00770000 \SystemRoot\System32\drivers\volmgrx.sys
0x009BD000 \SystemRoot\System32\drivers\mountmgr.sys
0x009D0000 \SystemRoot\system32\drivers\pciide.sys
0x009D7000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00A07000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00B24000 \SystemRoot\system32\drivers\atapi.sys
0x00B2C000 \SystemRoot\system32\drivers\ataport.SYS
0x00B50000 \SystemRoot\system32\drivers\msahci.sys
0x00B5A000 \SystemRoot\system32\drivers\fltmgr.sys
0x00C09000 \SystemRoot\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
0x00C7A000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C8E000 \SystemRoot\System32\Drivers\AsDsm.sys
0x00C9B000 \SystemRoot\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
0x00D7F000 \SystemRoot\system32\DRIVERS\lullaby.sys
0x00E0D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0100E000 \SystemRoot\system32\drivers\ndis.sys
0x00E94000 \SystemRoot\system32\drivers\msrpc.sys
0x00EE4000 \SystemRoot\system32\drivers\NETIO.SYS
0x01204000 \SystemRoot\System32\drivers\tcpip.sys
0x0137A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01402000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01582000 \SystemRoot\system32\drivers\volsnap.sys
0x015C6000 \SystemRoot\System32\Drivers\spldr.sys
0x015CE000 \SystemRoot\System32\Drivers\mup.sys
0x013A6000 \SystemRoot\System32\drivers\ecache.sys
0x015E0000 \SystemRoot\system32\drivers\disk.sys
0x013D2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x015F4000 \SystemRoot\system32\drivers\crcdisk.sys
0x02523000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02530000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02539000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02603000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x03022000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03105000 \SystemRoot\System32\drivers\watchdog.sys
0x03115000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03121000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03167000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0320B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03401000 \SystemRoot\system32\DRIVERS\athrx.sys
0x03566000 \SystemRoot\system32\DRIVERS\L1E60x64.sys
0x03579000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0358F000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x03597000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x035A5000 \SystemRoot\system32\DRIVERS\ETD.sys
0x035D1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x035DD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x032F8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x035F9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03305000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
0x0330D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x03346000 \SystemRoot\system32\DRIVERS\storport.sys
0x033A3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03178000 \SystemRoot\system32\drivers\srs_PremiumSound_amd64.sys
0x033B0000 \SystemRoot\system32\drivers\ks.sys
0x033E4000 \SystemRoot\system32\drivers\ksthunk.sys
0x031CA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x033EA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0254C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x031ED000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0257D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0259B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x025B3000 \SystemRoot\system32\DRIVERS\termdd.sys
0x035FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03200000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x025C6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x00F3D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x025D6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03C08000 \SystemRoot\system32\drivers\viahduaa.sys
0x03D22000 \SystemRoot\system32\drivers\portcls.sys
0x03D5D000 \SystemRoot\system32\drivers\drmk.sys
0x03D80000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x03D9C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03E0D000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x03FCA000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x03FDB000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x03FE4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x03FEE000 \SystemRoot\System32\Drivers\Null.SYS
0x03D9E000 \SystemRoot\System32\drivers\vga.sys
0x03DAC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03FF7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03E00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03DD1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03DDC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03DED000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x011DF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x00F85000 \SystemRoot\system32\drivers\N360x64\0501000.01D\SYMTDIV.SYS
0x00D88000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x00DBE000 \SystemRoot\system32\DRIVERS\smb.sys
0x04005000 \SystemRoot\system32\drivers\afd.sys
0x04070000 \SystemRoot\System32\DRIVERS\netbt.sys
0x040B4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x040D2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x040E1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x040FC000 \SystemRoot\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
0x04129000 \SystemRoot\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
0x0413F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0418C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04206000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110819.030\IDSvia64.sys
0x04283000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x042FC000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x04322000 \SystemRoot\System32\Drivers\dfsc.sys
0x04403000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110812.001\BHDrvx64.sys
0x04521000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02400000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x0452F000 \SystemRoot\System32\drivers\Dxapi.sys
0x0453B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00490000 \SystemRoot\System32\TSDDD.dll
0x00680000 \SystemRoot\System32\cdd.dll
0x0454E000 \SystemRoot\system32\drivers\luafv.sys
0x0433F000 \SystemRoot\system32\drivers\spsys.sys
0x04570000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04584000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x045B8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x045C3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x045DB000 \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
0x15808000 \SystemRoot\system32\drivers\HTTP.sys
0x158AB000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x158D4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x158F2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x1590C000 \SystemRoot\system32\drivers\mrxdav.sys
0x15933000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x1595C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x159A5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x159C4000 \SystemRoot\System32\DRIVERS\srv2.sys
0x15C03000 \SystemRoot\System32\DRIVERS\srv.sys
0x15C96000 \SystemRoot\System32\Drivers\fastfat.SYS
0x15CCB000 \SystemRoot\system32\drivers\peauth.sys
0x15D81000 \SystemRoot\System32\Drivers\secdrv.SYS
0x15D8C000 \SystemRoot\System32\drivers\tcpipreg.sys
0x15D9C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x14E0D000 \SystemRoot\System32\Drivers\N360x64\0501000.01D\SRTSP64.SYS
0x17400000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110820.005\EX64.SYS
0x14ECD000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110820.005\ENG64.SYS
0x14EED000 \??\C:\Users\Heather\AppData\Local\Temp\aswMBR.sys
0x77A80000 \Windows\System32\ntdll.dll

Processes (total 101):
0 System Idle Process
4 System
432 C:\Windows\System32\smss.exe
564 csrss.exe
600 C:\Windows\System32\wininit.exe
620 csrss.exe
656 C:\Windows\System32\services.exe
676 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
752 C:\Windows\System32\winlogon.exe
868 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\svchost.exe
328 C:\Windows\System32\svchost.exe
368 C:\Windows\System32\svchost.exe
440 C:\Windows\System32\svchost.exe
312 C:\Windows\System32\audiodg.exe
880 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\SLsvc.exe
1068 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\svchost.exe
1420 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
1428 C:\Windows\System32\wlanext.exe
1456 C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
1492 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
1616 C:\Windows\System32\spoolsv.exe
1640 C:\Windows\System32\svchost.exe
1920 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1936 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1972 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1988 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2020 C:\Windows\SysWOW64\svchost.exe
624 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
648 C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
1892 C:\Windows\System32\svchost.exe
124 C:\Windows\System32\svchost.exe
2000 C:\Windows\System32\svchost.exe
2064 C:\Windows\System32\svchost.exe
2120 C:\Windows\System32\svchost.exe
2168 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2220 C:\Windows\System32\SearchIndexer.exe
2448 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2684 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2964 C:\Windows\System32\taskeng.exe
1500 C:\Windows\System32\dwm.exe
3096 C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
3124 C:\Windows\explorer.exe
3352 C:\Windows\System32\taskeng.exe
3552 C:\Windows\System32\taskeng.exe
3560 C:\Program Files\P4G\BatteryLife.exe
3648 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
3660 C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
3696 C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
3704 C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe
3712 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
3720 C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
3752 C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
3796 ACEngSvr.exe
3828 WmiPrvSE.exe
3888 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3904 C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
3920 C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
3928 C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
3152 C:\Windows\System32\igfxsrvc.exe
1288 dllhost.exe
3584 C:\Windows\System32\igfxtray.exe
2708 C:\Windows\System32\hkcmd.exe
3992 C:\Windows\System32\igfxpers.exe
4008 C:\Program Files (x86)\Windows Sidebar\sidebar.exe
1880 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
3820 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1832 C:\Windows\ehome\ehtray.exe
3760 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
2300 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
2144 C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE
3608 C:\Program Files\Windows Media Player\wmpnscfg.exe
3952 C:\Program Files\Windows Media Player\wmpnetwk.exe
2712 C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
4104 C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
4112 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
4128 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
4136 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
4176 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
4184 C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
4192 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
4244 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4252 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4628 C:\Program Files\iPod\bin\iPodService.exe
4804 C:\Windows\ehome\ehmsas.exe
3780 C:\Program Files (x86)\Windows Sidebar\sidebar.exe
2748 C:\Windows\System32\svchost.exe
4496 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
3884 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
3612 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
4916 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5164 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
5716 C:\Users\Heather\Desktop\aswMBR.exe
4976 C:\Windows\System32\SearchProtocolHost.exe
4120 C:\Windows\System32\SearchFilterHost.exe
2508 dllhost.exe
5008 dllhost.exe
5204 C:\Users\Heather\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee1af400 (NTFS)

PhysicalDrive0 Model Number: ST9320325AS, Rev: 0002SDM1

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#8
heatherbrowning2003
Posted 20 August 2011 - 04:07 PM

heatherbrowning2003

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7522

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

8/20/2011 3:00:07 PM
mbam-log-2011-08-20 (15-00-07).txt

Scan type: Quick scan
Objects scanned: 177777
Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#9
Essexboy
Posted 21 August 2011 - 03:03 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What are your current problems ?

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#10
heatherbrowning2003
Posted 21 August 2011 - 07:30 PM

heatherbrowning2003

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you. My computer is very slow upon startup. I keep getting performance warnings periodically that I have high handle usage for various programs. My computer also keeps freezing up and I have to manually shut it down to restart.

I attempted to run the Kaspersky program however it keeps freezing up at about 7 or 8 percent completed.
The program did remove trojan.adh.2

Please advise.
  • 0

#11
Essexboy
Posted 22 August 2011 - 03:40 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you just run the analysis portion then please
  • 0

#12
heatherbrowning2003
Posted 22 August 2011 - 12:38 PM

heatherbrowning2003

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you again. Here is the report:)

<?xml version="1.0" encoding="WINDOWS-1251"?>

<!-- AVZ XML Report -->
-<AVZ CompHash="0097CFEFC41C3FB836163DA3363815EE" MainDBDate="12/30/1899" IsSRDisabled="False" IsAdmin="True" IsWow64="True" Session="" ProfileDir="C:\Users\Heather" OS_CSDV="Service Pack 2" BootMode="0" OS_Build="6002" OS_MiVer="0" OS_MjVer="6" WinDir="C:\Windows\" LogDate="22.08.2011 11:33:43" Version="4.35"> -<PROCESS> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="ACMON.exe" PID="3492"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="AmIcoSinglun64.exe" PID="3952"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="ASPG.exe" PID="3384"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="BatteryLife.exe" PID="3316"/> <ITEM CmdLine=""C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -hx" Hidden="0" LegalCopyright="© Eastman Kodak Company, 2002-2008. All Rights Reserved." Descr="Kodak EasyShare Software" CheckResult="0" File="c:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe" PID="2232" MD5="B5566BFC7114BAF19F4FEADE2A3436F8" ChageDate="27.01.2010 09:40:58" CreateDate="27.01.2010 09:40:58" Attr="rsAh" Size="323584"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="ehmsas.exe" PID="3568"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="ehtray.exe" PID="3660"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="ETDCtrl.exe" PID="3440"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="iPodService.exe" PID="4412"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="MsgTranAgt64.exe" PID="3444"/> <ITEM CmdLine="C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun" Hidden="0" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Windows Sidebar" CheckResult="0" File="c:\program files (x86)\windows sidebar\sidebar.exe" PID="2564" MD5="9E35FF7F943AE0FB89192BFE058B7FD4" ChageDate="10.04.2009 23:28:03" CreateDate="06.12.2009 13:39:03" Attr="rsAh" Size="1233920"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="VDECK.EXE" PID="4864"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="wmpnetwk.exe" PID="4092"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="wmpnscfg.exe" PID="4484"/> </PROCESS> -<DLL> <ITEM Hidden="0" LegalCopyright="Copyright © LEAD Technologies, Inc. 1991-1998" Descr="LEADTOOLS® DLL for Win32" CheckResult="-1" File="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTDIS10N.dll" MD5="B7C36069AF863AA0D739BC7ECC0D2E37" ChageDate="18.08.2009 17:13:50" CreateDate="19.07.1999 15:47:32" Attr="rsAh" Size="229888" UsedBy="2232"/> <ITEM Hidden="0" LegalCopyright="Copyright © LEAD Technologies, Inc. 1991-1998" Descr="LEADTOOLS® DLL for Win32" CheckResult="-1" File="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTKRN10N.dll" MD5="45579FF29337145560C07EFB3C2D6275" ChageDate="18.08.2009 17:13:50" CreateDate="19.07.1999 15:46:32" Attr="rsAh" Size="297984" UsedBy="2232"/> <ITEM Hidden="0" LegalCopyright="Copyright © LEAD Technologies, Inc. 1991-1998" Descr="LEADTOOLS® DLL for Win32" CheckResult="-1" File="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTFIL10N.DLL" MD5="DDA317E7D36E4105D3AE00E261601D34" ChageDate="18.08.2009 17:13:50" CreateDate="19.07.1999 15:48:02" Attr="rsAh" Size="108032" UsedBy="2232"/> <ITEM Hidden="0" LegalCopyright="Copyright © LEAD Technologies, Inc. 1991-1998" Descr="LEADTOOLS® DLL for Win32" CheckResult="-1" File="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTIMG10N.dll" MD5="48DE361059181EBE3E845360A6F07066" ChageDate="18.08.2009 17:13:50" CreateDate="19.07.1999 15:49:10" Attr="rsAh" Size="114176" UsedBy="2232"/> <ITEM Hidden="0" LegalCopyright="Copyright © LEAD Technologies, Inc. 1991-1998" Descr="LEADTOOLS® DLL for Win32" CheckResult="-1" File="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTEFX10N.dll" MD5="7F2AF72296D13239C5BC5C369B2B1F6C" ChageDate="18.08.2009 17:13:50" CreateDate="28.03.1999 22:42:52" Attr="rsAh" Size="221184" UsedBy="2232"/> <ITEM Hidden="0" LegalCopyright="© Eastman Kodak Company, 2005-2006. All Rights Reserved." Descr="DXRawFor Dynamic Link Library" CheckResult="-1" File="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx" MD5="A7B019F6146F851F2D1DCB17C084A279" ChageDate="18.08.2009 17:13:54" CreateDate="10.07.2009 14:15:08" Attr="rsAh" Size="77312" UsedBy="2232"/> <ITEM Hidden="0" LegalCopyright="© Eastman Kodak Company, 2004-2006. All Rights Reserved." Descr="DibIPLib Dynamic Link Library" CheckResult="-1" File="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll" MD5="2115F5828893156D59BFA4E491DBE51A" ChageDate="18.08.2009 17:13:56" CreateDate="10.07.2009 13:49:24" Attr="rsAh" Size="62464" UsedBy="2232"/> <ITEM Hidden="0" LegalCopyright="" Descr="" CheckResult="-1" File="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll" MD5="AEABA93A7226EC14BD52F144DE910F7F" ChageDate="18.08.2009 17:13:55" CreateDate="07.03.2006 10:05:24" Attr="rsAh" Size="1564672" UsedBy="2232"/> <ITEM Hidden="0" LegalCopyright="© Eastman Kodak Company, 2002-2006. All Rights Reserved." Descr="EGCreatives DLL" CheckResult="-1" File="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EGCreatives.esx" MD5="B62AE0CB55510B04E33B8818E5122CDF" ChageDate="27.01.2010 10:32:56" CreateDate="27.01.2010 10:32:56" Attr="rsAh" Size="374784" UsedBy="2232"/> <ITEM Hidden="0" LegalCopyright="© Eastman Kodak Company. All rights reserved." Descr="ESEverestEditPipe Dynamic Link Library" CheckResult="-1" File="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEverestEditPipe.esx" MD5="BBA9BCBDE0207E6023533E27E3923A0B" ChageDate="18.08.2009 17:13:55" CreateDate="10.07.2009 14:24:48" Attr="rsAh" Size="122880" UsedBy="2232"/> <ITEM Hidden="0" LegalCopyright="© Eastman Kodak Company. All rights reserved." Descr="ESFacialRetouch Dynamic Link Library" CheckResult="-1" File="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESFacialRetouch.dll" MD5="6F076C57A713E5957E177CA229156529" ChageDate="18.08.2009 17:13:56" CreateDate="10.07.2009 13:58:02" Attr="rsAh" Size="544768" UsedBy="2232"/> <ITEM Hidden="0" LegalCopyright="© Eastman Kodak Company, 2004-2006. All Rights Reserved." Descr="ESShasta Dynamic Link Library" CheckResult="-1" File="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESShastaEditPipe.esx" MD5="B1D027E3D7307590FC7DF8C5326F3366" ChageDate="18.08.2009 17:13:55" CreateDate="10.07.2009 14:20:34" Attr="rsAh" Size="98304" UsedBy="2232"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2005" Descr="ShastaPath.dll" CheckResult="-1" File="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ShastaPath.dll" MD5="E83A68BADA4FBC7F480B6FE26A358850" ChageDate="18.08.2009 17:13:57" CreateDate="01.03.2006 15:34:10" Attr="rsAh" Size="208896" UsedBy="2232"/> <ITEM Hidden="0" LegalCopyright="© Eastman Kodak Company, 2002-2006. All Rights Reserved." Descr="VistaBrowser DLL" CheckResult="-1" File="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaBrowser.esx" MD5="865046BA9DE6A579F1F52AF840AA36AD" ChageDate="27.01.2010 10:16:26" CreateDate="27.01.2010 10:16:26" Attr="rsAh" Size="102400" UsedBy="2232"/> <ITEM Hidden="0" LegalCopyright="© Eastman Kodak Company, 2004-2006. All Rights Reserved." Descr="XMIApi.dll" CheckResult="-1" File="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\XMIApi.esx" MD5="71CE633F2A046B156C4C28862B77F6CB" ChageDate="27.01.2010 10:08:54" CreateDate="27.01.2010 10:08:54" Attr="rsAh" Size="847872" UsedBy="2232"/> <ITEM Hidden="0" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr=".NET Framework" CheckResult="-1" File="C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll" MD5="2D779EC9611BD0BC27A2AB55AC9F481D" ChageDate="15.08.2011 14:04:56" CreateDate="15.08.2011 14:04:53" Attr="rsAh" Size="7950848" UsedBy="2564"/> <ITEM Hidden="0" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr=".NET Framework" CheckResult="-1" File="C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll" MD5="F6D267A1949FE932F46BECCDC29F3B72" ChageDate="15.08.2011 14:09:07" CreateDate="15.08.2011 14:09:06" Attr="rsAh" Size="12430848" UsedBy="2564"/> <ITEM Hidden="0" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Visual Basic Runtime Library" CheckResult="-1" File="C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7785435dab38ed94b6a0a608e91c6cda\Microsoft.VisualBasic.ni.dll" MD5="7D59CB668B9D41622A6DF19104281FAB" ChageDate="15.08.2011 14:45:56" CreateDate="15.08.2011 14:45:56" Attr="rsAh" Size="1711616" UsedBy="2564"/> </DLL> -<KERNELOBJ> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Windows\System32\Drivers\dump_iaStor.sys" MemSize="11D000" Base="3400000"/> </KERNELOBJ> -<Service> <ITEM CheckResult="-1" File="getPlusHelper.sys" State="1" Type="16" Name="getPlusHelper"/> </Service> -<Drivers> <ITEM CheckResult="-1" File="C:\Windows\SystemRoot\system32\drivers\pciide.sys" State="4" Type="1" Name="pciide"/> <ITEM CheckResult="-1" File="Beep.sys" State="1" Type="1" Name="Beep"/> <ITEM CheckResult="-1" File="C:\ComboFix\catchme.sys" State="1" Type="1" Name="catchme"/> <ITEM CheckResult="-1" File="C:\Windows\system32\DRIVERS\ipinip.sys" State="1" Type="1" Name="IpInIp"/> <ITEM CheckResult="-1" File="C:\Windows\system32\DRIVERS\nwlnkflt.sys" State="1" Type="1" Name="NwlnkFlt"/> <ITEM CheckResult="-1" File="C:\Windows\system32\DRIVERS\nwlnkfwd.sys" State="1" Type="1" Name="NwlnkFwd"/> </Drivers> -<AUTORUN> <ITEM CheckResult="-1" File="C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll" Type="REG" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\getPlusHelper\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/> <ITEM CheckResult="-1" File="C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe" Type="REG" X3="WMPNSCFG" X2="S-1-5-21-1333505757-1763978000-435599805-1000\Software\Microsoft\Windows\CurrentVersion\Run" X1="HKEY_USERS" Enabled="1"/> <ITEM CheckResult="-1" File="C:\Users\Heather\AppData\Local\Temp\_uninst_00175932.bat" Type="LNK" X3="" X2="C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_00175932.lnk" X1="C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\" Enabled="1"/> <ITEM CheckResult="-1" File="C:\Users\Heather\AppData\Local\Temp\_uninst_55061588.bat" MD5="EC39B674075819AC33CA9D154C54BBDF" ChageDate="22.08.2011 11:31:34" CreateDate="22.08.2011 11:31:33" Attr="rsAh" Size="372" Type="LNK" X3="" X2="C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_55061588.lnk" X1="C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\" Enabled="1"/> <ITEM CheckResult="-1" File="C:\Users\Heather\AppData\Local\Temp\_uninst_85729083.bat" Type="LNK" X3="" X2="C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_85729083.lnk" X1="C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\" Enabled="1"/> <ITEM CheckResult="-1" File="C:\WindowsSystem32\IoLogMsg.dll" Type="REG" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\vsmraid" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/> <ITEM CheckResult="-1" File="C:\Windows\System32\appmgmts.dll" Type="REG" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/> <ITEM CheckResult="-1" File="C:\Windows\System32\igmpv2.dll" Type="REG" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/> <ITEM CheckResult="-1" File="C:\Windows\System32\ipbootp.dll" Type="REG" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/> <ITEM CheckResult="-1" File="C:\Windows\System32\iprip2.dll" Type="REG" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/> <ITEM CheckResult="-1" File="C:\Windows\System32\ws03res.dll" Type="REG" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPNATHLP" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/> <ITEM CheckResult="-1" File="C:\Windows\system32\psxss.exe" Type="REG" X3="Posix" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/> <ITEM CheckResult="-1" File="SDEvents.dll" Type="REG" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Spybot - Search & Destroy 2" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/> <ITEM CheckResult="-1" File="igfxdev.dll" Type="REG" X3="DLLName" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" X1="HKEY_LOCAL_MACHINE" Enabled="1"/> <ITEM CheckResult="-1" File="rdpclip" Type="REG" X3="StartupPrograms" X2="System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd" X1="HKEY_LOCAL_MACHINE" Enabled="1"/> </AUTORUN> -<BHO> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{555D4D79-4BD2-4094-A395-CFC534424A05}" RegKey="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars" BHOType="5"/> </BHO> -<ExplorerExt> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="IE User Assist" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{00020d75-0000-0000-c000-000000000046}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="lnkfile" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{b2c761c6-29bc-4f19-9251-e6195265baf1}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Color Control Panel Applet" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{7A979262-40CE-46ff-AEEE-7884AC3B6136}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Add New Hardware" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{3e7efb4c-faf1-453d-89eb-56026875ef90}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Get Programs Online" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{0DF44EAA-FF21-4412-828E-260A8728E7F1}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Taskbar and Start Menu" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{1b24a030-9b20-49bc-97ac-1be4426f9e59}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="ActiveDirectory Folder" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{34449847-FD14-4fc8-A75A-7432F5181EFB}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="ActiveDirectory Folder" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{C8494E42-ACDD-4739-B0FB-217361E4894F}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Sam Account Folder" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{E29F9716-5C08-4FCD-955A-119FDB5A522D}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Sam Account Folder" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Control Panel command object for Start menu" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{E44E5D18-0652-4508-A4E2-8A090067BCB0}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Default Programs command object for Start menu" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{6dfd7c5c-2451-11d3-a299-00c04f8ef6af}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Folder Options" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{2C2577C2-63A7-40e3-9B7F-586602617ECB}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Explorer Query Band" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="View Available Networks" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Contacts folder" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{fcfeecae-ee1b-4849-ae50-685dcf7717ec}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Problem Reports and Solutions" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{4026492f-2f69-46b8-b9bf-5654fc07e423}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Windows Firewall" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{a304259d-52b8-4526-8b1a-a1d6cecc8243}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="iSCSI Initiator" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{911051fa-c21c-4246-b470-070cd8df6dc4}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName=".cab or .zip files" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{da67b8ad-e81b-4c70-9b91b417b5e33527}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Windows Search Shell Service" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Microsoft.ScannersAndCameras" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="emdmgmt.dll" Enabled="1" CLSID="{BB6B2374-3D79-41DB-87F4-896C91846510}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="EMDFileProperties" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{37efd44d-ef8d-41b1-940d-96973a50e9e0}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Windows Sidebar Properties" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{67718415-c450-4f3c-bf8a-b487642dc39b}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Windows Features" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{d8559eb9-20c0-410e-beda-7ed416aecc2a}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Windows Defender" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{5ea4f148-308c-46d7-98a9-49041b1dd468}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Mobility Center Control Panel" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Program Files (x86)\Common Files\microsoft shared\ink\TipBand.dll" Enabled="1" CLSID="{15D633E2-AD00-465b-9EC7-F56B7CDF8E27}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Tablet PC Input Panel" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{7A9D77BD-5403-11d2-8785-2E0420524153}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="User Accounts" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{F9DB5320-233E-11D1-9F84-707F02C10627}" RegKey="SOFTWARE\Classes\Folder\shellex\ColumnHandlers" ExtName="ColumnHandler" ExtType="2"/> </ExplorerExt> -<PrintEXT> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="cpwmon64.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="hpz3l5mu.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="inetpp.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Providers"/> </PrintEXT> <TaskScheduler> </TaskScheduler> -<SPI> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Network Location Awareness 2" CheckResult="-1" File="C:\Windows\system32\NLAapi.dll" MD5="D1A84F7D4CAFCFE2A32149FF418056E5" ChageDate="20.01.2008 19:51:08" CreateDate="20.01.2008 19:51:08" Attr="rsAh" Size="48128" SPINaim="@%SystemRoot%\system32\nlasvc.dll,-1000" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="E-mail Naming Shim Provider" CheckResult="-1" File="C:\Windows\system32\napinsp.dll" MD5="FC62A635063B762E1C3C60EA77279378" ChageDate="20.01.2008 19:49:49" CreateDate="20.01.2008 19:49:49" Attr="rsAh" Size="50176" SPINaim="@%SystemRoot%\system32\napinsp.dll,-1000" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="PNRP Name Space Provider" CheckResult="-1" File="C:\Windows\system32\pnrpnsp.dll" MD5="690D41DF1D555F96D4898A0F54EBA065" ChageDate="20.01.2008 19:52:02" CreateDate="20.01.2008 19:52:02" Attr="rsAh" Size="62464" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1000" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="PNRP Name Space Provider" CheckResult="-1" File="C:\Windows\system32\pnrpnsp.dll" MD5="690D41DF1D555F96D4898A0F54EBA065" ChageDate="20.01.2008 19:52:02" CreateDate="20.01.2008 19:52:02" Attr="rsAh" Size="62464" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1001" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\System32\mswsock.dll" MD5="8617350C9B590B63E620881092751BCB" ChageDate="10.04.2009 23:28:22" CreateDate="06.12.2009 13:39:05" Attr="rsAh" Size="223232" SPINaim="@%SystemRoot%\system32\wshtcpip.dll,-60103" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="LDAP RnR Provider DLL" CheckResult="-1" File="C:\Windows\System32\winrnr.dll" MD5="C411C80F90D6732380352B98B37BBD53" ChageDate="10.04.2009 23:28:25" CreateDate="06.12.2009 13:37:56" Attr="rsAh" Size="19968" SPINaim="NTDS" SPIType="1"/> <ITEM LegalCopyright="Copyright © 2003-2011 Apple Inc." Descr="Bonjour Namespace Provider" CheckResult="-1" File="C:\Program Files (x86)\Bonjour\mdnsNSP.dll" MD5="2B81226910F765A9191EB9DB93743237" ChageDate="12.07.2011 11:20:50" CreateDate="12.07.2011 11:20:50" Attr="rsAh" Size="121704" SPINaim="mdnsNSP" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8617350C9B590B63E620881092751BCB" ChageDate="10.04.2009 23:28:22" CreateDate="06.12.2009 13:39:05" Attr="rsAh" Size="223232" SPINaim="@%SystemRoot%\System32\wship6.dll,-60100" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8617350C9B590B63E620881092751BCB" ChageDate="10.04.2009 23:28:22" CreateDate="06.12.2009 13:39:05" Attr="rsAh" Size="223232" SPINaim="@%SystemRoot%\System32\wship6.dll,-60101" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8617350C9B590B63E620881092751BCB" ChageDate="10.04.2009 23:28:22" CreateDate="06.12.2009 13:39:05" Attr="rsAh" Size="223232" SPINaim="@%SystemRoot%\System32\wship6.dll,-60102" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8617350C9B590B63E620881092751BCB" ChageDate="10.04.2009 23:28:22" CreateDate="06.12.2009 13:39:05" Attr="rsAh" Size="223232" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60100" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8617350C9B590B63E620881092751BCB" ChageDate="10.04.2009 23:28:22" CreateDate="06.12.2009 13:39:05" Attr="rsAh" Size="223232" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60101" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8617350C9B590B63E620881092751BCB" ChageDate="10.04.2009 23:28:22" CreateDate="06.12.2009 13:39:05" Attr="rsAh" Size="223232" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60102" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8617350C9B590B63E620881092751BCB" ChageDate="10.04.2009 23:28:22" CreateDate="06.12.2009 13:39:05" Attr="rsAh" Size="223232" SPINaim="@%SystemRoot%\System32\wshqos.dll,-100" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8617350C9B590B63E620881092751BCB" ChageDate="10.04.2009 23:28:22" CreateDate="06.12.2009 13:39:05" Attr="rsAh" Size="223232" SPINaim="@%SystemRoot%\System32\wshqos.dll,-101" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8617350C9B590B63E620881092751BCB" ChageDate="10.04.2009 23:28:22" CreateDate="06.12.2009 13:39:05" Attr="rsAh" Size="223232" SPINaim="@%SystemRoot%\System32\wshqos.dll,-102" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8617350C9B590B63E620881092751BCB" ChageDate="10.04.2009 23:28:22" CreateDate="06.12.2009 13:39:05" Attr="rsAh" Size="223232" SPINaim="@%SystemRoot%\System32\wshqos.dll,-103" SPIType="3"/> </SPI> <DPF> </DPF> -<CPL> <ITEM LegalCopyright="Copyright © 1996-2010 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries." Descr="Adobe Flash Player Control Panel Applet" CheckResult="-1" File="C:\Windows\system32\FlashPlayerCPLApp.cpl" MD5="DA5F446833C250558EF9435DF24D4AD9" ChageDate="22.08.2011 11:27:28" CreateDate="16.05.2011 10:41:43" Attr="rsAh" Size="404640" Enabled="1"/> </CPL> <ActiveSetup> </ActiveSetup> -<HOSTS> <ITEM Line="127.0.0.1 localhost"/> </HOSTS> -<ProtocolExt> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload"/> </ProtocolExt> -<IPU> <ITEM X2="@%SystemRoot%\System32\termsrv.dll,-268" X1="TermService" Code="1"/> <ITEM X2="@%systemroot%\system32\ssdpsrv.dll,-100" X1="SSDPSRV" Code="1"/> <ITEM X2="@%SystemRoot%\system32\schedsvc.dll,-100" X1="Schedule" Code="1"/> <ITEM Code="2"/> <ITEM Code="3"/> <ITEM Code="5"/> <ITEM X1="-1" Code="8"/> </IPU> -<WIZARD-TSW> <ITEM Fixed="0" Level="3" ID="58"/> <ITEM Fixed="0" Level="3" ID="59"/> <ITEM Fixed="0" Level="1" ID="60"/> <ITEM Fixed="0" Level="2" ID="61"/> </WIZARD-TSW> </AVZ>
  • 0

#13
Essexboy
Posted 22 August 2011 - 12:52 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you attach the entire zip file please as that is where I will do my analysis

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#14
Essexboy
Posted 26 August 2011 - 09:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP