Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

iexplore.exe process often uses 100% CPU [Closed]

Started by Opa the Openminded , Oct 14 2011 10:29 PM

  • This topic is locked This topic is locked

#1
Opa the Openminded
Posted 14 October 2011 - 10:29 PM

Opa the Openminded

    Member

  • Member
  • PipPip
  • 29 posts
The issue I am experiencing is that while in Task Manager's Processes tab, I've noticed that i have TWO versions of iexplore.exe as well as an additional process called explorer.exe. One of the iexplore.exe processes is using an average of 19,000 K of Memory while the other uses 200,000+ K of Memory. I fear this may be a virus/malware. Often times my web browsing slows to a crawl due to this issue. Additionally, I intended to download a geekstogo.com recommended OTL.exe (i believe that was the name) which shows a log of the computer for you professionals to analyze, however my anti-virus alerted a warning after downloading it and placed it into the sand box for security. Thank you for your potential services :) , any advice for me?

P.S. I just today downloaded Comodor firewall and already have had avast! anti-virus installed and running, neither of which has detected or alerted any problems.
  • 0

Advertisements

#2
SweetTech
Posted 20 October 2011 - 10:47 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :yes:

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.



NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



What issues are you currently experiencing with your computer?
  • 0

#3
Opa the Openminded
Posted 23 October 2011 - 12:54 AM

Opa the Openminded

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
First off, thank you so much for providing your services Agent ST, the appreciation is sincere. I appologize for the delayed response, I was away from my home the last 2 days, and I will again be leaving tomorrow morning until late Monday evening for a mountain biking adventure in Big Bear Mountain, CA (hence the profile pic). I am in the process of doing laundry and preparing right now as I have an early morning tomorrow, however while I am doing that I will simultaniously be following the steps you provided. Hopefully, if time permits I will have the results posted tonight before finally heading to bed. If not I hope you can have patience with me until Tuesday morning. I will begin the process.......NOW!
  • 0

#4
Opa the Openminded
Posted 23 October 2011 - 03:59 AM

Opa the Openminded

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Well I ran GMER and it did crash, so I restarted in Safe Mode, then re-ran GMER and it crashed a 2nd time. I will be back monday night as stated to continue working on this issue.

If it is any help, the Error Report Contents had these 2 files listed:
C:\DOCUME~1\Jason\LOCALS~1\Temp\WER4a04.dir00\Mini102311-01.dmp
C:\DOCUME~1\Jason\LOCALS~1\Temp\WER4a04.dir00\sysdata.xml

On Monday evening I will attempt to run GMER again, this time un-checking Devices before running the scan. Would this be better done in safe mode, or under standard conditions? Thank you again, enjoy the rest of the weekend!



**Also, I noticed you asked what issues I am currently experiencing with my computer. At times the computer runs very slowly, typically when I have an interet page open. I've noticed that when I have only one page open my Task Manager Process tab shows 2 iexplore.exe, with one of them often going to 250,000+ K CPU, using 100% of my computer's resources. The other iexplore.exe never uses more than 20,000 at maximum. We have had this computer for some years and I fear that there are viruses on it.
  • 0

#5
SweetTech
Posted 23 October 2011 - 10:41 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Okay, that's fine. I'll see you on Tuesday.

On Monday evening I will attempt to run GMER again, this time un-checking Devices before running the scan. Would this be better done in safe mode, or under standard conditions? Thank you again, enjoy the rest of the weekend!

I'd try doing it in Normal mode and if that still doesn't work try Safe Mode.
  • 0

#6
Opa the Openminded
Posted 25 October 2011 - 01:04 AM

Opa the Openminded

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
The biking trip was a success (besides the deep cuts to both shins, that mountain is unforgiving), thanks again for your patience with working on this issue.


I ran GMER a 3rd time, this time unchecking Devices as well, and as with the first two attempts my computer crashed. I should note that GMER does not crash right at the beginning of the scan, but instead scans many files for a period of 30mins to an hour before ultimately crashing.

Also, I noticed the instructions you provided said to uncheck the "Drives/Partition other than System drive (typically C:\)." Below the "files" check box, there is an area box which only contains only "C:\" however, directly under that, and above the check-box "show all" there is a check box for "ADS", so my question is should i be Un-checking ADS as well?


Finally, since the initial computer crashing, music I attempt to play on my computer has been playing slower than it should be. This occurs regardless of whether the music is from youtube.com or stored on my computer.
  • 0

#7
SweetTech
Posted 25 October 2011 - 11:14 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
No problem!

Lets skip GMER for now. I'd like to have you run the OTL instructions and post the logs for me to review.
  • 0

#8
Opa the Openminded
Posted 25 October 2011 - 04:15 PM

Opa the Openminded

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ok, it took me almost 3 hours to run the OTL, partially because I had to download it at least 3 different times as I could not seem to locate the file after it had downloaded. While running my firewall continuously warned me that protected root keys were being altered, is this normal?



Well, here are the results...

OTL.txt:

OTL logfile created on: 10/25/2011 2:36:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jason\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 265.91 Mb Available Physical Memory | 52.14% Memory free
1.22 Gb Paging File | 0.78 Gb Available in Paging File | 63.92% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.00 Gb Total Space | 11.04 Gb Free Space | 15.55% Space Free | Partition Type: NTFS

Computer Name: VICKID9YYCZ61 | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/25 14:30:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
PRC - [2011/10/07 18:47:14 | 001,883,328 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/10/07 18:46:50 | 002,497,864 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/09/06 13:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/05/25 20:43:20 | 000,986,936 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
PRC - [2011/05/25 20:43:20 | 000,154,424 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
PRC - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/26 12:39:04 | 000,118,784 | ---- | M] (Visioneer Inc) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/25 09:26:20 | 001,602,560 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11102501\algo.dll
MOD - [2011/10/24 15:04:00 | 001,601,024 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11102402\algo.dll
MOD - [2011/10/21 06:48:06 | 000,239,432 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11102501\aswRep.dll
MOD - [2011/10/21 06:48:06 | 000,239,432 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11102402\aswRep.dll
MOD - [2011/05/25 20:43:26 | 001,764,664 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\Socket\Export.dll
MOD - [2011/05/25 20:43:24 | 004,284,728 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\Socket\Adaptor.dll
MOD - [2011/05/25 20:43:24 | 002,086,200 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\GuiListener\export.dll
MOD - [2011/05/25 20:43:24 | 000,339,768 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\RemoteDesktop\Export.dll
MOD - [2011/05/25 20:43:24 | 000,328,504 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\EventMonitor\export.dll
MOD - [2011/05/25 20:43:24 | 000,126,776 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\EventMonitor\EventMonitor.dll
MOD - [2011/05/25 20:43:24 | 000,049,976 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\RemoteDesktop\ShHook.dll
MOD - [2011/05/25 20:43:22 | 001,131,320 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPS_RES.dll
MOD - [2011/05/25 20:43:22 | 000,464,184 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\Components\Core\CRF\export.dll
MOD - [2011/05/25 20:43:20 | 000,019,768 | ---- | M] () -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLANG.dll
MOD - [2009/01/18 15:50:02 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll
MOD - [2004/04/11 18:57:44 | 000,040,960 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DirWatcher.dll
MOD - [2003/07/29 06:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\DLBCPP5C.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (KodakCCS)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/07 18:47:14 | 001,883,328 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/05/25 20:43:20 | 000,154,424 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2010/04/14 07:16:16 | 000,078,104 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/01/26 12:39:04 | 000,118,784 | ---- | M] (Visioneer Inc) [Auto | Running] -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 18:48:04 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/10/07 18:48:02 | 000,492,768 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cmdGuard.sys -- (cmdGuard)
DRV - [2011/10/07 18:48:02 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cmdhlp.sys -- (cmdHlp)
DRV - [2011/09/06 13:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 13:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 13:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 13:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 13:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 13:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 13:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/07/31 03:00:11 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/07/31 02:42:50 | 000,643,072 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/06/15 21:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 21:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 21:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 21:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 6B 29 0D C0 75 44 0E 44 A0 26 CA A0 C1 A3 09 3E [binary data]
IE - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found
IE - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0847}:1.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {3797B287-C572-4102-8A9C-132E61BEB95D}:1.0
FF - prefs.js..extensions.enabledItems: {83109441-5AC6-4BFE-8DEA-ED07639468C0}:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ksolo.com/AVX: C:\Program Files\kSolo\npAVX.dll (kSolo, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Vicki\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3797B287-C572-4102-8A9C-132E61BEB95D}: C:\Documents and Settings\Jason\Local Settings\Application Data\{3797B287-C572-4102-8A9C-132E61BEB95D} [2009/04/13 20:26:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{83109441-5AC6-4BFE-8DEA-ED07639468C0}: C:\Documents and Settings\Vicki\Local Settings\Application Data\{83109441-5AC6-4BFE-8DEA-ED07639468C0} [2009/04/13 22:37:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2010/05/14 16:21:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/11 21:51:49 | 000,000,000 | ---D | M]

[2008/12/17 22:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Extensions
[2010/03/07 01:50:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\hq0x1lal.default\extensions
[2010/03/07 01:50:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\hq0x1lal.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/09/23 23:29:13 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\hq0x1lal.default\extensions\[email protected]
[2010/07/28 14:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/28 18:28:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/06/17 21:03:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/04/13 20:26:02 | 000,000,000 | ---D | M] (XUL Cache) -- C:\DOCUMENTS AND SETTINGS\JASON\LOCAL SETTINGS\APPLICATION DATA\{3797B287-C572-4102-8A9C-132E61BEB95D}
[2009/04/13 22:37:59 | 000,000,000 | ---D | M] (XUL Cache) -- C:\DOCUMENTS AND SETTINGS\VICKI\LOCAL SETTINGS\APPLICATION DATA\{83109441-5AC6-4BFE-8DEA-ED07639468C0}
[2010/05/14 16:21:12 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAM FILES\IWIN GAMES\FIREFOX
[2010/06/17 21:03:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/04/17 14:15:18 | 000,001,025 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Reg Error: Value error.) - {78e49503-204b-402f-aa32-9e2cf36b3e75} - C:\WINDOWS\system32\pjvdrssv.dll File not found
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Reg Error: Value error.) - {ac365747-9f63-41a1-a871-1cdeac1c6b63} - C:\WINDOWS\system32\katowola.dll File not found
O2 - BHO: (Reg Error: Value error.) - {c00d296b-4475-440e-a026-caa0c1a3093e} - C:\WINDOWS\system32\pjvdrssv.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\S-1-5-19..\Run: [hepupewika] Rundll32.exe "C:\WINDOWS\system32\nodedeje.dll",s File not found
O4 - HKU\S-1-5-20..\Run: [hepupewika] Rundll32.exe "C:\WINDOWS\system32\nodedeje.dll",s File not found
O4 - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized File not found
O4 - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007..\Run: [MSKAGENTEXE] c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html File not found
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} http://134.139.136.21/VatDec.cab (VatCtrl Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1273054495634 (WUWebControl Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://targetphoto.k..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://targetphoto.k..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://www.taxsimpl...tsweb/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96486288-8BF8-4BB6-8A38-779EB18FC612}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96486288-8BF8-4BB6-8A38-779EB18FC612}: NameServer = 8.26.56.26,156.154.70.22
O20 - AppInit_DLLs: (C:\WINDOWS\system32\dutuhabe.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\SYSTEM32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6f7de5b4-33b5-11de-afd0-001111e8bd8b}\Shell - "" = AutoRun
O33 - MountPoints2\{6f7de5b4-33b5-11de-afd0-001111e8bd8b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6f7de5b4-33b5-11de-afd0-001111e8bd8b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/25 14:29:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
[2011/10/18 18:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\My Documents\MyBuisness
[2011/10/15 20:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\join.me
[2011/10/14 17:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
[2011/10/14 17:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2011/10/14 17:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2011/10/14 16:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/10/14 16:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2011/10/14 00:49:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\My Documents\My PSP Files
[2011/10/09 13:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\My Documents\New Folder
[2011/10/08 21:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\My Documents\Computer's Random Files
[2011/10/08 17:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\My Documents\Free Abandonware GAMES
[2011/10/07 18:48:04 | 000,097,760 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/10/07 18:48:02 | 000,492,768 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/10/07 18:48:02 | 000,031,704 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/10/07 18:48:00 | 000,018,056 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/10/07 18:47:12 | 000,300,200 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2011/10/07 18:47:12 | 000,033,984 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2011/10/04 04:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\DOSBox
[2011/10/04 04:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DOSBox-0.74
[2011/10/04 04:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74
[2011/09/29 12:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\HpUpdate
[2011/09/28 03:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\AppClient
[2011/09/28 03:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Start Menu\Programs\Free Game Empire
[2011/09/28 03:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\Deployment
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/25 14:55:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7EDD6984-8BD9-4A09-96D9-A5B025419E15}.job
[2011/10/25 14:30:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
[2011/10/25 10:03:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/10/25 10:00:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/10/25 10:00:04 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/23 21:16:41 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2011/10/22 23:59:12 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\gmer.exe
[2011/10/22 21:10:16 | 000,146,432 | ---- | M] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/22 20:48:02 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/15 20:32:22 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\join.me.lnk
[2011/10/14 17:02:40 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2011/10/14 17:00:20 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2011/10/14 17:00:20 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO GeekBuddy.lnk
[2011/10/14 15:38:35 | 000,319,232 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2011/10/13 11:53:12 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/13 11:31:23 | 000,205,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/13 03:44:30 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/13 03:42:53 | 000,443,202 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/10/13 03:42:53 | 000,072,276 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/10/07 18:48:04 | 000,097,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/10/07 18:48:02 | 000,492,768 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/10/07 18:48:02 | 000,031,704 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/10/07 18:48:00 | 000,018,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/10/07 18:47:12 | 000,300,200 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2011/10/07 18:47:12 | 000,033,984 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2011/10/06 14:33:26 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/04 04:38:36 | 001,146,943 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\STEEL.EXE
[2011/10/04 04:01:55 | 000,001,581 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DOSBox 0.74.lnk
[2011/10/03 01:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/09/26 11:41:20 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/23 02:27:41 | 534,827,008 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/15 20:32:22 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\join.me.lnk
[2011/10/15 20:32:19 | 000,000,907 | ---- | C] () -- C:\Documents and Settings\Jason\Start Menu\Programs\join.me.lnk
[2011/10/14 17:02:40 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2011/10/14 17:00:20 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2011/10/14 17:00:20 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO GeekBuddy.lnk
[2011/10/04 04:41:06 | 001,146,943 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\STEEL.EXE
[2011/10/04 04:01:55 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DOSBox 0.74.lnk
[2011/09/11 21:42:37 | 000,168,282 | ---- | C] () -- C:\WINDOWS\hphins33.dat
[2011/09/11 21:42:36 | 000,000,512 | ---- | C] () -- C:\WINDOWS\hphmdl33.dat
[2011/04/11 22:01:18 | 000,365,328 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/08 00:45:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\~tmp.INI
[2009/04/18 00:29:11 | 001,419,818 | -HS- | C] () -- C:\WINDOWS\System32\ewulanev.ini
[2009/04/18 00:17:29 | 000,005,018 | -HS- | C] () -- C:\WINDOWS\System32\vuyohasu.dll
[2009/04/18 00:17:28 | 000,005,018 | -HS- | C] () -- C:\WINDOWS\System32\zodezaru.exe
[2009/04/17 12:16:36 | 001,410,532 | -HS- | C] () -- C:\WINDOWS\System32\efipepet.ini
[2009/04/16 02:21:25 | 001,412,293 | -HS- | C] () -- C:\WINDOWS\System32\owejujud.ini
[2009/04/15 12:42:58 | 001,407,744 | -HS- | C] () -- C:\WINDOWS\System32\uporiwum.ini
[2009/04/14 10:41:44 | 001,416,481 | -HS- | C] () -- C:\WINDOWS\System32\opinomab.ini
[2009/04/13 20:26:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hxocidu.bin
[2009/04/13 20:13:48 | 001,404,782 | -HS- | C] () -- C:\WINDOWS\System32\ubogopus.ini
[2008/09/10 01:00:05 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/07/14 01:52:51 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/10/03 23:32:36 | 000,000,131 | ---- | C] () -- C:\WINDOWS\chess.ini
[2007/06/03 23:06:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/06/01 12:10:38 | 000,000,072 | ---- | C] () -- C:\WINDOWS\JascCmdFile.INI
[2007/05/29 20:08:24 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/05/29 20:08:24 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/05/29 20:08:24 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/05/23 22:20:01 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/21 02:59:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/03/19 16:45:08 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Vicki.ini
[2007/03/16 17:05:33 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\73648-88365-27475-00IP7-22847
[2007/02/20 04:25:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/17 21:06:01 | 000,165,376 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2007/02/17 21:05:27 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/11/01 01:31:50 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006/11/01 01:31:50 | 000,006,565 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006/11/01 01:31:50 | 000,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2006/07/31 03:00:11 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/07/31 02:42:50 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd2413.sys
[2006/01/15 15:05:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/12/05 18:57:29 | 000,459,132 | -HS- | C] () -- C:\WINDOWS\System32\oqtwa.ini
[2005/11/04 17:58:04 | 000,486,252 | -HS- | C] () -- C:\WINDOWS\System32\oqtwa.ini2
[2005/09/27 19:40:22 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/04/21 12:37:29 | 000,000,297 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/04/18 12:57:06 | 000,000,135 | ---- | C] () -- C:\WINDOWS\disney.ini
[2005/04/09 18:30:46 | 000,000,474 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/04/06 19:00:30 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/04/05 03:37:01 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\PFP120JPR.{PB
[2005/04/05 03:37:01 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\PFP120JCM.{PB
[2005/03/31 00:39:08 | 000,146,432 | ---- | C] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/27 03:11:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/03/26 19:01:09 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/03/26 18:54:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SpecCheck.INI
[2005/03/22 13:52:31 | 000,000,503 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2005/03/20 02:37:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2005/03/19 00:49:31 | 000,000,065 | ---- | C] () -- C:\WINDOWS\SOLANTIC.INI
[2005/03/17 21:09:04 | 000,000,649 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/03/11 09:43:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/11 09:41:43 | 000,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/11 09:37:16 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/03/11 09:20:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/03/11 09:18:54 | 000,443,202 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/03/11 09:18:54 | 000,072,276 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/03/11 09:00:44 | 000,000,370 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 21:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 12:08:08 | 000,205,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:02:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 09:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/10 09:08:26 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 04:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 15:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/02/10 12:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 12:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2002/03/04 11:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/09/06 15:42:54 | 000,000,036 | ---- | C] () -- C:\WINDOWS\A3W.ini
[1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DD00E73
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21317552

< End of report >













And here is the Extras.txt:

OTL Extras logfile created on: 10/25/2011 2:36:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jason\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 265.91 Mb Available Physical Memory | 52.14% Memory free
1.22 Gb Paging File | 0.78 Gb Available in Paging File | 63.92% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.00 Gb Total Space | 11.04 Gb Free Space | 15.55% Space Free | Partition Type: NTFS

Computer Name: VICKID9YYCZ61 | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Disabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Disabled:Blizzard Downloader
"C:\Sierra\Counter-Strike\cstrike.exe" = C:\Sierra\Counter-Strike\cstrike.exe:*:Disabled:CounterStrike Launcher
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Disabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Disabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Disabled:hpqusgh.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Disabled:hpqusgm.exe
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Disabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire
"C:\Program Files\Sierra On-Line\SIGSPat.exe" = C:\Program Files\Sierra On-Line\SIGSPat.exe:*:Disabled:SIGSPat -- (Havas Interactive)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Disabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{343A1706-26A4-45EA-88CF-37CA172B0F27}" = D1600
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAB2511-0135-48CA-A47B-CE1E6836793A}" = COMODO Internet Security
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{88D577B1-3E9D-4281-BD99-9107669CE4ED}" = PaperPort
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90260409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E35285C2-816C-41DF-99D2-FABA97516E3C}" = OneTouch 4.0
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"ASIO4ALL" = ASIO4ALL
"avast" = avast! Free Antivirus
"Bicycle Card Games 1.0" = Bicycle Card Games
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSX130IS" = Canon PowerShot SX130 IS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Collab" = Collab
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"COMODO GeekBuddy" = COMODO GeekBuddy
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell Photo Printer 720" = Dell Photo Printer 720
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"ie8" = Windows Internet Explorer 8
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"iWinArcade" = iWin Games (remove only)
"Jasc Paint Shop Pro Studio GDI+ Patch" = Jasc Paint Shop Pro Studio GDI+ Patch
"Jasc Paint Shop Pro Studio.01 Patch" = Jasc Paint Shop Pro Studio.01 Patch
"kSolo" = kSolo Recorder
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"Personal Ancestral File Companion 5.1.5" = Personal Ancestral File Companion 5.1.5
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel® PRO Network Adapters and Drivers
"Serif DrawPlus 3.0" = Serif DrawPlus 3.0
"Shop for HP Supplies" = Shop for HP Supplies
"Sierra Utilities" = Sierra Utilities
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Ultimate Mahjongg 10" = Ultimate Mahjongg 10
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1737155720-1533574543-4294304635-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"80b77bf0c209b804" = Emulator Starter
"JoinMe" = join.me
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/9/2011 7:44:17 PM | Computer Name = VICKID9YYCZ61 | Source = Application Error | ID = 1000
Description = Faulting application ign_win.exe, version 0.0.0.0, faulting module
ign_win.exe, version 0.0.0.0, fault address 0x00040c1a.

Error - 10/11/2011 2:16:03 AM | Computer Name = VICKID9YYCZ61 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/11/2011 2:16:03 AM | Computer Name = VICKID9YYCZ61 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2011 9:44:55 PM | Computer Name = VICKID9YYCZ61 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2011 9:44:55 PM | Computer Name = VICKID9YYCZ61 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/14/2011 11:23:48 PM | Computer Name = VICKID9YYCZ61 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/14/2011 11:23:48 PM | Computer Name = VICKID9YYCZ61 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/20/2011 12:19:36 AM | Computer Name = VICKID9YYCZ61 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/20/2011 12:19:37 AM | Computer Name = VICKID9YYCZ61 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/25/2011 4:18:18 PM | Computer Name = VICKID9YYCZ61 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/25/2011 1:20:00 AM | Computer Name = VICKID9YYCZ61 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000009A'
while processing the file 'Logging.log' on the volume 'HarddiskVolume2'. It has
stopped monitoring the volume.

Error - 10/25/2011 1:20:56 AM | Computer Name = VICKID9YYCZ61 | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 10/25/2011 1:21:41 AM | Computer Name = VICKID9YYCZ61 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error
message: Insufficient system resources exist to complete the requested service.
.

Error - 10/25/2011 1:21:41 AM | Computer Name = VICKID9YYCZ61 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll.
Reference
error message: The operation completed successfully. .

Error - 10/25/2011 1:31:33 AM | Computer Name = VICKID9YYCZ61 | Source = System Error | ID = 1003
Description = Error code 000000c2, parameter1 00000040, parameter2 00000000, parameter3
80000000, parameter4 00000000.

Error - 10/25/2011 4:57:54 AM | Computer Name = VICKID9YYCZ61 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service YahooAUService
with arguments "" in order to run the server: {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}

Error - 10/25/2011 4:57:54 AM | Computer Name = VICKID9YYCZ61 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service YahooAUService
with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3}

Error - 10/25/2011 4:57:54 AM | Computer Name = VICKID9YYCZ61 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service YahooAUService
with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3}

Error - 10/25/2011 4:57:54 AM | Computer Name = VICKID9YYCZ61 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service YahooAUService
with arguments "" in order to run the server: {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}

Error - 10/25/2011 5:37:38 AM | Computer Name = VICKID9YYCZ61 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service YahooAUService
with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3}


< End of report >
  • 0

#9
SweetTech
Posted 25 October 2011 - 08:24 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

When you ran the OTL scan it really should not have altered anything. Did it provide any other information on what exactly was being detected and where it was located?

Among many things in your logs, I'm seeing some malicious Firefox Extension entries (2 to be exact). I'm also seeing that your host file was hijacked by malware. I am also seeing a bunch of entries that appear to be malicious, but appear to be orphaned entries. I'll be removing those as well as other malicious files using an OTL fix below.

Do you recognize this file?

[2011/10/04 04:38:36 | 001,146,943 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\STEEL.EXE

____________________________________________________

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
:Processes
KILLALLPROCESSES
:OTL
IE - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found
[2010/06/17 21:03:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/04/13 20:26:02 | 000,000,000 | ---D | M] (XUL Cache) -- C:\DOCUMENTS AND SETTINGS\JASON\LOCAL SETTINGS\APPLICATION DATA\{3797B287-C572-4102-8A9C-132E61BEB95D}
[2009/04/13 22:37:59 | 000,000,000 | ---D | M] (XUL Cache) -- C:\DOCUMENTS AND SETTINGS\VICKI\LOCAL SETTINGS\APPLICATION DATA\{83109441-5AC6-4BFE-8DEA-ED07639468C0}
O1 - Hosts: 82.98.231.89	best-click-scanner.info
O1 - Hosts: 82.98.231.89	antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89	microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89	microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89	onlinenotifyq.net
O1 - Hosts: 82.98.231.89	antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89	microsoft.browser-security-center.com
O2 - BHO: (no name) - {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {78e49503-204b-402f-aa32-9e2cf36b3e75} - C:\WINDOWS\system32\pjvdrssv.dll File not found
O2 - BHO: (Reg Error: Value error.) - {ac365747-9f63-41a1-a871-1cdeac1c6b63} - C:\WINDOWS\system32\katowola.dll File not found
O2 - BHO: (Reg Error: Value error.) - {c00d296b-4475-440e-a026-caa0c1a3093e} - C:\WINDOWS\system32\pjvdrssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\Run: [hepupewika] Rundll32.exe "C:\WINDOWS\system32\nodedeje.dll",s File not found
O4 - HKU\S-1-5-20..\Run: [hepupewika] Rundll32.exe "C:\WINDOWS\system32\nodedeje.dll",s File not found
O4 - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized File not found
O4 - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007..\Run: [MSKAGENTEXE] c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe File not found
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1737155720-1533574543-4294304635-1007\Software\Policies\Microsoft\Internet Explorer\restrictions present
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html File not found
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\dutuhabe.dll) - File not found
O33 - MountPoints2\{6f7de5b4-33b5-11de-afd0-001111e8bd8b}\Shell - "" = AutoRun
O33 - MountPoints2\{6f7de5b4-33b5-11de-afd0-001111e8bd8b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6f7de5b4-33b5-11de-afd0-001111e8bd8b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2011/04/08 00:45:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\~tmp.INI
[2009/04/18 00:29:11 | 001,419,818 | -HS- | C] () -- C:\WINDOWS\System32\ewulanev.ini
[2009/04/18 00:17:29 | 000,005,018 | -HS- | C] () -- C:\WINDOWS\System32\vuyohasu.dll
[2009/04/18 00:17:28 | 000,005,018 | -HS- | C] () -- C:\WINDOWS\System32\zodezaru.exe
[2009/04/17 12:16:36 | 001,410,532 | -HS- | C] () -- C:\WINDOWS\System32\efipepet.ini
[2009/04/16 02:21:25 | 001,412,293 | -HS- | C] () -- C:\WINDOWS\System32\owejujud.ini
[2009/04/15 12:42:58 | 001,407,744 | -HS- | C] () -- C:\WINDOWS\System32\uporiwum.ini
[2009/04/14 10:41:44 | 001,416,481 | -HS- | C] () -- C:\WINDOWS\System32\opinomab.ini
[2009/04/13 20:26:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hxocidu.bin
[2009/04/13 20:13:48 | 001,404,782 | -HS- | C] () -- C:\WINDOWS\System32\ubogopus.ini
[2007/03/16 17:05:33 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\73648-88365-27475-00IP7-22847
[2005/12/05 18:57:29 | 000,459,132 | -HS- | C] () -- C:\WINDOWS\System32\oqtwa.ini
[2005/11/04 17:58:04 | 000,486,252 | -HS- | C] () -- C:\WINDOWS\System32\oqtwa.ini2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DD00E73
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21317552

:Reg

:Files
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



NEXT:



What issues are you currently experiencing with your computer?
  • 0

#10
Opa the Openminded
Posted 26 October 2011 - 01:09 AM

Opa the Openminded

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ok, first off the file you were asking about:
[2011/10/04 04:38:36 | 001,146,943 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\STEEL.EXE
was downloaded from an abandonware website. Basically it is free gaming software that is no longer supported or sold by the company and has become free to the public. The game was Steel Panthers. I created that desktop shortcut so that I could quickly load it into the DOSBox program (which is a virtual DOS), however for some reason when I created the shortcut it never worked and I was instead forced to load the game via the original file. The website I obtained that file from was abandonia.com


As I previously stated the OTL scan caused alerts from both my avast! antivirus as well as COMODO firewall.

avast! stated: "it is potentially unsafe to run this program"

Comodo firewall stated: "OTL.exe is trying to modify a protected registry key"
While I was unable to to record all of the many messages that the firewall was displaying, I did write down several of them on Microsoft Word (for which I now appologize, as I know the instructions stated not to add or remove any files until notified to do so)
These are the protected registry keys:

HKUS\S-1-5-21-1737155720-1533574543-4294304635-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden

HKUS\S-1-5-21-1737155720-1533574543-4294304635-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt

HKUS\S-1-5-21-1737155720-1533574543-4294304635-1007\Control Panel

HKUS\S-1-5-21-1737155720-1533574543-4294304635-1007\Control Panel\International\Geo

HKUS\S-1-5-21-1737155720-1533574543-4294304635-1007\Control Panel\International

HKUS\S-1-5-21-1737155720-1533574543-4294304635-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden

HKLM\SOFTWARE\Classes\CLSID

HKLM\SOFTWARE\Classes\CLSID\{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}

HKLM\SOFTWARE\Classes\CLSID\{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}\InprocServer32






Here is the log from the OTL fix (I will begin & post the TDSSKiller log when completed):

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1737155720-1533574543-4294304635-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\ not found.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\DOCUMENTS AND SETTINGS\JASON\LOCAL SETTINGS\APPLICATION DATA\{3797B287-C572-4102-8A9C-132E61BEB95D}\chrome\content folder moved successfully.
C:\DOCUMENTS AND SETTINGS\JASON\LOCAL SETTINGS\APPLICATION DATA\{3797B287-C572-4102-8A9C-132E61BEB95D}\chrome folder moved successfully.
C:\DOCUMENTS AND SETTINGS\JASON\LOCAL SETTINGS\APPLICATION DATA\{3797B287-C572-4102-8A9C-132E61BEB95D} folder moved successfully.
C:\DOCUMENTS AND SETTINGS\VICKI\LOCAL SETTINGS\APPLICATION DATA\{83109441-5AC6-4BFE-8DEA-ED07639468C0}\chrome\content folder moved successfully.
C:\DOCUMENTS AND SETTINGS\VICKI\LOCAL SETTINGS\APPLICATION DATA\{83109441-5AC6-4BFE-8DEA-ED07639468C0}\chrome folder moved successfully.
C:\DOCUMENTS AND SETTINGS\VICKI\LOCAL SETTINGS\APPLICATION DATA\{83109441-5AC6-4BFE-8DEA-ED07639468C0} folder moved successfully.
82.98.231.89 best-click-scanner.info removed from HOSTS file successfully
82.98.231.89 antivirus-xp-pro-2009.com removed from HOSTS file successfully
82.98.231.89 microsoft.infosecuritycenter.com removed from HOSTS file successfully
82.98.231.89 microsoft.softwaresecurityhelp.com removed from HOSTS file successfully
82.98.231.89 onlinenotifyq.net removed from HOSTS file successfully
82.98.231.89 antivirusxp-pro-2009.com removed from HOSTS file successfully
82.98.231.89 microsoft.browser-security-center.com removed from HOSTS file successfully
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78e49503-204b-402f-aa32-9e2cf36b3e75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78e49503-204b-402f-aa32-9e2cf36b3e75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ac365747-9f63-41a1-a871-1cdeac1c6b63}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac365747-9f63-41a1-a871-1cdeac1c6b63}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c00d296b-4475-440e-a026-caa0c1a3093e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c00d296b-4475-440e-a026-caa0c1a3093e}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\SITEguard deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\hepupewika deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\hepupewika deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1737155720-1533574543-4294304635-1007\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1737155720-1533574543-4294304635-1007\Software\Microsoft\Windows\CurrentVersion\Run\\MSKAGENTEXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-21-1737155720-1533574543-4294304635-1007\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1737155720-1533574543-4294304635-1007\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F4430FE8-2638-42e5-B849-800749B94EED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4430FE8-2638-42e5-B849-800749B94EED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F4430FE8-2638-42e5-B849-800749B94EED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4430FE8-2638-42e5-B849-800749B94EED}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\dutuhabe.dll deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f7de5b4-33b5-11de-afd0-001111e8bd8b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f7de5b4-33b5-11de-afd0-001111e8bd8b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f7de5b4-33b5-11de-afd0-001111e8bd8b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f7de5b4-33b5-11de-afd0-001111e8bd8b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f7de5b4-33b5-11de-afd0-001111e8bd8b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f7de5b4-33b5-11de-afd0-001111e8bd8b}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
C:\WINDOWS\~tmp.INI moved successfully.
C:\WINDOWS\SYSTEM32\ewulanev.ini moved successfully.
C:\WINDOWS\SYSTEM32\vuyohasu.dll moved successfully.
C:\WINDOWS\SYSTEM32\zodezaru.exe moved successfully.
C:\WINDOWS\SYSTEM32\efipepet.ini moved successfully.
C:\WINDOWS\SYSTEM32\owejujud.ini moved successfully.
C:\WINDOWS\SYSTEM32\uporiwum.ini moved successfully.
C:\WINDOWS\SYSTEM32\opinomab.ini moved successfully.
C:\WINDOWS\Hxocidu.bin moved successfully.
C:\WINDOWS\SYSTEM32\ubogopus.ini moved successfully.
C:\Documents and Settings\Jason\Local Settings\Application Data\73648-88365-27475-00IP7-22847 moved successfully.
C:\WINDOWS\SYSTEM32\oqtwa.ini moved successfully.
C:\WINDOWS\SYSTEM32\oqtwa.ini2 moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2DD00E73 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:21317552 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\HOSTS
C:\Documents and Settings\Jason\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jason\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Jason\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jason\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41620 bytes

User: Games
->Temp folder emptied: 963583 bytes
->Temporary Internet Files folder emptied: 157998051 bytes
->Java cache emptied: 14494 bytes
->FireFox cache emptied: 10877292 bytes
->Flash cache emptied: 1132 bytes

User: Guest
->Temp folder emptied: 143 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 300 bytes

User: Jason
->Temp folder emptied: 216134912 bytes
->Temporary Internet Files folder emptied: 121696370 bytes
->Java cache emptied: 43180424 bytes
->FireFox cache emptied: 103640115 bytes
->Flash cache emptied: 1126610 bytes

User: Kristy
->Temp folder emptied: 3548 bytes
->Temporary Internet Files folder emptied: 1170027 bytes
->Java cache emptied: 5137 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 262546 bytes
->FireFox cache emptied: 76225768 bytes
->Flash cache emptied: 348 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 95561094 bytes

User: Vicki
->Temp folder emptied: 94787894 bytes
->Temporary Internet Files folder emptied: 269817297 bytes
->Java cache emptied: 43200403 bytes
->FireFox cache emptied: 214083537 bytes
->Flash cache emptied: 274769 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 9632852 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 101760427 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 143149866 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1708100 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,628.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Games
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Jason
->Flash cache emptied: 0 bytes

User: Kristy

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Vicki
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 10252011_233424

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Edited by Opa the Openminded, 26 October 2011 - 01:37 AM.

  • 0

Advertisements

#11
Opa the Openminded
Posted 26 October 2011 - 02:27 AM

Opa the Openminded

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
TDSSKiller scan completed! I actually ran the scan twice, because the first results showed that there were 2 threats detected, and I chose skip for both options per your recommindation. However, after that it did not provide the following options which your instructions stated (such as curing malicious programs and rebooting) so I thought I had potentilaly done something incorrect. That is when I re-ran the scan and the same results were displayed. I searched afterwards for a log of the scan, and did find it. It includes both scans I ran, which should be identical. I appologize for the extra reading:


01:11:03.0500 2864 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
01:11:05.0500 2864 ============================================================
01:11:05.0500 2864 Current date / time: 2011/10/26 01:11:05.0500
01:11:05.0500 2864 SystemInfo:
01:11:05.0500 2864
01:11:05.0500 2864 OS Version: 5.1.2600 ServicePack: 3.0
01:11:05.0500 2864 Product type: Workstation
01:11:05.0500 2864 ComputerName: VICKID9YYCZ61
01:11:05.0500 2864 UserName: Jason
01:11:05.0500 2864 Windows directory: C:\WINDOWS
01:11:05.0500 2864 System windows directory: C:\WINDOWS
01:11:05.0500 2864 Processor architecture: Intel x86
01:11:05.0500 2864 Number of processors: 1
01:11:05.0500 2864 Page size: 0x1000
01:11:05.0500 2864 Boot type: Normal boot
01:11:05.0500 2864 ============================================================
01:11:08.0562 2864 Initialize success
01:11:55.0437 2280 ============================================================
01:11:55.0437 2280 Scan started
01:11:55.0437 2280 Mode: Manual;
01:11:55.0437 2280 ============================================================
01:11:55.0953 2280 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
01:11:55.0968 2280 Aavmker4 - ok
01:11:56.0359 2280 Abiosdsk - ok
01:11:56.0671 2280 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
01:11:56.0687 2280 abp480n5 - ok
01:11:57.0156 2280 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:11:57.0203 2280 ACPI - ok
01:11:57.0562 2280 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
01:11:57.0578 2280 ACPIEC - ok
01:11:57.0906 2280 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
01:11:57.0937 2280 adpu160m - ok
01:11:58.0421 2280 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
01:11:58.0468 2280 aec - ok
01:11:58.0921 2280 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
01:11:58.0968 2280 AFD - ok
01:11:59.0421 2280 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
01:11:59.0437 2280 agp440 - ok
01:11:59.0859 2280 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
01:11:59.0875 2280 agpCPQ - ok
01:12:00.0281 2280 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
01:12:00.0281 2280 Aha154x - ok
01:12:00.0750 2280 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
01:12:00.0765 2280 aic78u2 - ok
01:12:01.0203 2280 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
01:12:01.0218 2280 aic78xx - ok
01:12:01.0640 2280 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
01:12:01.0640 2280 AliIde - ok
01:12:02.0062 2280 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
01:12:02.0078 2280 alim1541 - ok
01:12:02.0515 2280 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
01:12:02.0515 2280 amdagp - ok
01:12:02.0921 2280 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
01:12:02.0937 2280 amsint - ok
01:12:03.0375 2280 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
01:12:03.0390 2280 asc - ok
01:12:03.0796 2280 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
01:12:03.0812 2280 asc3350p - ok
01:12:04.0234 2280 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
01:12:04.0234 2280 asc3550 - ok
01:12:04.0656 2280 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
01:12:04.0671 2280 aswFsBlk - ok
01:12:05.0109 2280 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
01:12:05.0140 2280 aswMon2 - ok
01:12:05.0625 2280 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
01:12:05.0625 2280 aswRdr - ok
01:12:06.0203 2280 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
01:12:06.0343 2280 aswSnx - ok
01:12:06.0828 2280 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
01:12:06.0937 2280 aswSP - ok
01:12:07.0375 2280 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
01:12:07.0390 2280 aswTdi - ok
01:12:07.0796 2280 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:12:07.0812 2280 AsyncMac - ok
01:12:08.0250 2280 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
01:12:08.0250 2280 atapi - ok
01:12:08.0625 2280 Atdisk - ok
01:12:08.0968 2280 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:12:08.0984 2280 Atmarpc - ok
01:12:09.0390 2280 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:12:09.0390 2280 audstub - ok
01:12:09.0781 2280 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:12:09.0781 2280 Beep - ok
01:12:10.0046 2280 bvrp_pci - ok
01:12:10.0343 2280 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
01:12:10.0343 2280 cbidf - ok
01:12:10.0625 2280 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:12:10.0640 2280 cbidf2k - ok
01:12:10.0953 2280 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
01:12:10.0953 2280 cd20xrnt - ok
01:12:11.0359 2280 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:12:11.0375 2280 Cdaudio - ok
01:12:11.0687 2280 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
01:12:11.0703 2280 Cdfs - ok
01:12:12.0125 2280 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:12:12.0156 2280 Cdrom - ok
01:12:12.0531 2280 Changer - ok
01:12:13.0015 2280 cmdGuard (be1e51b694cadc4043e428a914ee544e) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
01:12:13.0187 2280 cmdGuard - ok
01:12:13.0625 2280 cmdHlp (f0a78783a95b788856eec1c36d0a1e59) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
01:12:13.0640 2280 cmdHlp - ok
01:12:14.0031 2280 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
01:12:14.0046 2280 CmdIde - ok
01:12:14.0484 2280 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
01:12:14.0500 2280 Cpqarray - ok
01:12:14.0828 2280 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
01:12:14.0890 2280 dac2w2k - ok
01:12:15.0218 2280 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
01:12:15.0234 2280 dac960nt - ok
01:12:15.0671 2280 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
01:12:15.0687 2280 Disk - ok
01:12:16.0390 2280 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
01:12:16.0656 2280 dmboot - ok
01:12:17.0109 2280 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
01:12:17.0156 2280 dmio - ok
01:12:17.0562 2280 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:12:17.0578 2280 dmload - ok
01:12:17.0890 2280 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
01:12:17.0906 2280 DMusic - ok
01:12:18.0328 2280 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
01:12:18.0343 2280 dpti2o - ok
01:12:18.0750 2280 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
01:12:18.0750 2280 drmkaud - ok
01:12:19.0187 2280 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
01:12:19.0218 2280 drvmcdb - ok
01:12:19.0671 2280 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
01:12:19.0687 2280 drvnddm - ok
01:12:19.0906 2280 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
01:12:19.0921 2280 DSproct - ok
01:12:20.0328 2280 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
01:12:20.0328 2280 dsunidrv - ok
01:12:20.0859 2280 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
01:12:20.0875 2280 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 12aca694b50ea53563c1e7c99e7bb27d
01:12:20.0875 2280 dtscsi ( LockedFile.Multi.Generic ) - warning
01:12:20.0875 2280 dtscsi - detected LockedFile.Multi.Generic (1)
01:12:21.0312 2280 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
01:12:21.0359 2280 E100B - ok
01:12:21.0812 2280 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
01:12:21.0859 2280 Fastfat - ok
01:12:22.0296 2280 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
01:12:22.0296 2280 Fdc - ok
01:12:22.0734 2280 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
01:12:22.0750 2280 Fips - ok
01:12:23.0156 2280 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
01:12:23.0171 2280 Flpydisk - ok
01:12:23.0640 2280 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
01:12:23.0687 2280 FltMgr - ok
01:12:24.0093 2280 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:12:24.0093 2280 Fs_Rec - ok
01:12:24.0500 2280 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:12:24.0546 2280 Ftdisk - ok
01:12:24.0906 2280 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
01:12:24.0906 2280 GEARAspiWDM - ok
01:12:25.0343 2280 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:12:25.0359 2280 Gpc - ok
01:12:25.0812 2280 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:12:25.0812 2280 HidUsb - ok
01:12:26.0250 2280 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
01:12:26.0250 2280 hpn - ok
01:12:26.0687 2280 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
01:12:26.0703 2280 HPZid412 - ok
01:12:27.0125 2280 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
01:12:27.0140 2280 HPZipr12 - ok
01:12:27.0578 2280 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
01:12:27.0593 2280 HPZius12 - ok
01:12:28.0078 2280 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
01:12:28.0156 2280 HTTP - ok
01:12:28.0609 2280 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
01:12:28.0609 2280 i2omgmt - ok
01:12:29.0031 2280 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
01:12:29.0031 2280 i2omp - ok
01:12:29.0453 2280 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:12:29.0484 2280 i8042prt - ok
01:12:30.0296 2280 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
01:12:30.0765 2280 ialm - ok
01:12:31.0250 2280 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
01:12:31.0265 2280 Imapi - ok
01:12:31.0687 2280 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
01:12:31.0703 2280 ini910u - ok
01:12:32.0140 2280 Inspect (d22ac37cbe6cf295416ef84245b804a8) C:\WINDOWS\system32\DRIVERS\inspect.sys
01:12:32.0171 2280 Inspect - ok
01:12:33.0000 2280 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
01:12:33.0390 2280 IntelC51 - ok
01:12:34.0015 2280 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
01:12:34.0218 2280 IntelC52 - ok
01:12:34.0671 2280 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
01:12:34.0687 2280 IntelC53 - ok
01:12:35.0109 2280 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
01:12:35.0109 2280 IntelIde - ok
01:12:35.0546 2280 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:12:35.0562 2280 intelppm - ok
01:12:36.0203 2280 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
01:12:36.0218 2280 Ip6Fw - ok
01:12:36.0703 2280 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:12:36.0781 2280 IpFilterDriver - ok
01:12:37.0281 2280 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:12:37.0281 2280 IpInIp - ok
01:12:37.0875 2280 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:12:37.0921 2280 IpNat - ok
01:12:38.0359 2280 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:12:38.0375 2280 IPSec - ok
01:12:38.0906 2280 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:12:38.0921 2280 IRENUM - ok
01:12:39.0343 2280 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:12:39.0359 2280 isapnp - ok
01:12:39.0906 2280 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:12:39.0906 2280 Kbdclass - ok
01:12:40.0406 2280 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
01:12:40.0468 2280 kmixer - ok
01:12:41.0031 2280 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
01:12:41.0062 2280 KSecDD - ok
01:12:41.0500 2280 lbrtfdc - ok
01:12:41.0937 2280 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:12:41.0953 2280 mnmdd - ok
01:12:42.0312 2280 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
01:12:42.0328 2280 Modem - ok
01:12:42.0890 2280 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
01:12:42.0890 2280 MODEMCSA - ok
01:12:43.0312 2280 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
01:12:43.0328 2280 mohfilt - ok
01:12:43.0906 2280 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:12:43.0906 2280 Mouclass - ok
01:12:44.0312 2280 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:12:44.0328 2280 mouhid - ok
01:12:44.0765 2280 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
01:12:44.0781 2280 MountMgr - ok
01:12:45.0187 2280 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
01:12:45.0187 2280 mraid35x - ok
01:12:45.0656 2280 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:12:45.0703 2280 MRxDAV - ok
01:12:46.0312 2280 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:12:46.0453 2280 MRxSmb - ok
01:12:46.0859 2280 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
01:12:46.0875 2280 Msfs - ok
01:12:47.0296 2280 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:12:47.0296 2280 MSKSSRV - ok
01:12:47.0750 2280 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:12:47.0750 2280 MSPCLOCK - ok
01:12:48.0156 2280 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
01:12:48.0156 2280 MSPQM - ok
01:12:48.0562 2280 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:12:48.0562 2280 mssmbios - ok
01:12:49.0046 2280 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
01:12:49.0093 2280 Mup - ok
01:12:49.0562 2280 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
01:12:49.0625 2280 NDIS - ok
01:12:50.0015 2280 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:12:50.0015 2280 NdisTapi - ok
01:12:50.0421 2280 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:12:50.0437 2280 Ndisuio - ok
01:12:50.0890 2280 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:12:50.0921 2280 NdisWan - ok
01:12:51.0375 2280 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
01:12:51.0390 2280 NDProxy - ok
01:12:51.0828 2280 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:12:51.0828 2280 NetBIOS - ok
01:12:52.0281 2280 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:12:52.0343 2280 NetBT - ok
01:12:52.0812 2280 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
01:12:52.0828 2280 Npfs - ok
01:12:53.0421 2280 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
01:12:53.0609 2280 Ntfs - ok
01:12:54.0000 2280 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:12:54.0015 2280 Null - ok
01:12:55.0046 2280 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
01:12:55.0703 2280 nv - ok
01:12:56.0093 2280 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:12:56.0093 2280 NwlnkFlt - ok
01:12:56.0468 2280 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:12:56.0484 2280 NwlnkFwd - ok
01:12:56.0828 2280 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
01:12:56.0859 2280 Parport - ok
01:12:57.0218 2280 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
01:12:57.0234 2280 PartMgr - ok
01:12:57.0609 2280 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
01:12:57.0609 2280 ParVdm - ok
01:12:57.0984 2280 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
01:12:58.0000 2280 PCI - ok
01:12:58.0375 2280 PCIDump - ok
01:12:58.0687 2280 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
01:12:58.0687 2280 PCIIde - ok
01:12:59.0140 2280 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
01:12:59.0187 2280 Pcmcia - ok
01:12:59.0531 2280 PDCOMP - ok
01:12:59.0812 2280 PDFRAME - ok
01:13:00.0187 2280 PDRELI - ok
01:13:00.0453 2280 PDRFRAME - ok
01:13:00.0828 2280 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
01:13:00.0843 2280 perc2 - ok
01:13:01.0234 2280 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
01:13:01.0234 2280 perc2hib - ok
01:13:01.0625 2280 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:13:01.0640 2280 PptpMiniport - ok
01:13:02.0078 2280 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
01:13:02.0109 2280 PSched - ok
01:13:02.0500 2280 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:13:02.0515 2280 Ptilink - ok
01:13:02.0890 2280 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:13:02.0906 2280 PxHelp20 - ok
01:13:03.0250 2280 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
01:13:03.0265 2280 ql1080 - ok
01:13:03.0734 2280 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
01:13:03.0734 2280 Ql10wnt - ok
01:13:04.0187 2280 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
01:13:04.0203 2280 ql12160 - ok
01:13:04.0656 2280 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
01:13:04.0671 2280 ql1240 - ok
01:13:05.0140 2280 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
01:13:05.0171 2280 ql1280 - ok
01:13:05.0609 2280 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:13:05.0609 2280 RasAcd - ok
01:13:06.0015 2280 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:13:06.0031 2280 Rasl2tp - ok
01:13:06.0390 2280 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:13:06.0406 2280 RasPppoe - ok
01:13:06.0843 2280 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:13:06.0843 2280 Raspti - ok
01:13:07.0203 2280 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:13:07.0250 2280 Rdbss - ok
01:13:07.0656 2280 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:13:07.0656 2280 RDPCDD - ok
01:13:08.0046 2280 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:13:08.0109 2280 rdpdr - ok
01:13:08.0546 2280 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
01:13:08.0593 2280 RDPWD - ok
01:13:09.0046 2280 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:13:09.0062 2280 redbook - ok
01:13:09.0421 2280 SDDMI2 - ok
01:13:09.0765 2280 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:13:09.0781 2280 Secdrv - ok
01:13:10.0406 2280 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
01:13:10.0656 2280 senfilt - ok
01:13:11.0093 2280 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
01:13:11.0109 2280 serenum - ok
01:13:11.0531 2280 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
01:13:11.0562 2280 Serial - ok
01:13:12.0046 2280 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
01:13:12.0046 2280 Sfloppy - ok
01:13:12.0421 2280 Simbad - ok
01:13:12.0750 2280 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
01:13:12.0765 2280 sisagp - ok
01:13:13.0250 2280 smwdm (86c4d93b7b7818d066c52fdb03c6c921) C:\WINDOWS\system32\drivers\smwdm.sys
01:13:13.0343 2280 smwdm - ok
01:13:13.0765 2280 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
01:13:13.0765 2280 SONYPVU1 - ok
01:13:14.0187 2280 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
01:13:14.0187 2280 Sparrow - ok
01:13:14.0609 2280 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
01:13:14.0625 2280 splitter - ok
01:13:15.0250 2280 sptd (f5b4c5eec7cc8c85896dcfe0ec4c5860) C:\WINDOWS\system32\Drivers\sptd.sys
01:13:15.0281 2280 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: f5b4c5eec7cc8c85896dcfe0ec4c5860
01:13:15.0281 2280 sptd ( LockedFile.Multi.Generic ) - warning
01:13:15.0281 2280 sptd - detected LockedFile.Multi.Generic (1)
01:13:15.0718 2280 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
01:13:15.0750 2280 sr - ok
01:13:16.0281 2280 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
01:13:16.0406 2280 Srv - ok
01:13:16.0843 2280 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
01:13:16.0859 2280 sscdbhk5 - ok
01:13:17.0281 2280 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
01:13:17.0296 2280 ssrtln - ok
01:13:17.0703 2280 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
01:13:17.0703 2280 swenum - ok
01:13:18.0156 2280 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
01:13:18.0171 2280 swmidi - ok
01:13:18.0578 2280 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
01:13:18.0593 2280 symc810 - ok
01:13:19.0015 2280 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
01:13:19.0031 2280 symc8xx - ok
01:13:19.0453 2280 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
01:13:19.0468 2280 sym_hi - ok
01:13:19.0875 2280 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
01:13:19.0890 2280 sym_u3 - ok
01:13:20.0312 2280 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
01:13:20.0343 2280 sysaudio - ok
01:13:20.0906 2280 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:13:21.0015 2280 Tcpip - ok
01:13:21.0453 2280 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
01:13:21.0453 2280 TDPIPE - ok
01:13:21.0890 2280 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
01:13:21.0890 2280 TDTCP - ok
01:13:22.0359 2280 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
01:13:22.0375 2280 TermDD - ok
01:13:22.0750 2280 tfsnboio (75b30b9ea32fe7d8bbc332d3b944ad46) C:\WINDOWS\system32\dla\tfsnboio.sys
01:13:22.0781 2280 tfsnboio - ok
01:13:23.0203 2280 tfsncofs (b811a431b14694d88eb5befaa55b4501) C:\WINDOWS\system32\dla\tfsncofs.sys
01:13:23.0218 2280 tfsncofs - ok
01:13:23.0703 2280 tfsndrct (f5e2cf2144f1fe51dadd6e9063d311eb) C:\WINDOWS\system32\dla\tfsndrct.sys
01:13:23.0703 2280 tfsndrct - ok
01:13:24.0125 2280 tfsndres (e32b32045b6b914fd4caae8be6ca7e8a) C:\WINDOWS\system32\dla\tfsndres.sys
01:13:24.0140 2280 tfsndres - ok
01:13:24.0531 2280 tfsnifs (43034b10a94d1c6f13a1a0e848f51226) C:\WINDOWS\system32\dla\tfsnifs.sys
01:13:24.0562 2280 tfsnifs - ok
01:13:24.0968 2280 tfsnopio (f5ee0faafde37326ea35acbfa5defd3d) C:\WINDOWS\system32\dla\tfsnopio.sys
01:13:24.0968 2280 tfsnopio - ok
01:13:25.0343 2280 tfsnpool (597348eb65b3e19709e9a45ca2b30b61) C:\WINDOWS\system32\dla\tfsnpool.sys
01:13:25.0343 2280 tfsnpool - ok
01:13:25.0750 2280 tfsnudf (767affd52432a0f7e7d39f6ff64401f4) C:\WINDOWS\system32\dla\tfsnudf.sys
01:13:25.0781 2280 tfsnudf - ok
01:13:26.0187 2280 tfsnudfa (2806b2fd00263ccd90cc0638c6139eb0) C:\WINDOWS\system32\dla\tfsnudfa.sys
01:13:26.0218 2280 tfsnudfa - ok
01:13:26.0625 2280 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
01:13:26.0640 2280 TosIde - ok
01:13:27.0109 2280 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
01:13:27.0140 2280 Udfs - ok
01:13:27.0531 2280 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
01:13:27.0546 2280 ultra - ok
01:13:28.0093 2280 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
01:13:28.0218 2280 Update - ok
01:13:28.0593 2280 USBAAPL - ok
01:13:28.0906 2280 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:13:28.0921 2280 usbccgp - ok
01:13:29.0343 2280 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:13:29.0359 2280 usbehci - ok
01:13:29.0765 2280 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:13:29.0796 2280 usbhub - ok
01:13:30.0234 2280 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:13:30.0234 2280 usbprint - ok
01:13:30.0671 2280 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:13:30.0671 2280 usbscan - ok
01:13:31.0109 2280 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:13:31.0125 2280 USBSTOR - ok
01:13:31.0531 2280 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:13:31.0546 2280 usbuhci - ok
01:13:31.0953 2280 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
01:13:31.0968 2280 VgaSave - ok
01:13:32.0406 2280 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
01:13:32.0421 2280 viaagp - ok
01:13:32.0828 2280 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
01:13:32.0843 2280 ViaIde - ok
01:13:33.0281 2280 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
01:13:33.0296 2280 VolSnap - ok
01:13:33.0734 2280 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:13:33.0750 2280 Wanarp - ok
01:13:34.0140 2280 wanatw - ok
01:13:34.0437 2280 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
01:13:34.0453 2280 WDC_SAM - ok
01:13:34.0812 2280 WDICA - ok
01:13:35.0156 2280 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
01:13:35.0187 2280 wdmaud - ok
01:13:35.0687 2280 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
01:13:35.0703 2280 WS2IFSL - ok
01:13:36.0062 2280 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:13:36.0093 2280 WudfPf - ok
01:13:36.0484 2280 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:13:36.0515 2280 WudfRd - ok
01:13:36.0593 2280 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
01:13:36.0593 2280 \Device\Harddisk0\DR0 - ok
01:13:36.0609 2280 Boot (0x1200) (9b3833eae0350f0ac9217d3f87806f35) \Device\Harddisk0\DR0\Partition0
01:13:36.0609 2280 \Device\Harddisk0\DR0\Partition0 - ok
01:13:36.0609 2280 ============================================================
01:13:36.0609 2280 Scan finished
01:13:36.0625 2280 ============================================================
01:13:36.0640 2096 Detected object count: 2
01:13:36.0640 2096 Actual detected object count: 2
01:13:59.0843 2096 dtscsi ( LockedFile.Multi.Generic ) - skipped by user
01:13:59.0843 2096 dtscsi ( LockedFile.Multi.Generic ) - User select action: Skip
01:13:59.0859 2096 sptd ( LockedFile.Multi.Generic ) - skipped by user
01:13:59.0859 2096 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
01:14:20.0140 1324 ============================================================
01:14:20.0140 1324 Scan started
01:14:20.0140 1324 Mode: Manual;
01:14:20.0140 1324 ============================================================
01:14:20.0640 1324 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
01:14:20.0640 1324 Aavmker4 - ok
01:14:21.0015 1324 Abiosdsk - ok
01:14:21.0312 1324 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
01:14:21.0312 1324 abp480n5 - ok
01:14:21.0812 1324 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:14:21.0828 1324 ACPI - ok
01:14:22.0203 1324 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
01:14:22.0203 1324 ACPIEC - ok
01:14:22.0546 1324 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
01:14:22.0546 1324 adpu160m - ok
01:14:23.0015 1324 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
01:14:23.0015 1324 aec - ok
01:14:23.0468 1324 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
01:14:23.0468 1324 AFD - ok
01:14:23.0937 1324 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
01:14:23.0937 1324 agp440 - ok
01:14:24.0343 1324 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
01:14:24.0359 1324 agpCPQ - ok
01:14:24.0750 1324 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
01:14:24.0750 1324 Aha154x - ok
01:14:25.0171 1324 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
01:14:25.0203 1324 aic78u2 - ok
01:14:25.0625 1324 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
01:14:25.0625 1324 aic78xx - ok
01:14:26.0046 1324 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
01:14:26.0046 1324 AliIde - ok
01:14:26.0484 1324 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
01:14:26.0484 1324 alim1541 - ok
01:14:26.0921 1324 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
01:14:26.0937 1324 amdagp - ok
01:14:27.0328 1324 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
01:14:27.0328 1324 amsint - ok
01:14:27.0734 1324 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
01:14:27.0750 1324 asc - ok
01:14:28.0171 1324 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
01:14:28.0187 1324 asc3350p - ok
01:14:28.0578 1324 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
01:14:28.0578 1324 asc3550 - ok
01:14:29.0046 1324 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
01:14:29.0046 1324 aswFsBlk - ok
01:14:29.0468 1324 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
01:14:29.0484 1324 aswMon2 - ok
01:14:29.0937 1324 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
01:14:29.0937 1324 aswRdr - ok
01:14:30.0484 1324 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
01:14:30.0484 1324 aswSnx - ok
01:14:31.0015 1324 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
01:14:31.0031 1324 aswSP - ok
01:14:31.0453 1324 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
01:14:31.0453 1324 aswTdi - ok
01:14:31.0890 1324 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:14:31.0906 1324 AsyncMac - ok
01:14:32.0343 1324 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
01:14:32.0343 1324 atapi - ok
01:14:32.0703 1324 Atdisk - ok
01:14:33.0031 1324 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:14:33.0031 1324 Atmarpc - ok
01:14:33.0437 1324 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:14:33.0437 1324 audstub - ok
01:14:33.0859 1324 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:14:33.0859 1324 Beep - ok
01:14:34.0140 1324 bvrp_pci - ok
01:14:34.0437 1324 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
01:14:34.0437 1324 cbidf - ok
01:14:34.0781 1324 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:14:34.0781 1324 cbidf2k - ok
01:14:35.0093 1324 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
01:14:35.0093 1324 cd20xrnt - ok
01:14:35.0437 1324 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:14:35.0437 1324 Cdaudio - ok
01:14:35.0875 1324 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
01:14:35.0875 1324 Cdfs - ok
01:14:36.0296 1324 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:14:36.0296 1324 Cdrom - ok
01:14:36.0656 1324 Changer - ok
01:14:37.0140 1324 cmdGuard (be1e51b694cadc4043e428a914ee544e) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
01:14:37.0156 1324 cmdGuard - ok
01:14:37.0562 1324 cmdHlp (f0a78783a95b788856eec1c36d0a1e59) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
01:14:37.0562 1324 cmdHlp - ok
01:14:38.0000 1324 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
01:14:38.0015 1324 CmdIde - ok
01:14:38.0437 1324 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
01:14:38.0437 1324 Cpqarray - ok
01:14:38.0906 1324 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
01:14:38.0906 1324 dac2w2k - ok
01:14:39.0312 1324 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
01:14:39.0312 1324 dac960nt - ok
01:14:39.0734 1324 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
01:14:39.0734 1324 Disk - ok
01:14:40.0453 1324 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
01:14:40.0453 1324 dmboot - ok
01:14:40.0890 1324 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
01:14:40.0906 1324 dmio - ok
01:14:41.0296 1324 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:14:41.0296 1324 dmload - ok
01:14:41.0671 1324 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
01:14:41.0671 1324 DMusic - ok
01:14:42.0046 1324 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
01:14:42.0046 1324 dpti2o - ok
01:14:42.0468 1324 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
01:14:42.0468 1324 drmkaud - ok
01:14:42.0906 1324 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
01:14:42.0906 1324 drvmcdb - ok
01:14:43.0328 1324 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
01:14:43.0328 1324 drvnddm - ok
01:14:43.0562 1324 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
01:14:43.0562 1324 DSproct - ok
01:14:43.0968 1324 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
01:14:43.0968 1324 dsunidrv - ok
01:14:44.0437 1324 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
01:14:44.0453 1324 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 12aca694b50ea53563c1e7c99e7bb27d
01:14:44.0453 1324 dtscsi ( LockedFile.Multi.Generic ) - warning
01:14:44.0453 1324 dtscsi - detected LockedFile.Multi.Generic (1)
01:14:44.0890 1324 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
01:14:44.0890 1324 E100B - ok
01:14:45.0359 1324 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
01:14:45.0359 1324 Fastfat - ok
01:14:45.0843 1324 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
01:14:45.0843 1324 Fdc - ok
01:14:46.0296 1324 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
01:14:46.0296 1324 Fips - ok
01:14:46.0703 1324 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
01:14:46.0703 1324 Flpydisk - ok
01:14:47.0187 1324 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
01:14:47.0187 1324 FltMgr - ok
01:14:47.0593 1324 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:14:47.0593 1324 Fs_Rec - ok
01:14:47.0953 1324 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:14:47.0953 1324 Ftdisk - ok
01:14:48.0375 1324 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
01:14:48.0375 1324 GEARAspiWDM - ok
01:14:48.0812 1324 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:14:48.0812 1324 Gpc - ok
01:14:49.0250 1324 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:14:49.0250 1324 HidUsb - ok
01:14:49.0656 1324 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
01:14:49.0671 1324 hpn - ok
01:14:50.0125 1324 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
01:14:50.0125 1324 HPZid412 - ok
01:14:50.0531 1324 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
01:14:50.0546 1324 HPZipr12 - ok
01:14:51.0015 1324 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
01:14:51.0015 1324 HPZius12 - ok
01:14:51.0500 1324 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
01:14:51.0500 1324 HTTP - ok
01:14:51.0921 1324 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
01:14:51.0921 1324 i2omgmt - ok
01:14:52.0359 1324 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
01:14:52.0359 1324 i2omp - ok
01:14:52.0781 1324 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:14:52.0796 1324 i8042prt - ok
01:14:53.0640 1324 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
01:14:53.0656 1324 ialm - ok
01:14:54.0109 1324 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
01:14:54.0109 1324 Imapi - ok
01:14:54.0531 1324 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
01:14:54.0531 1324 ini910u - ok
01:14:54.0984 1324 Inspect (d22ac37cbe6cf295416ef84245b804a8) C:\WINDOWS\system32\DRIVERS\inspect.sys
01:14:54.0984 1324 Inspect - ok
01:14:55.0812 1324 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
01:14:55.0828 1324 IntelC51 - ok
01:14:56.0437 1324 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
01:14:56.0453 1324 IntelC52 - ok
01:14:56.0875 1324 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
01:14:56.0875 1324 IntelC53 - ok
01:14:57.0312 1324 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
01:14:57.0312 1324 IntelIde - ok
01:14:57.0734 1324 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:14:57.0734 1324 intelppm - ok
01:14:58.0187 1324 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
01:14:58.0187 1324 Ip6Fw - ok
01:14:58.0593 1324 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:14:58.0593 1324 IpFilterDriver - ok
01:14:59.0015 1324 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:14:59.0015 1324 IpInIp - ok
01:14:59.0468 1324 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:14:59.0468 1324 IpNat - ok
01:14:59.0906 1324 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:14:59.0906 1324 IPSec - ok
01:15:00.0343 1324 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:15:00.0343 1324 IRENUM - ok
01:15:00.0796 1324 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:15:00.0796 1324 isapnp - ok
01:15:01.0265 1324 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:15:01.0265 1324 Kbdclass - ok
01:15:01.0718 1324 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
01:15:01.0718 1324 kmixer - ok
01:15:02.0171 1324 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
01:15:02.0171 1324 KSecDD - ok
01:15:02.0546 1324 lbrtfdc - ok
01:15:02.0875 1324 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:15:02.0875 1324 mnmdd - ok
01:15:03.0203 1324 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
01:15:03.0203 1324 Modem - ok
01:15:03.0578 1324 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
01:15:03.0578 1324 MODEMCSA - ok
01:15:03.0984 1324 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
01:15:03.0984 1324 mohfilt - ok
01:15:04.0421 1324 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:15:04.0421 1324 Mouclass - ok
01:15:04.0828 1324 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:15:04.0843 1324 mouhid - ok
01:15:05.0375 1324 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
01:15:05.0375 1324 MountMgr - ok
01:15:06.0000 1324 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
01:15:06.0000 1324 mraid35x - ok
01:15:06.0484 1324 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:15:06.0484 1324 MRxDAV - ok
01:15:07.0031 1324 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:15:07.0031 1324 MRxSmb - ok
01:15:07.0437 1324 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
01:15:07.0437 1324 Msfs - ok
01:15:07.0859 1324 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:15:07.0859 1324 MSKSSRV - ok
01:15:08.0296 1324 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:15:08.0296 1324 MSPCLOCK - ok
01:15:08.0703 1324 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
01:15:08.0703 1324 MSPQM - ok
01:15:09.0093 1324 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:15:09.0109 1324 mssmbios - ok
01:15:09.0562 1324 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
01:15:09.0562 1324 Mup - ok
01:15:10.0031 1324 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
01:15:10.0031 1324 NDIS - ok
01:15:10.0468 1324 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:15:10.0468 1324 NdisTapi - ok
01:15:11.0046 1324 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:15:11.0062 1324 Ndisuio - ok
01:15:11.0531 1324 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:15:11.0531 1324 NdisWan - ok
01:15:11.0937 1324 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
01:15:11.0937 1324 NDProxy - ok
01:15:12.0390 1324 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:15:12.0390 1324 NetBIOS - ok
01:15:12.0843 1324 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:15:12.0843 1324 NetBT - ok
01:15:13.0328 1324 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
01:15:13.0328 1324 Npfs - ok
01:15:13.0921 1324 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
01:15:13.0937 1324 Ntfs - ok
01:15:14.0375 1324 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:15:14.0375 1324 Null - ok
01:15:15.0390 1324 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
01:15:15.0406 1324 nv - ok
01:15:15.0812 1324 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:15:15.0812 1324 NwlnkFlt - ok
01:15:16.0125 1324 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:15:16.0125 1324 NwlnkFwd - ok
01:15:16.0562 1324 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
01:15:16.0562 1324 Parport - ok
01:15:16.0968 1324 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
01:15:16.0968 1324 PartMgr - ok
01:15:17.0453 1324 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
01:15:17.0453 1324 ParVdm - ok
01:15:17.0781 1324 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
01:15:17.0781 1324 PCI - ok
01:15:18.0140 1324 PCIDump - ok
01:15:18.0484 1324 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
01:15:18.0484 1324 PCIIde - ok
01:15:18.0937 1324 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
01:15:18.0937 1324 Pcmcia - ok
01:15:19.0375 1324 PDCOMP - ok
01:15:19.0640 1324 PDFRAME - ok
01:15:19.0890 1324 PDRELI - ok
01:15:20.0156 1324 PDRFRAME - ok
01:15:20.0468 1324 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
01:15:20.0468 1324 perc2 - ok
01:15:20.0921 1324 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
01:15:20.0921 1324 perc2hib - ok
01:15:21.0421 1324 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:15:21.0437 1324 PptpMiniport - ok
01:15:21.0906 1324 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
01:15:21.0906 1324 PSched - ok
01:15:22.0406 1324 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:15:22.0406 1324 Ptilink - ok
01:15:22.0859 1324 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:15:22.0859 1324 PxHelp20 - ok
01:15:23.0328 1324 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
01:15:23.0328 1324 ql1080 - ok
01:15:23.0765 1324 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
01:15:23.0765 1324 Ql10wnt - ok
01:15:24.0203 1324 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
01:15:24.0218 1324 ql12160 - ok
01:15:24.0687 1324 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
01:15:24.0687 1324 ql1240 - ok
01:15:25.0140 1324 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
01:15:25.0140 1324 ql1280 - ok
01:15:25.0578 1324 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:15:25.0578 1324 RasAcd - ok
01:15:26.0046 1324 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:15:26.0046 1324 Rasl2tp - ok
01:15:26.0546 1324 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:15:26.0546 1324 RasPppoe - ok
01:15:26.0984 1324 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:15:27.0000 1324 Raspti - ok
01:15:27.0500 1324 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:15:27.0500 1324 Rdbss - ok
01:15:27.0906 1324 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:15:27.0906 1324 RDPCDD - ok
01:15:28.0312 1324 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:15:28.0312 1324 rdpdr - ok
01:15:28.0734 1324 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
01:15:28.0734 1324 RDPWD - ok
01:15:29.0156 1324 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:15:29.0171 1324 redbook - ok
01:15:29.0515 1324 SDDMI2 - ok
01:15:29.0859 1324 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:15:29.0859 1324 Secdrv - ok
01:15:30.0515 1324 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
01:15:30.0531 1324 senfilt - ok
01:15:30.0953 1324 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
01:15:30.0953 1324 serenum - ok
01:15:31.0375 1324 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
01:15:31.0375 1324 Serial - ok
01:15:31.0812 1324 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
01:15:31.0812 1324 Sfloppy - ok
01:15:32.0187 1324 Simbad - ok
01:15:32.0500 1324 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
01:15:32.0515 1324 sisagp - ok
01:15:32.0984 1324 smwdm (86c4d93b7b7818d066c52fdb03c6c921) C:\WINDOWS\system32\drivers\smwdm.sys
01:15:33.0000 1324 smwdm - ok
01:15:33.0421 1324 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
01:15:33.0421 1324 SONYPVU1 - ok
01:15:33.0812 1324 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
01:15:33.0812 1324 Sparrow - ok
01:15:34.0234 1324 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
01:15:34.0234 1324 splitter - ok
01:15:34.0875 1324 sptd (f5b4c5eec7cc8c85896dcfe0ec4c5860) C:\WINDOWS\system32\Drivers\sptd.sys
01:15:34.0875 1324 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: f5b4c5eec7cc8c85896dcfe0ec4c5860
01:15:34.0875 1324 sptd ( LockedFile.Multi.Generic ) - warning
01:15:34.0875 1324 sptd - detected LockedFile.Multi.Generic (1)
01:15:35.0312 1324 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
01:15:35.0312 1324 sr - ok
01:15:35.0843 1324 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
01:15:35.0859 1324 Srv - ok
01:15:36.0453 1324 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
01:15:36.0453 1324 sscdbhk5 - ok
01:15:36.0921 1324 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
01:15:36.0937 1324 ssrtln - ok
01:15:37.0359 1324 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
01:15:37.0359 1324 swenum - ok
01:15:37.0781 1324 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
01:15:37.0781 1324 swmidi - ok
01:15:38.0218 1324 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
01:15:38.0218 1324 symc810 - ok
01:15:38.0656 1324 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
01:15:38.0656 1324 symc8xx - ok
01:15:39.0078 1324 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
01:15:39.0078 1324 sym_hi - ok
01:15:39.0531 1324 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
01:15:39.0531 1324 sym_u3 - ok
01:15:39.0953 1324 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
01:15:39.0953 1324 sysaudio - ok
01:15:40.0500 1324 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:15:40.0500 1324 Tcpip - ok
01:15:40.0921 1324 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
01:15:40.0937 1324 TDPIPE - ok
01:15:41.0343 1324 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
01:15:41.0359 1324 TDTCP - ok
01:15:41.0781 1324 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
01:15:41.0781 1324 TermDD - ok
01:15:42.0156 1324 tfsnboio (75b30b9ea32fe7d8bbc332d3b944ad46) C:\WINDOWS\system32\dla\tfsnboio.sys
01:15:42.0156 1324 tfsnboio - ok
01:15:42.0562 1324 tfsncofs (b811a431b14694d88eb5befaa55b4501) C:\WINDOWS\system32\dla\tfsncofs.sys
01:15:42.0562 1324 tfsncofs - ok
01:15:42.0937 1324 tfsndrct (f5e2cf2144f1fe51dadd6e9063d311eb) C:\WINDOWS\system32\dla\tfsndrct.sys
01:15:42.0937 1324 tfsndrct - ok
01:15:43.0296 1324 tfsndres (e32b32045b6b914fd4caae8be6ca7e8a) C:\WINDOWS\system32\dla\tfsndres.sys
01:15:43.0312 1324 tfsndres - ok
01:15:43.0734 1324 tfsnifs (43034b10a94d1c6f13a1a0e848f51226) C:\WINDOWS\system32\dla\tfsnifs.sys
01:15:43.0734 1324 tfsnifs - ok
01:15:44.0109 1324 tfsnopio (f5ee0faafde37326ea35acbfa5defd3d) C:\WINDOWS\system32\dla\tfsnopio.sys
01:15:44.0109 1324 tfsnopio - ok
01:15:44.0500 1324 tfsnpool (597348eb65b3e19709e9a45ca2b30b61) C:\WINDOWS\system32\dla\tfsnpool.sys
01:15:44.0515 1324 tfsnpool - ok
01:15:44.0890 1324 tfsnudf (767affd52432a0f7e7d39f6ff64401f4) C:\WINDOWS\system32\dla\tfsnudf.sys
01:15:44.0906 1324 tfsnudf - ok
01:15:45.0296 1324 tfsnudfa (2806b2fd00263ccd90cc0638c6139eb0) C:\WINDOWS\system32\dla\tfsnudfa.sys
01:15:45.0296 1324 tfsnudfa - ok
01:15:45.0718 1324 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
01:15:45.0734 1324 TosIde - ok
01:15:46.0156 1324 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
01:15:46.0156 1324 Udfs - ok
01:15:46.0609 1324 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
01:15:46.0609 1324 ultra - ok
01:15:47.0156 1324 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
01:15:47.0156 1324 Update - ok
01:15:47.0562 1324 USBAAPL - ok
01:15:47.0890 1324 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:15:47.0890 1324 usbccgp - ok
01:15:48.0312 1324 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:15:48.0328 1324 usbehci - ok
01:15:48.0765 1324 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:15:48.0765 1324 usbhub - ok
01:15:49.0187 1324 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:15:49.0187 1324 usbprint - ok
01:15:49.0640 1324 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:15:49.0640 1324 usbscan - ok
01:15:50.0031 1324 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:15:50.0046 1324 USBSTOR - ok
01:15:50.0453 1324 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:15:50.0453 1324 usbuhci - ok
01:15:50.0890 1324 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
01:15:50.0890 1324 VgaSave - ok
01:15:51.0312 1324 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
01:15:51.0312 1324 viaagp - ok
01:15:51.0765 1324 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
01:15:51.0765 1324 ViaIde - ok
01:15:52.0187 1324 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
01:15:52.0187 1324 VolSnap - ok
01:15:52.0656 1324 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:15:52.0671 1324 Wanarp - ok
01:15:53.0031 1324 wanatw - ok
01:15:53.0328 1324 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
01:15:53.0328 1324 WDC_SAM - ok
01:15:53.0718 1324 WDICA - ok
01:15:54.0062 1324 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
01:15:54.0062 1324 wdmaud - ok
01:15:54.0593 1324 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
01:15:54.0593 1324 WS2IFSL - ok
01:15:55.0031 1324 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:15:55.0031 1324 WudfPf - ok
01:15:55.0468 1324 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:15:55.0468 1324 WudfRd - ok
01:15:55.0546 1324 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
01:15:55.0562 1324 \Device\Harddisk0\DR0 - ok
01:15:55.0578 1324 Boot (0x1200) (9b3833eae0350f0ac9217d3f87806f35) \Device\Harddisk0\DR0\Partition0
01:15:55.0578 1324 \Device\Harddisk0\DR0\Partition0 - ok
01:15:55.0578 1324 ============================================================
01:15:55.0578 1324 Scan finished
01:15:55.0578 1324 ============================================================
01:15:55.0593 1996 Detected object count: 2
01:15:55.0593 1996 Actual detected object count: 2
01:17:18.0750 1996 dtscsi ( LockedFile.Multi.Generic ) - skipped by user
01:17:18.0750 1996 dtscsi ( LockedFile.Multi.Generic ) - User select action: Skip
01:17:18.0750 1996 sptd ( LockedFile.Multi.Generic ) - skipped by user
01:17:18.0750 1996 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
01:19:24.0937 0296 Deinitialize success
  • 0

#12
Opa the Openminded
Posted 26 October 2011 - 02:36 AM

Opa the Openminded

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
As for how my computer is currently running, the iexplore.exe which uses up much of my resources can still be found under the processes in Windows Task Manager. Also, ever since the OTL crashed the computer when i play music back as well as youtube videos the playback is slower than it should be, with sounds appearing to play in slow-mo. Have a nice night and many thanks for your continuous help :)
  • 0

#13
SweetTech
Posted 26 October 2011 - 11:10 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

No worries.

Ok, first off the file you were asking about:
[2011/10/04 04:38:36 | 001,146,943 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\STEEL.EXE
was downloaded from an abandonware website. Basically it is free gaming software that is no longer supported or sold by the company and has become free to the public. The game was Steel Panthers. I created that desktop shortcut so that I could quickly load it into the DOSBox program (which is a virtual DOS), however for some reason when I created the shortcut it never worked and I was instead forced to load the game via the original file. The website I obtained that file from was abandonia.com

Okay, thanks for that information, as well as the information regarding the registry keys alerts.

Lets run another tool.

Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#14
Opa the Openminded
Posted 26 October 2011 - 01:26 PM

Opa the Openminded

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Good afternoon. Before I run ComboFix, should I also disable my firewall? I believe I ONLY have one firewall active, and one AntiVirus active, but no AntiSpyware that I am aware of.
  • 0

#15
SweetTech
Posted 26 October 2011 - 10:07 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

I wouldn't worry about disabling your Firewall for this scan, I'd ensure that your anti-virus program was disabled.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP