Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

all search engines crash [Closed]

Started by SueTD , Oct 25 2011 03:04 PM

  • This topic is locked This topic is locked

#1
SueTD
Posted 25 October 2011 - 03:04 PM

SueTD

    Member

  • Member
  • PipPipPip
  • 114 posts
I posted a topic in another forum on this website about my computer knocking me offline no matter which search engine I use (IE, Firefox, Safari, Google Chrome). Sometimes it's fine while I check email or go to one or two websites. If I click on too many things, it knocks me offline. I was told that the one new error message I got that day was a Safari issue so to unistall or go back to an older version. I uninstalled Safari. The other instruction I received from a tech on that forum was to click on the first topic in the Virus, Spyware, and Malware removal forum and follow instructions. Then to return once I have a clean bill of health. My computer froze today and there was a blue screen when it came back on but ran something on it's own because I didn't have to click on anything. Then my computer came back on. I have run OTL and posted the logfile below.
Please tell me what to do from here. I do not know a lot of technical terms, but I can follow detailed instructions.
Thank you for your help
Susan

OTL logfile created on: 10/25/2011 4:35:05 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Susan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 89.70 Mb Available Physical Memory | 17.87% Memory free
1.20 Gb Paging File | 0.64 Gb Available in Paging File | 53.14% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.70 Gb Total Space | 13.64 Gb Free Space | 19.02% Space Free | Partition Type: NTFS

Computer Name: ARTROOM | User Name: Susan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/25 16:34:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTL.exe
PRC - [2011/09/02 09:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/08/15 09:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/08/08 13:08:46 | 001,407,848 | ---- | M] (Garmin) -- C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/01/05 13:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM7\aim.exe
PRC - [2008/09/08 11:21:05 | 000,112,072 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2008/09/08 11:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/25 20:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1134504319\EE\aolsoftware.exe
PRC - [2006/03/09 22:24:04 | 000,071,168 | ---- | M] () -- C:\WINDOWS\SYSTEM32\LxrJD31s.exe
PRC - [2006/02/10 08:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2006/01/10 16:56:58 | 001,896,448 | ---- | M] (BellSouth) -- C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
PRC - [2005/06/07 00:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 16:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/14 03:10:19 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\1faca3f09472860e010689b67c68a327\System.Xml.Linq.ni.dll
MOD - [2011/10/14 03:10:17 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\4185130eda1d7a5e0e0474e72343570b\System.Xaml.ni.dll
MOD - [2011/10/14 03:07:43 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f2a34f1fb98ab9e8a76a22e132e18b21\System.Windows.Forms.ni.dll
MOD - [2011/10/14 03:07:27 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c04dcef499114715d2a222c01ea6b227\System.Drawing.ni.dll
MOD - [2011/10/14 03:07:08 | 017,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\63d537bacaab5416d09a2a3cdf6a3667\PresentationFramework.ni.dll
MOD - [2011/10/14 03:06:41 | 000,284,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\63f98ea6df6a734c122348fa32296df0\PresentationFramework.Classic.ni.dll
MOD - [2011/10/14 03:06:39 | 011,106,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\75f3656725581b2c90785755775bdf48\PresentationCore.ni.dll
MOD - [2011/10/14 03:06:21 | 003,798,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\6e1c62ce679c8157560c7593c066cd85\WindowsBase.ni.dll
MOD - [2011/10/14 03:06:09 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\a401952384c24581989cdc85270f3d9d\System.Xml.ni.dll
MOD - [2011/10/14 03:05:57 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\52598abacb89081ab248f435d9dabdf4\System.Core.ni.dll
MOD - [2011/10/14 03:05:40 | 009,085,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\af709611f9ffff0544b1d750303c4afa\System.ni.dll
MOD - [2011/10/14 03:05:28 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2011/10/14 03:02:09 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_47a7f639\mscorlib.dll
MOD - [2011/10/14 03:02:02 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_d691d26d\system.drawing.dll
MOD - [2011/10/14 03:01:46 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_1d021263\system.xml.dll
MOD - [2011/10/14 03:01:39 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_fc93b16d\system.windows.forms.dll
MOD - [2011/10/14 03:01:30 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_17bf5714\system.dll
MOD - [2011/10/14 03:01:12 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/10/11 14:50:10 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/10/11 14:50:08 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/08/31 14:09:29 | 000,589,184 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/08/31 14:09:29 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2011/08/04 08:15:13 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/07/21 14:59:08 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/05 13:06:43 | 000,176,128 | ---- | M] () -- C:\Program Files\AIM7\nssckbi.dll
MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\SYSTEM32\quartz.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\SYSTEM32\devenum.dll
MOD - [2007/01/18 17:05:41 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2007/01/18 17:05:36 | 001,163,264 | ---- | M] () -- c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2007/01/18 17:05:36 | 000,790,528 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2007/01/18 17:05:34 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2007/01/18 17:05:33 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2007/01/18 17:05:33 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2007/01/18 17:05:32 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2007/01/18 17:05:32 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2007/01/18 17:05:32 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2007/01/18 17:05:32 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll
MOD - [2007/01/18 17:05:32 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2007/01/18 17:05:32 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2007/01/18 17:05:32 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2007/01/18 17:05:32 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2007/01/18 17:05:31 | 000,516,096 | ---- | M] () -- c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2007/01/18 17:05:31 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2007/01/18 17:05:31 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2007/01/18 17:05:31 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2007/01/18 17:05:31 | 000,061,440 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2007/01/18 17:05:31 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2007/01/18 17:05:31 | 000,014,848 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2007/01/18 17:05:31 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2007/01/18 17:05:31 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2007/01/18 17:05:30 | 000,385,024 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2007/01/18 17:05:30 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2007/01/18 17:05:30 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2007/01/18 17:05:30 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2007/01/18 17:05:30 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2007/01/18 17:05:30 | 000,020,480 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2007/01/18 17:05:29 | 000,593,920 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2007/01/18 17:05:29 | 000,425,984 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2006/06/23 18:38:51 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2006/06/23 18:38:50 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2006/06/23 18:38:49 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2006/03/09 22:24:04 | 000,071,168 | ---- | M] () -- C:\WINDOWS\SYSTEM32\LxrJD31s.exe
MOD - [2005/12/12 21:03:20 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2004/12/10 07:51:50 | 000,061,952 | ---- | M] () -- C:\Program Files\Ares\MP3Source.ax
MOD - [2004/02/16 10:47:10 | 000,053,248 | ---- | M] () -- C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
MOD - [2003/08/02 23:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll
MOD - [2002/07/04 10:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\Share\PIHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (0058351272057688mcinstcleanup) McAfee Application Installer Cleanup (0058351272057688)
SRV - [2011/09/02 09:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2008/09/08 11:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2007/03/19 21:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/03/09 22:24:04 | 000,071,168 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2011/07/21 14:59:08 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/07/21 14:59:08 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2006/11/16 11:04:20 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/03/09 22:24:04 | 000,069,824 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LxrJD31d.sys -- (LxrJD31d)
DRV - [2005/06/05 21:44:05 | 000,091,841 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\P0630Vid.sys -- (P0630VID)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/03/24 11:12:44 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/18 21:00:00 | 000,091,392 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\P1171Vid.sys -- (P1171VID)
DRV - [2003/12/30 07:38:52 | 000,028,080 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2003/11/20 18:14:28 | 000,646,825 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2003/11/20 18:13:40 | 001,232,741 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2003/11/20 18:12:56 | 000,059,717 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2003/11/20 18:12:42 | 000,037,048 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/17 15:06:56 | 000,227,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sndp106.sys -- (SNDP106) Dual Mode Camera (8001 CIF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yah.../att/ie/welcome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.100005
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {9E848C9E-9755-438C-AB53-561E65467C16}:1.0
FF - prefs.js..extensions.enabledItems: {0406AFF6-FADD-44B4-8C6F-7C87FC2E5F48}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://websearch.ask...=YYYYYYYYUS&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2303: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2361: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1465: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@SceneCaster.com/SceneCaster: C:\Program Files\SceneCaster\Version 3.11.16\NPSceneCaster.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Susan\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Susan\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{9E848C9E-9755-438C-AB53-561E65467C16}: C:\Documents and Settings\Susan\Local Settings\Application Data\{9E848C9E-9755-438C-AB53-561E65467C16} [2009/04/08 07:21:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0406AFF6-FADD-44B4-8C6F-7C87FC2E5F48}: C:\Documents and Settings\Torie Marissa\Local Settings\Application Data\{0406AFF6-FADD-44B4-8C6F-7C87FC2E5F48} [2009/04/05 14:36:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/12 17:19:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 18:37:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/25 00:50:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/12 17:19:48 | 000,000,000 | ---D | M]

[2009/07/14 11:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Susan\Application Data\Mozilla\Extensions
[2011/08/26 11:14:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Susan\Application Data\Mozilla\Firefox\Profiles\1jieaaud.default\extensions
[2011/08/26 11:14:49 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Susan\Application Data\Mozilla\Firefox\Profiles\1jieaaud.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/10/06 08:25:38 | 000,000,000 | ---D | M] ("Foxit PDF Creator Toolbar") -- C:\Documents and Settings\Susan\Application Data\Mozilla\Firefox\Profiles\1jieaaud.default\extensions\[email protected]
[2011/05/31 07:47:26 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\Susan\Application Data\Mozilla\Firefox\Profiles\1jieaaud.default\searchplugins\askcom.xml
[2011/06/12 09:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/28 14:38:56 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/16 15:04:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/12 08:05:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/12 15:18:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/12 15:25:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/23 12:25:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/12 09:48:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/04/04 14:59:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/08 18:37:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/17 09:30:25 | 000,028,488 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2011/06/17 09:30:25 | 000,185,240 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2011/06/17 09:31:06 | 000,099,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2011/06/17 09:30:23 | 000,061,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/09/03 12:45:40 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Susan\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Susan\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Susan\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Susan\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_Yulia = C:\Documents and Settings\Susan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\onomgjhiigbnmhkghhpgdojopdlhddbe\2_0\

O1 HOSTS File: ([2009/07/21 17:42:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
O3 - HKLM\..\Toolbar: (AIM Search) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe (BellSouth)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134504319\EE\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [PD0630 STISvc] C:\WINDOWS\System32\P0630Pin.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe ()
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM7\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe (Broderbund Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Susan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Susan\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1247153334437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8DD733A8-353A-4E93-AB85-93CA8DC96F6A} https://objects.aol....s/Activator.cab (ActivatorControl1 Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://hallmark.web...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.co...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D6CCFE2-8EBC-4280-B90E-A26D61B90FA2}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Susan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Susan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SsiEfr.e)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/25 16:34:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTL.exe
[2011/10/21 10:27:26 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/08/31 18:21:11 | 015,441,768 | ---- | C] (GARMIN Corp.) -- C:\Program Files\npGarmin.dll
[2011/08/31 17:29:31 | 011,272,288 | ---- | C] (Garmin International) -- C:\Program Files\GarminLifetimeUpdaterInstaller.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/25 16:34:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTL.exe
[2011/10/25 16:28:14 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-2139871995-725345543-1004UA.job
[2011/10/25 16:16:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/25 16:16:01 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/10/25 16:14:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/25 16:14:45 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/25 16:14:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/25 11:01:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/10/25 10:25:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/25 09:28:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-2139871995-725345543-1004Core.job
[2011/10/24 13:59:08 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/23 08:15:59 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/10/23 08:15:59 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/10/21 10:27:40 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/10/21 10:14:53 | 010,268,672 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\Ad-Aware95Install.msi
[2011/10/20 08:13:34 | 000,000,135 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/14 03:35:58 | 000,578,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/14 03:12:16 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/14 03:03:11 | 000,422,068 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/14 03:03:11 | 000,061,770 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/07 17:58:11 | 000,057,103 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\293956_1897123842502_1673790052_1525530_438630_n.jpg
[2011/10/05 21:24:57 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Susan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/05 21:24:56 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\Google Chrome.lnk
[2011/09/28 10:30:51 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/21 10:14:00 | 010,268,672 | ---- | C] () -- C:\Documents and Settings\Susan\My Documents\Ad-Aware95Install.msi
[2011/10/07 17:57:36 | 000,057,103 | ---- | C] () -- C:\Documents and Settings\Susan\My Documents\293956_1897123842502_1673790052_1525530_438630_n.jpg
[2011/09/23 23:51:33 | 000,391,802 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1177238915-2139871995-725345543-1004-0.dat
[2011/09/07 03:20:47 | 000,391,802 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/08/07 08:11:04 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/07 08:11:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/07/09 13:40:36 | 000,142,352 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/29 12:24:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2011/03/24 18:37:12 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p24].bmp
[2011/03/24 18:37:11 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p23].bmp
[2011/03/24 18:37:10 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p22].bmp
[2011/03/24 18:37:09 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p21].bmp
[2011/03/24 18:37:08 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p20].bmp
[2011/03/24 18:37:06 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p19].bmp
[2011/03/24 18:37:05 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p18].bmp
[2011/03/24 18:37:04 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p17].bmp
[2011/03/24 18:37:02 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p16].bmp
[2011/03/24 18:37:01 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p15].bmp
[2011/03/24 18:37:00 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p14].bmp
[2011/03/24 18:36:59 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p13].bmp
[2011/03/24 18:36:58 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p12].bmp
[2011/03/24 18:36:56 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p11].bmp
[2011/03/24 18:36:55 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p10].bmp
[2011/03/24 18:36:54 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p09].bmp
[2011/03/24 18:36:53 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p08].bmp
[2011/03/24 18:36:52 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p07].bmp
[2011/03/24 18:36:50 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p06].bmp
[2011/03/24 18:36:49 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p05].bmp
[2011/03/24 18:36:48 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p04].bmp
[2011/03/24 18:36:47 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p03].bmp
[2010/12/12 17:04:08 | 000,207,226 | ---- | C] () -- C:\WINDOWS\hpwins28.dat
[2010/12/12 17:04:08 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat
[2010/11/28 14:40:25 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/07/25 23:59:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/27 23:50:27 | 000,000,100 | --S- | C] () -- C:\WINDOWS\System32\3234329854.dat
[2008/04/24 13:55:36 | 000,117,094 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2008/04/24 13:55:35 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2008/03/16 09:47:03 | 000,000,053 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2008/01/28 19:28:40 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/06/22 17:28:15 | 000,000,135 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/20 20:33:23 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/17 19:56:35 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/05/17 19:56:35 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/03/04 16:17:11 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/01/18 17:24:01 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\fusioncache.dat
[2007/01/18 16:46:17 | 000,116,490 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2006/09/10 09:42:46 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2006/09/10 09:42:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2006/08/02 00:02:56 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\sndp106.dll
[2006/08/02 00:02:56 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\dsndp106.dll
[2006/08/02 00:02:56 | 000,015,474 | ---- | C] () -- C:\WINDOWS\sndp106.ini
[2006/08/02 00:02:55 | 000,227,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sndp106.sys
[2006/08/02 00:02:55 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\vsndp106.dll
[2006/08/02 00:02:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\dsndp106.exe
[2006/07/06 17:59:35 | 000,000,101 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\REGISTRY.INI
[2006/05/30 21:03:17 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/05/29 19:11:35 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/05/29 19:11:35 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/05/12 09:28:44 | 000,000,003 | ---- | C] () -- C:\WINDOWS\unq32.dat
[2006/05/12 07:59:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/05/11 16:29:52 | 000,001,094 | ---- | C] () -- C:\WINDOWS\System32\w00d3612.ini
[2006/05/11 15:50:52 | 000,000,045 | ---- | C] () -- C:\WINDOWS\jptc.dat
[2006/05/05 19:19:28 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2005/12/27 10:26:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/12/24 18:55:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/12/23 12:33:15 | 000,001,913 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/12/16 14:47:16 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/14 16:02:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2005/12/14 16:02:25 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2005/12/14 16:02:25 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31c.exe
[2005/12/14 16:02:25 | 000,071,168 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31s.exe
[2005/12/14 16:02:25 | 000,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2005/12/14 16:02:25 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2005/12/13 17:53:54 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2005/12/13 17:53:43 | 000,029,521 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2005/12/13 17:53:43 | 000,020,910 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2005/12/13 17:53:43 | 000,020,869 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2005/12/13 17:53:43 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/12/13 17:48:56 | 000,000,235 | ---- | C] () -- C:\WINDOWS\EPSON CX6600 Installer.ini
[2005/12/13 16:08:23 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2005/12/13 16:04:43 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/12 22:37:19 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/12/12 21:17:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/12 20:58:41 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Susan\Application Data\PFP120JPR.{PB
[2005/12/12 20:58:41 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Susan\Application Data\PFP120JCM.{PB
[2005/12/12 20:35:19 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/12 20:30:10 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2005/12/12 20:29:41 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2005/12/12 20:19:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/12 20:12:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/12/12 15:02:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/12 15:00:57 | 000,578,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/01/08 17:56:52 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2004/12/24 14:14:07 | 000,120,871 | ---- | C] () -- C:\WINDOWS\usndp106.exe
[2004/09/22 14:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 10:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 10:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 10:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 10:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 10:03:20 | 000,422,068 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 10:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 10:03:19 | 000,061,770 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 10:02:43 | 006,566,656 | ---- | C] () -- C:\WINDOWS\System32\qojfwtii.dat
[2004/08/12 10:02:43 | 000,218,368 | ---- | C] () -- C:\WINDOWS\System32\yfjwkzrg.dat
[2004/08/12 10:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 09:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 09:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 09:58:15 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/12 09:58:15 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/12 09:58:15 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/12 09:58:15 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/12 09:58:15 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/12 09:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 09:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2008/12/02 09:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/05/14 08:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2005/12/27 11:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2005/12/12 21:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2005/12/21 16:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2005/12/12 21:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2011/10/21 10:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/09/11 21:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/06/20 22:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/08/30 17:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/04 18:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2007/10/09 22:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\acccore
[2006/12/17 23:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Aim
[2006/09/10 10:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\BellSouth
[2008/09/20 17:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/03 12:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Foxit
[2011/01/28 12:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Foxit Software
[2011/08/31 17:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\GARMIN
[2005/12/13 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Leadertech
[2006/12/12 22:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\MP3Rocket
[2009/03/16 09:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\MyPublisher
[2011/03/13 20:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\ooVoo Details
[2007/06/18 22:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Snapfish
[2006/02/02 13:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Ulead Systems
[2007/01/11 19:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Viewpoint
[2006/12/12 20:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\WeatherBug
[2011/10/25 16:16:01 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/10/25 11:01:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Susan\My Documents\epson11375.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Susan\Desktop\ATF-Cleaner.exe:SummaryInformation
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements

#2
maliprog
Posted 25 October 2011 - 11:57 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello SueTD and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Can you please uninstall Viewpoint manager from Add/Remove programs in Control Panel

  • Click on Start, Control Panel, Add/Remove Programs
  • Uninstall any of the following programs associated with Viewpoint
    • Viewpoint Manager
    • Viewpoint Media Player
    • Viewpoint Toolbar
  • Close the Add/Remove Programs and Control Panel
  • Restart your computer

Step 2

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
    O16 - DPF: {8DD733A8-353A-4E93-AB85-93CA8DC96F6A} https://objects.aol....s/Activator.cab (ActivatorControl1 Class)

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#3
SueTD
Posted 26 October 2011 - 08:43 AM

SueTD

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
I am replying from my laptop, because I can not use my computer now. Please tell me how to proceed from here.

I completed Step 1; uninstalling all three of the Viewpoint related programs.
I restarted my computer.
It was loading my desktop when I got a blue screen. I wrote down some of the main things it said:

Page_fault_in_nonpaged_area
***STOP: 0x00000050(0xE36F2D7C, 0x00000000, 0x8062EA5D, 0x00000002)
Beginning dump of physical memory

After it said the dump was complete, it said if this is the 1st time seeing this message restart, if not, contact my tech support. It was the first time, so I restarted. The computer got all the way up to where I could click to open my account and started loading my desktop again, when I got the same blue screen.

Thanks
SueTD
  • 0

#4
maliprog
Posted 26 October 2011 - 01:04 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
This shouldn't happened after uninstallation of the program. Let's try this.

Please restart in Last known good contiguration:

  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Last known good contiguration option is selected.
  • Press Enter. The computer then begins to start.

If you fail to restore it to Last known good configuration then try Safe mode

Please restart in safe mode:
  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

  • 0

#5
SueTD
Posted 26 October 2011 - 02:47 PM

SueTD

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
I was able to start the computer again and restored it to 'last known good configuration'. Since this crash and blue screen happened after uninstalling Viewpoint, do you want me to continue on to Step 2; Run OTL? The original post said that "this fix is for this system only and for current system state". Has the state of my system changed or is it okay to copy and paste the quote under Custom Scans/Fixes as you wrote it in the previous message?

If anything has changed, please send me new instructions. If not, I will go on to the next step and then paste the fix log for you.

Thanks
SueTD
  • 0

#6
maliprog
Posted 26 October 2011 - 10:57 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi SueTD,

You did good thing and ask me. Please continue with Step 2 and Step 3 and post logs here for me. For this situation it's OK to continue.
  • 0

#7
SueTD
Posted 27 October 2011 - 07:29 AM

SueTD

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
I am typing from my laptop again.
I ran OTL, rebooted and logged in to paste the results when my computer crashed again. The blue screen message this time was:

Disable or uninstall any anti-virus, disk defragmentaiton or back up utilities, check your hard drive configuration, and check for any updated drivers. RUN CHKDSK/F to check for hard drive corruption and restart computer.

***STOP: 0x00000024 (0x001902FE, 0xA96A256C, 0xA96A2268, 0xF827B64A)

***Ntfs.sys - Address F827B64A base at F825000, Date stamp 48025be5

Then it said the same thing as last time about contacting tech support.

The last time I got a blue screen and tried to get the computer back, after pressing F8 to get to the "last known good configuration", there were two choices on the next screen. One said Windows XP and the other said Recovery Console. I think I chose Windows XP, but should I have chosen Recovery Console? If I have to reboot and choose one of those configurations (tell me which one); after that do you want me to run OTL with the same message pasted in the fix and try to paste it again or are we trying a new fix message this time?

Thanks again.
SueTD
  • 0

#8
maliprog
Posted 27 October 2011 - 11:13 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
We'll skip those steps for now. Start your system in Normal mode if you can. After that:

  • Go to Start -> My Computer
  • Right click on C: disk and clik on Properties
  • Click on tab Tools and click on Check now... button
  • Check Automatically fix system errors and Scan for and attempt recovery of bad sectors
  • Click Start button
  • Confirm schedule disk check next time computer starts with Yes button
  • Restart your system and wait while system checks your disk for errors

This step usually fix some errors related to BSOD.
  • 0

#9
SueTD
Posted 27 October 2011 - 12:06 PM

SueTD

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
I did the fix errors and recovery instructions and am now able to use this computer again. So, do I follow Step 2 again; run OTL, post the log and then go on to Step 3? If not, just send me new instructions.
Thanks
SueTD
  • 0

#10
maliprog
Posted 27 October 2011 - 01:15 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You have ran OTL before... remember what you sad

I ran OTL, rebooted and logged in to paste the results when my computer crashed again.


Try to find last log in C:\_OTL\MovedFiles and post it here for me.

After that run Combofix (Step 3) and post Combofix log.
  • 0

Advertisements

#11
SueTD
Posted 27 October 2011 - 01:41 PM

SueTD

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
This is the OTL log that I ran before the computer crashed. I didn't know if you needed another one done after it crashed and recovered, in case anything was changed. I'll go on the the next thing you said now.
SueTD


All processes killed
========== OTL ==========
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Starting removal of ActiveX control {8DD733A8-353A-4E93-AB85-93CA8DC96F6A}
C:\WINDOWS\Downloaded Program Files\Activator.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8DD733A8-353A-4E93-AB85-93CA8DC96F6A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DD733A8-353A-4E93-AB85-93CA8DC96F6A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8DD733A8-353A-4E93-AB85-93CA8DC96F6A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DD733A8-353A-4E93-AB85-93CA8DC96F6A}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bill
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1965780 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1772 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Justin
->Temp folder emptied: 31820 bytes
->Temporary Internet Files folder emptied: 25315454 bytes
->Java cache emptied: 9168269 bytes
->FireFox cache emptied: 98812833 bytes
->Flash cache emptied: 74068 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 683648 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 19603214 bytes

User: Susan
->Temp folder emptied: 137448303 bytes
->Temporary Internet Files folder emptied: 3969538 bytes
->Java cache emptied: 4980108 bytes
->FireFox cache emptied: 45452002 bytes
->Google Chrome cache emptied: 265846391 bytes
->Apple Safari cache emptied: 150400000 bytes
->Flash cache emptied: 1887859 bytes

User: TEMP
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.ARTROOM
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Torie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1324841 bytes

User: Torie Marissa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 11654098 bytes
->Java cache emptied: 39467019 bytes
->FireFox cache emptied: 103529586 bytes
->Flash cache emptied: 1926335 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 302349 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 61427267 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 940.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 10272011_084437

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#12
maliprog
Posted 27 October 2011 - 01:55 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
That's the one. OTL did his job. Please post Combofix log after the scan now.
  • 0

#13
SueTD
Posted 27 October 2011 - 02:15 PM

SueTD

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
I was knocked offline but it returned me. It doesn't look like the message I typed got posted eventhough I thought I clicked it before I was knocked offline. I have had two crashes with blue screens since the last post. One happened when Combofix started to run. I did disable antivirus programs first as instructed. First blue screen said something about BIOS and drivers, second blue screen said Memory Management. I wrote down the code for both if you need it. Should I try to run Combofix again? Your notes say not to re-run but it didn't finish so I don't know if that counts or not. Please advise me what to do now.
SueTD
  • 0

#14
maliprog
Posted 27 October 2011 - 02:22 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Leave Combofix for now. We'll use it later. Let's try this two steps

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply
Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#15
SueTD
Posted 27 October 2011 - 03:18 PM

SueTD

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
This is the log from the TDSSKiller. It only said suspicious file and I left it as "skip" as you said. I am going on to the next step now.
SueTD


17:08:33.0781 3576 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
17:08:34.0312 3576 ============================================================
17:08:34.0312 3576 Current date / time: 2011/10/27 17:08:34.0312
17:08:34.0312 3576 SystemInfo:
17:08:34.0312 3576
17:08:34.0312 3576 OS Version: 5.1.2600 ServicePack: 3.0
17:08:34.0312 3576 Product type: Workstation
17:08:34.0312 3576 ComputerName: ARTROOM
17:08:34.0312 3576 UserName: Susan
17:08:34.0312 3576 Windows directory: C:\WINDOWS
17:08:34.0312 3576 System windows directory: C:\WINDOWS
17:08:34.0312 3576 Processor architecture: Intel x86
17:08:34.0312 3576 Number of processors: 2
17:08:34.0312 3576 Page size: 0x1000
17:08:34.0312 3576 Boot type: Normal boot
17:08:34.0312 3576 ============================================================
17:08:36.0890 3576 Initialize success
17:08:42.0109 1720 ============================================================
17:08:42.0109 1720 Scan started
17:08:42.0109 1720 Mode: Manual;
17:08:42.0109 1720 ============================================================
17:08:45.0765 1720 Abiosdsk - ok
17:08:45.0812 1720 abp480n5 - ok
17:08:45.0890 1720 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:08:45.0890 1720 ACPI - ok
17:08:45.0953 1720 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:08:45.0953 1720 ACPIEC - ok
17:08:46.0000 1720 adpu160m - ok
17:08:46.0093 1720 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:08:46.0093 1720 aec - ok
17:08:46.0171 1720 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:08:46.0171 1720 AFD - ok
17:08:46.0218 1720 Aha154x - ok
17:08:46.0265 1720 aic78u2 - ok
17:08:46.0296 1720 aic78xx - ok
17:08:46.0343 1720 AliIde - ok
17:08:46.0390 1720 amsint - ok
17:08:46.0453 1720 asc - ok
17:08:46.0500 1720 asc3350p - ok
17:08:46.0531 1720 asc3550 - ok
17:08:46.0609 1720 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:08:46.0609 1720 AsyncMac - ok
17:08:46.0671 1720 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:08:46.0671 1720 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\atapi.sys. Real md5: 9f3a2f5aa6875c72bf062c712cfa2674, Fake md5: dddea80894503b30541407d90f45c442
17:08:46.0671 1720 atapi ( ForgedFile.Multi.Generic ) - warning
17:08:46.0671 1720 atapi - detected ForgedFile.Multi.Generic (1)
17:08:46.0718 1720 Atdisk - ok
17:08:46.0781 1720 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:08:46.0781 1720 Atmarpc - ok
17:08:46.0859 1720 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:08:46.0859 1720 audstub - ok
17:08:46.0906 1720 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:08:46.0906 1720 Beep - ok
17:08:46.0984 1720 bvrp_pci (c945dc4eee3f624dfd07788ea7f0db0a) C:\WINDOWS\system32\drivers\bvrp_pci.sys
17:08:46.0984 1720 bvrp_pci - ok
17:08:47.0046 1720 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:08:47.0046 1720 cbidf2k - ok
17:08:47.0125 1720 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:08:47.0125 1720 CCDECODE - ok
17:08:47.0171 1720 cd20xrnt - ok
17:08:47.0296 1720 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:08:47.0296 1720 Cdaudio - ok
17:08:47.0359 1720 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:08:47.0359 1720 Cdfs - ok
17:08:47.0406 1720 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:08:47.0406 1720 Cdrom - ok
17:08:47.0484 1720 Changer - ok
17:08:47.0562 1720 CmdIde - ok
17:08:47.0609 1720 Cpqarray - ok
17:08:47.0671 1720 dac2w2k - ok
17:08:47.0703 1720 dac960nt - ok
17:08:47.0765 1720 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:08:47.0765 1720 Disk - ok
17:08:47.0875 1720 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:08:47.0906 1720 dmboot - ok
17:08:47.0968 1720 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:08:47.0968 1720 dmio - ok
17:08:48.0031 1720 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:08:48.0031 1720 dmload - ok
17:08:48.0093 1720 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:08:48.0109 1720 DMusic - ok
17:08:48.0187 1720 dpti2o - ok
17:08:48.0296 1720 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:08:48.0296 1720 drmkaud - ok
17:08:48.0359 1720 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
17:08:48.0375 1720 drvmcdb - ok
17:08:48.0406 1720 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
17:08:48.0406 1720 drvnddm - ok
17:08:48.0484 1720 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:08:48.0484 1720 E100B - ok
17:08:48.0546 1720 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:08:48.0546 1720 Fastfat - ok
17:08:48.0593 1720 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:08:48.0609 1720 Fdc - ok
17:08:48.0656 1720 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:08:48.0671 1720 Fips - ok
17:08:48.0734 1720 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:08:48.0734 1720 Flpydisk - ok
17:08:48.0796 1720 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:08:48.0796 1720 FltMgr - ok
17:08:48.0843 1720 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:08:48.0843 1720 Fs_Rec - ok
17:08:48.0890 1720 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:08:48.0890 1720 Ftdisk - ok
17:08:48.0984 1720 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:08:48.0984 1720 GEARAspiWDM - ok
17:08:49.0031 1720 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:08:49.0031 1720 Gpc - ok
17:08:49.0109 1720 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
17:08:49.0109 1720 grmnusb - ok
17:08:49.0171 1720 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:08:49.0171 1720 hidusb - ok
17:08:49.0203 1720 hpn - ok
17:08:49.0281 1720 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:08:49.0281 1720 HPZid412 - ok
17:08:49.0328 1720 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:08:49.0328 1720 HPZipr12 - ok
17:08:49.0390 1720 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:08:49.0390 1720 HPZius12 - ok
17:08:49.0468 1720 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:08:49.0484 1720 HTTP - ok
17:08:49.0531 1720 i2omgmt - ok
17:08:49.0562 1720 i2omp - ok
17:08:49.0609 1720 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:08:49.0609 1720 i8042prt - ok
17:08:49.0734 1720 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:08:49.0765 1720 ialm - ok
17:08:49.0812 1720 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:08:49.0812 1720 Imapi - ok
17:08:49.0890 1720 incdrm (195a22bc8674090ccce5c3e2b7d96aca) C:\WINDOWS\system32\drivers\incdrm.sys
17:08:49.0890 1720 incdrm - ok
17:08:49.0953 1720 ini910u - ok
17:08:50.0062 1720 IntelC51 (8e51bf1696821a72656444e0fd5081a3) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
17:08:50.0109 1720 IntelC51 - ok
17:08:50.0187 1720 IntelC52 (331ce31882754000ca2afbf7bd480513) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
17:08:50.0218 1720 IntelC52 - ok
17:08:50.0281 1720 IntelC53 (8001fac548eb0285d0085f4eb53c1e3f) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
17:08:50.0281 1720 IntelC53 - ok
17:08:50.0312 1720 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:08:50.0328 1720 IntelIde - ok
17:08:50.0375 1720 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:08:50.0390 1720 intelppm - ok
17:08:50.0453 1720 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:08:50.0453 1720 Ip6Fw - ok
17:08:50.0546 1720 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:08:50.0546 1720 IpFilterDriver - ok
17:08:50.0625 1720 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:08:50.0625 1720 IpInIp - ok
17:08:50.0718 1720 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:08:50.0718 1720 IpNat - ok
17:08:50.0796 1720 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:08:50.0796 1720 IPSec - ok
17:08:50.0875 1720 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:08:50.0875 1720 IRENUM - ok
17:08:50.0921 1720 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:08:50.0921 1720 isapnp - ok
17:08:50.0984 1720 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:08:50.0984 1720 Kbdclass - ok
17:08:51.0046 1720 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:08:51.0046 1720 kbdhid - ok
17:08:51.0125 1720 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:08:51.0125 1720 kmixer - ok
17:08:51.0203 1720 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:08:51.0203 1720 KSecDD - ok
17:08:51.0281 1720 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
17:08:51.0281 1720 Lavasoft Kernexplorer - ok
17:08:51.0343 1720 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:08:51.0343 1720 Lbd - ok
17:08:51.0390 1720 lbrtfdc - ok
17:08:51.0468 1720 LxrJD31d (3f6f7993ae46aded2db2886ed3080c80) C:\WINDOWS\system32\Drivers\LxrJD31d.sys
17:08:51.0484 1720 LxrJD31d - ok
17:08:51.0546 1720 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
17:08:51.0546 1720 MCSTRM - ok
17:08:51.0609 1720 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:08:51.0609 1720 mnmdd - ok
17:08:51.0687 1720 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:08:51.0687 1720 Modem - ok
17:08:51.0765 1720 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:08:51.0765 1720 MODEMCSA - ok
17:08:51.0828 1720 mohfilt (bdd406003c0c340cf6c5501165e83dcd) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
17:08:51.0828 1720 mohfilt - ok
17:08:51.0890 1720 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:08:51.0890 1720 Mouclass - ok
17:08:51.0953 1720 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:08:51.0953 1720 mouhid - ok
17:08:52.0000 1720 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:08:52.0000 1720 MountMgr - ok
17:08:52.0062 1720 mraid35x - ok
17:08:52.0125 1720 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:08:52.0140 1720 MRxDAV - ok
17:08:52.0218 1720 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:08:52.0234 1720 MRxSmb - ok
17:08:52.0296 1720 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:08:52.0296 1720 Msfs - ok
17:08:52.0375 1720 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:08:52.0375 1720 MSKSSRV - ok
17:08:52.0453 1720 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:08:52.0453 1720 MSPCLOCK - ok
17:08:52.0515 1720 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:08:52.0515 1720 MSPQM - ok
17:08:52.0593 1720 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:08:52.0593 1720 mssmbios - ok
17:08:52.0656 1720 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:08:52.0656 1720 MSTEE - ok
17:08:52.0734 1720 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:08:52.0734 1720 Mup - ok
17:08:52.0796 1720 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:08:52.0796 1720 NABTSFEC - ok
17:08:52.0875 1720 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:08:52.0875 1720 NDIS - ok
17:08:52.0937 1720 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:08:52.0937 1720 NdisIP - ok
17:08:53.0015 1720 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:08:53.0015 1720 NdisTapi - ok
17:08:53.0078 1720 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:08:53.0078 1720 Ndisuio - ok
17:08:53.0140 1720 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:08:53.0140 1720 NdisWan - ok
17:08:53.0203 1720 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:08:53.0203 1720 NDProxy - ok
17:08:53.0265 1720 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:08:53.0265 1720 NetBIOS - ok
17:08:53.0343 1720 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:08:53.0343 1720 NetBT - ok
17:08:53.0437 1720 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:08:53.0437 1720 Npfs - ok
17:08:53.0515 1720 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:08:53.0546 1720 Ntfs - ok
17:08:53.0625 1720 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:08:53.0625 1720 Null - ok
17:08:53.0703 1720 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:08:53.0703 1720 NwlnkFlt - ok
17:08:53.0781 1720 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:08:53.0781 1720 NwlnkFwd - ok
17:08:53.0859 1720 P0630VID (74446252eeae950240972108bbac2fbd) C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
17:08:53.0875 1720 P0630VID - ok
17:08:54.0000 1720 P1171VID (25069801c85d6deef75e8c221f37dcb2) C:\WINDOWS\system32\DRIVERS\P1171Vid.sys
17:08:54.0000 1720 P1171VID - ok
17:08:54.0078 1720 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:08:54.0093 1720 Parport - ok
17:08:54.0140 1720 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:08:54.0140 1720 PartMgr - ok
17:08:54.0218 1720 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:08:54.0218 1720 ParVdm - ok
17:08:54.0281 1720 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:08:54.0296 1720 PCI - ok
17:08:54.0343 1720 PCIDump - ok
17:08:54.0421 1720 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
17:08:54.0421 1720 PCIIde - ok
17:08:54.0500 1720 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:08:54.0500 1720 Pcmcia - ok
17:08:54.0562 1720 PDCOMP - ok
17:08:54.0625 1720 PDFRAME - ok
17:08:54.0703 1720 PDRELI - ok
17:08:54.0781 1720 PDRFRAME - ok
17:08:54.0859 1720 perc2 - ok
17:08:54.0937 1720 perc2hib - ok
17:08:55.0046 1720 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:08:55.0046 1720 PptpMiniport - ok
17:08:55.0093 1720 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:08:55.0093 1720 PSched - ok
17:08:55.0171 1720 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:08:55.0171 1720 Ptilink - ok
17:08:55.0218 1720 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:08:55.0234 1720 PxHelp20 - ok
17:08:55.0281 1720 ql1080 - ok
17:08:55.0359 1720 Ql10wnt - ok
17:08:55.0437 1720 ql12160 - ok
17:08:55.0500 1720 ql1240 - ok
17:08:55.0546 1720 ql1280 - ok
17:08:55.0593 1720 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:08:55.0593 1720 RasAcd - ok
17:08:55.0656 1720 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:08:55.0656 1720 Rasl2tp - ok
17:08:55.0703 1720 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:08:55.0703 1720 RasPppoe - ok
17:08:55.0750 1720 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:08:55.0750 1720 Raspti - ok
17:08:55.0796 1720 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:08:55.0796 1720 Rdbss - ok
17:08:55.0843 1720 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:08:55.0843 1720 RDPCDD - ok
17:08:55.0921 1720 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:08:55.0937 1720 RDPWD - ok
17:08:56.0031 1720 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:08:56.0031 1720 redbook - ok
17:08:56.0140 1720 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:08:56.0140 1720 Secdrv - ok
17:08:56.0250 1720 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
17:08:56.0265 1720 senfilt - ok
17:08:56.0343 1720 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:08:56.0343 1720 serenum - ok
17:08:56.0390 1720 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:08:56.0390 1720 Serial - ok
17:08:56.0468 1720 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:08:56.0468 1720 Sfloppy - ok
17:08:56.0515 1720 Simbad - ok
17:08:56.0578 1720 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:08:56.0578 1720 SLIP - ok
17:08:56.0656 1720 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
17:08:56.0656 1720 smwdm - ok
17:08:56.0734 1720 SNDP106 (7bb39e404f5ee8cacb15b2b4696d0d62) C:\WINDOWS\system32\DRIVERS\sndp106.sys
17:08:56.0750 1720 SNDP106 - ok
17:08:56.0796 1720 Sparrow - ok
17:08:56.0859 1720 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:08:56.0859 1720 splitter - ok
17:08:56.0921 1720 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:08:56.0921 1720 sr - ok
17:08:57.0000 1720 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:08:57.0000 1720 Srv - ok
17:08:57.0093 1720 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
17:08:57.0093 1720 sscdbhk5 - ok
17:08:57.0156 1720 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
17:08:57.0156 1720 ssrtln - ok
17:08:57.0218 1720 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
17:08:57.0218 1720 StillCam - ok
17:08:57.0281 1720 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:08:57.0281 1720 streamip - ok
17:08:57.0343 1720 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:08:57.0343 1720 swenum - ok
17:08:57.0390 1720 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:08:57.0390 1720 swmidi - ok
17:08:57.0453 1720 symc810 - ok
17:08:57.0531 1720 symc8xx - ok
17:08:57.0609 1720 sym_hi - ok
17:08:57.0640 1720 sym_u3 - ok
17:08:57.0703 1720 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:08:57.0703 1720 sysaudio - ok
17:08:57.0796 1720 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:08:57.0812 1720 Tcpip - ok
17:08:57.0875 1720 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:08:57.0875 1720 TDPIPE - ok
17:08:57.0968 1720 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:08:57.0968 1720 TDTCP - ok
17:08:58.0046 1720 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:08:58.0046 1720 TermDD - ok
17:08:58.0125 1720 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
17:08:58.0125 1720 tfsnboio - ok
17:08:58.0171 1720 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
17:08:58.0187 1720 tfsncofs - ok
17:08:58.0234 1720 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
17:08:58.0234 1720 tfsndrct - ok
17:08:58.0296 1720 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
17:08:58.0296 1720 tfsndres - ok
17:08:58.0343 1720 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
17:08:58.0359 1720 tfsnifs - ok
17:08:58.0406 1720 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
17:08:58.0406 1720 tfsnopio - ok
17:08:58.0453 1720 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
17:08:58.0453 1720 tfsnpool - ok
17:08:58.0500 1720 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
17:08:58.0515 1720 tfsnudf - ok
17:08:58.0578 1720 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
17:08:58.0578 1720 tfsnudfa - ok
17:08:58.0640 1720 TosIde - ok
17:08:58.0718 1720 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:08:58.0718 1720 Udfs - ok
17:08:58.0781 1720 ultra - ok
17:08:58.0906 1720 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:08:58.0921 1720 Update - ok
17:08:59.0000 1720 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:08:59.0000 1720 usbccgp - ok
17:08:59.0062 1720 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:08:59.0062 1720 usbehci - ok
17:08:59.0125 1720 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:08:59.0125 1720 usbhub - ok
17:08:59.0187 1720 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:08:59.0187 1720 usbprint - ok
17:08:59.0234 1720 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:08:59.0234 1720 usbscan - ok
17:08:59.0281 1720 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:08:59.0281 1720 USBSTOR - ok
17:08:59.0359 1720 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:08:59.0359 1720 usbuhci - ok
17:08:59.0406 1720 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:08:59.0406 1720 VgaSave - ok
17:08:59.0453 1720 ViaIde - ok
17:08:59.0531 1720 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:08:59.0546 1720 VolSnap - ok
17:08:59.0609 1720 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:08:59.0609 1720 Wanarp - ok
17:08:59.0687 1720 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
17:08:59.0687 1720 wanatw - ok
17:08:59.0734 1720 WDICA - ok
17:08:59.0812 1720 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:08:59.0812 1720 wdmaud - ok
17:08:59.0937 1720 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:08:59.0937 1720 WS2IFSL - ok
17:09:00.0015 1720 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:09:00.0015 1720 WSTCODEC - ok
17:09:00.0109 1720 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:09:00.0109 1720 WudfPf - ok
17:09:00.0203 1720 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:09:00.0203 1720 WudfRd - ok
17:09:00.0250 1720 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:09:00.0375 1720 \Device\Harddisk0\DR0 - ok
17:09:00.0390 1720 Boot (0x1200) (16f0ea3acfcdee0cc04dd0e7136067cd) \Device\Harddisk0\DR0\Partition0
17:09:00.0406 1720 \Device\Harddisk0\DR0\Partition0 - ok
17:09:00.0406 1720 ============================================================
17:09:00.0406 1720 Scan finished
17:09:00.0406 1720 ============================================================
17:09:00.0406 3360 Detected object count: 1
17:09:00.0406 3360 Actual detected object count: 1
17:09:23.0781 3360 atapi ( ForgedFile.Multi.Generic ) - skipped by user
17:09:23.0781 3360 atapi ( ForgedFile.Multi.Generic ) - User select action: Skip
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP