Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Freezing and rebooting

Started by Raven.Drive.mom , Oct 26 2011 10:49 AM

  • Please log in to reply

#1
Raven.Drive.mom
Posted 26 October 2011 - 10:49 AM

Raven.Drive.mom

    Member

  • Member
  • PipPip
  • 21 posts
I believe I have malware or spyware that is causing problems with my laptop. After 5 or 10 minutes it will freeze and reboot and most often it will run through CHKDSK scan first. I have Microsoft Security Essentials, Malwarebytes AntiMalware, Spybot Search and Destroy and Super AntiSpyware. I have updated and done scans with all of these. I have downloaded OTL and scanned and the log in posted below. I appreciate any help you can give me.
Thanks!

OTL logfile created on: 10/25/2011 12:43:54 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eleanor\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 39.06% Memory free
4.23 Gb Paging File | 2.85 Gb Available in Paging File | 67.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.30 Gb Total Space | 156.86 Gb Free Space | 71.20% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.66 Gb Free Space | 36.65% Space Free | Partition Type: NTFS

Computer Name: ELEANOR-PC | User Name: Eleanor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/25 12:31:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eleanor\Desktop\OTL.exe
PRC - [2011/10/20 17:02:55 | 004,615,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/09/19 11:09:04 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/02 13:48:22 | 000,139,264 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/22 19:22:20 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008/11/13 13:17:38 | 000,439,616 | ---- | M] () -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/02 00:37:16 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2008/01/02 00:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2008/01/02 00:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/12/03 01:58:54 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/11/01 17:39:28 | 000,189,736 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/09/24 05:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/24 05:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/24 05:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/24 05:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2006/11/27 11:14:52 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
PRC - [2006/11/03 19:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 19:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2003/04/25 14:34:00 | 004,386,816 | ---- | M] () -- C:\ProgramData\konasys32\gska\besys.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/25 12:43:15 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/10/25 12:43:15 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/10/25 12:41:49 | 002,224,128 | ---- | M] () -- C:\ProgramData\konasys32\gska\kosa9.dll
MOD - [2011/10/23 23:25:52 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/09/19 12:37:23 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/05/18 15:20:11 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2006/12/10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2006/11/20 15:29:10 | 000,101,376 | ---- | M] () -- C:\Windows\System32\APOMngr.dll
MOD - [2006/11/13 12:07:34 | 000,066,560 | ---- | M] () -- C:\Windows\System32\CmdRtr.dll
MOD - [2006/11/03 19:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/03 19:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2003/04/25 14:34:00 | 004,386,816 | ---- | M] () -- C:\ProgramData\konasys32\gska\besys.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/09/19 11:09:04 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/22 19:22:20 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/11/13 13:17:38 | 000,439,616 | ---- | M] () [Auto | Running] -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/02 00:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008/01/02 00:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/10/25 12:39:50 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A7DD23C8-70E5-4C65-A2F3-FD8EB5366FF4}\MpKsl4b4eb419.sys -- (MpKsl4b4eb419)
DRV - [2011/10/25 10:34:56 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A7DD23C8-70E5-4C65-A2F3-FD8EB5366FF4}\MpKsl334cc24e.sys -- (MpKsl334cc24e)
DRV - [2011/10/25 10:32:24 | 000,028,752 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A7DD23C8-70E5-4C65-A2F3-FD8EB5366FF4}\MpKsl5461fb3a.sys -- (MpKsl5461fb3a)
DRV - [2011/09/19 11:09:01 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/19 11:09:01 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/02/28 19:27:08 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/12 07:13:32 | 000,160,272 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2009/08/12 07:13:32 | 000,113,680 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2009/08/12 07:13:32 | 000,054,416 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2009/08/12 07:13:28 | 000,160,272 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2009/08/12 07:13:28 | 000,011,920 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUWFLT.sys -- (PTDUWFLT)
DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/04/23 16:51:18 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2008/06/23 08:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/02 00:37:18 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/12/03 01:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/12/03 01:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/25 04:40:58 | 007,617,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/24 05:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/08/13 05:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/11/27 03:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 03:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 03:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFree.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google....l/?shva=1#inbox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = https://mail.google....l/?shva=1#inbox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Eleanor\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Eleanor\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Eleanor\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eleanor\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eleanor\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/07/01 20:12:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/28 03:06:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Eleanor\AppData\Roaming\Move Networks [2010/04/15 15:48:33 | 000,000,000 | ---D | M]

[2009/03/09 23:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eleanor\AppData\Roaming\Mozilla\Extensions
[2009/03/09 23:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eleanor\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Eleanor\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Eleanor\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Eleanor\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Eleanor\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Eleanor\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Eleanor\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Eleanor\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free TV Bar c3 Toolbar) - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFree.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Free TV Bar c3 Toolbar) - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Free TV Bar c3 Toolbar) - {3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3} - C:\Program Files\Free_TV_Bar_c3\tbFree.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Eleanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Eleanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42B0BD43-60C3-47FB-9C7E-292BE013B0A5}: NameServer = 66.174.95.44 69.78.96.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90A8B256-62D3-4693-BA2E-468926491517}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C227C1FB-8BB0-4A3E-8A16-8B1ABF41F118}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\ProgramData\konasys32\gska\besys.exe) -C:\ProgramData\konasys32\gska\besys.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Eleanor\Pictures\IMG00003-20100627-2039.jpg
O24 - Desktop BackupWallPaper: C:\Users\Eleanor\Pictures\IMG00003-20100627-2039.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{10d8cfb6-2b9f-11de-b094-001e4ce4fdcc}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{10d8cfb6-2b9f-11de-b094-001e4ce4fdcc}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{15e4bf92-0477-11df-99c8-001e4ce4fdcc}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{15e4bf92-0477-11df-99c8-001e4ce4fdcc}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{1913a2a1-ef2f-11de-b2c0-001e4ce4fdcc}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{1913a2a1-ef2f-11de-b2c0-001e4ce4fdcc}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{5ce642e7-4f1f-11de-b902-001e4ce4fdcc}\Shell\AutoRun\command - "" = G:\slacker.synclauncher.exe
O33 - MountPoints2\{5ce642e7-4f1f-11de-b902-001e4ce4fdcc}\Shell\slacker\command - "" = G:\slacker.synclauncher.exe
O33 - MountPoints2\{77214d46-c722-11de-8e0e-001e4ce4fdcc}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{77214d46-c722-11de-8e0e-001e4ce4fdcc}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{7d7365bb-43bd-11de-89eb-001e4ce4fdcc}\Shell - "" = AutoRun
O33 - MountPoints2\{7d7365bb-43bd-11de-89eb-001e4ce4fdcc}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/25 12:30:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Eleanor\Desktop\OTL.exe
[2011/10/25 10:00:36 | 000,000,000 | -HSD | C] -- C:\found.001
[2011/10/21 12:37:37 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/10/07 15:33:11 | 000,000,000 | ---D | C] -- C:\Users\Eleanor\Documents\MediaConverter
[2011/10/07 15:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft MediaConverter 3
[2011/10/07 12:52:15 | 000,000,000 | ---D | C] -- C:\Users\Eleanor\Desktop\desktop

========== Files - Modified Within 30 Days ==========

[2011/10/25 12:42:21 | 000,027,525 | ---- | M] () -- C:\Users\Eleanor\AppData\Roaming\nvModes.001
[2011/10/25 12:40:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/25 12:40:00 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/25 12:39:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/25 12:39:30 | 2145,431,552 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/25 12:31:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eleanor\Desktop\OTL.exe
[2011/10/25 12:25:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-846242405-2255293798-2596077637-1000UA.job
[2011/10/25 12:25:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-846242405-2255293798-2596077637-1000Core.job
[2011/10/25 10:34:26 | 280,747,199 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/25 10:16:36 | 000,298,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/24 19:09:36 | 000,042,374 | ---- | M] () -- C:\Users\Eleanor\Documents\190935.jpg
[2011/10/24 19:09:02 | 000,068,486 | ---- | M] () -- C:\Users\Eleanor\Documents\190900.jpg
[2011/10/24 19:08:39 | 000,044,394 | ---- | M] () -- C:\Users\Eleanor\Documents\190837.jpg
[2011/10/24 19:08:12 | 000,032,974 | ---- | M] () -- C:\Users\Eleanor\Documents\190811.jpg
[2011/10/23 23:38:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/23 23:08:30 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 22:25:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/10/23 22:25:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/10/23 14:06:19 | 006,458,182 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/23 14:06:19 | 002,198,324 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/17 18:51:10 | 000,074,355 | ---- | M] () -- C:\Users\Eleanor\Desktop\Scan.PDF
[2011/10/13 11:08:09 | 000,391,808 | ---- | M] () -- C:\Users\Eleanor\Desktop\fax cover0001.pdf
[2011/10/08 14:11:14 | 000,000,829 | ---- | M] () -- C:\Users\Eleanor\Desktop\Spotify.lnk
[2011/10/07 21:06:56 | 000,000,552 | ---- | M] () -- C:\Users\Eleanor\AppData\Local\d3d8caps.dat
[2011/10/07 15:42:59 | 000,052,335 | ---- | M] () -- C:\Users\Eleanor\Desktop\IMG00121-20100905-0902.jpg
[2011/10/07 15:31:58 | 000,001,836 | ---- | M] () -- C:\Users\Public\Desktop\Media Converter 3.lnk
[2011/10/07 15:31:58 | 000,001,809 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor.lnk
[2011/10/04 23:40:23 | 000,181,646 | ---- | M] () -- C:\Users\Eleanor\Documents\order_history.pdf
[2011/10/04 23:39:30 | 000,002,054 | ---- | M] () -- C:\Users\Eleanor\Desktop\Google Chrome.lnk
[2011/10/04 23:39:30 | 000,002,016 | ---- | M] () -- C:\Users\Eleanor\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/29 20:57:09 | 000,016,896 | ---- | M] () -- C:\Users\Eleanor\Documents\Untitled Document.wps
[2011/09/29 20:57:09 | 000,009,926 | ---- | M] () -- C:\Users\Eleanor\AppData\Roaming\wklnhst.dat
[2011/09/29 20:57:05 | 000,018,432 | ---- | M] () -- C:\Users\Eleanor\Documents\history.wps
[2011/09/27 18:20:38 | 000,017,194 | ---- | M] () -- C:\Users\Eleanor\Documents\Letter to DHec.odt

========== Files Created - No Company Name ==========

[2011/10/25 10:16:08 | 2145,431,552 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/24 19:11:54 | 000,068,486 | ---- | C] () -- C:\Users\Eleanor\Documents\190900.jpg
[2011/10/24 19:11:54 | 000,044,394 | ---- | C] () -- C:\Users\Eleanor\Documents\190837.jpg
[2011/10/24 19:11:54 | 000,042,374 | ---- | C] () -- C:\Users\Eleanor\Documents\190935.jpg
[2011/10/24 19:11:54 | 000,032,974 | ---- | C] () -- C:\Users\Eleanor\Documents\190811.jpg
[2011/10/23 22:25:17 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/10/23 22:25:17 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/10/17 18:51:06 | 000,074,355 | ---- | C] () -- C:\Users\Eleanor\Desktop\Scan.PDF
[2011/10/13 11:07:03 | 000,391,808 | ---- | C] () -- C:\Users\Eleanor\Desktop\fax cover0001.pdf
[2011/10/08 14:11:14 | 000,000,829 | ---- | C] () -- C:\Users\Eleanor\Desktop\Spotify.lnk
[2011/10/08 14:11:14 | 000,000,815 | ---- | C] () -- C:\Users\Eleanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2011/10/07 21:06:56 | 000,000,552 | ---- | C] () -- C:\Users\Eleanor\AppData\Local\d3d8caps.dat
[2011/10/07 15:42:59 | 000,052,335 | ---- | C] () -- C:\Users\Eleanor\Desktop\IMG00121-20100905-0902.jpg
[2011/10/07 15:31:58 | 000,001,836 | ---- | C] () -- C:\Users\Public\Desktop\Media Converter 3.lnk
[2011/10/07 15:31:58 | 000,001,809 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor.lnk
[2011/10/04 23:40:21 | 000,181,646 | ---- | C] () -- C:\Users\Eleanor\Documents\order_history.pdf
[2011/09/29 20:57:09 | 000,016,896 | ---- | C] () -- C:\Users\Eleanor\Documents\Untitled Document.wps
[2011/09/29 20:34:10 | 000,018,432 | ---- | C] () -- C:\Users\Eleanor\Documents\history.wps
[2011/09/27 18:20:36 | 000,017,194 | ---- | C] () -- C:\Users\Eleanor\Documents\Letter to DHec.odt
[2011/05/23 07:56:31 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/12/16 22:08:45 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/12/16 22:08:44 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/12/16 22:08:44 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/12/16 22:08:44 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/12/16 22:08:44 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/12/16 22:08:44 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/12/16 22:08:44 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/12/16 22:08:44 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/12/16 22:08:44 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/12/16 22:08:44 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/12/16 22:08:44 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/12/16 22:08:44 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/12/16 22:08:44 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/12/16 22:08:44 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/12/16 22:08:44 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/12/16 22:08:44 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/12/16 22:06:39 | 000,000,044 | ---- | C] () -- C:\Windows\EPSPR280.ini
[2010/08/08 16:45:11 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2010/08/03 19:58:19 | 000,000,004 | ---- | C] () -- C:\Users\Eleanor\AppData\Roaming\D1B35E
[2010/08/03 19:58:18 | 000,870,128 | ---- | C] () -- C:\Users\Eleanor\AppData\Roaming\mcs.rma
[2010/05/05 08:48:34 | 000,135,110 | ---- | C] () -- C:\Windows\hpwins10.dat.temp
[2010/05/05 08:48:34 | 000,001,042 | ---- | C] () -- C:\Windows\hpwmdl10.dat.temp
[2010/05/05 08:48:19 | 000,010,385 | ---- | C] () -- C:\Windows\hpwscr10.dat
[2010/05/05 08:48:19 | 000,001,042 | ---- | C] () -- C:\Windows\hpwmdl10.dat
[2009/11/09 22:31:57 | 000,148,929 | ---- | C] () -- C:\Windows\hpoins19.dat
[2009/11/09 22:31:37 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009/11/06 15:31:15 | 000,155,648 | ---- | C] () -- C:\Windows\System32\hpsfs.dll
[2009/11/04 17:51:46 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/09/18 07:27:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 07:27:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/14 19:22:33 | 000,134,266 | ---- | C] () -- C:\Windows\hpwins10.dat
[2009/02/17 21:42:59 | 000,007,592 | ---- | C] () -- C:\Users\Eleanor\AppData\Local\d3d9caps.dat
[2009/01/31 10:16:10 | 000,027,525 | ---- | C] () -- C:\Users\Eleanor\AppData\Roaming\nvModes.001
[2009/01/31 03:40:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/29 22:30:14 | 000,027,525 | ---- | C] () -- C:\Users\Eleanor\AppData\Roaming\nvModes.dat
[2009/01/28 23:13:40 | 000,009,926 | ---- | C] () -- C:\Users\Eleanor\AppData\Roaming\wklnhst.dat
[2009/01/28 22:50:46 | 000,027,136 | ---- | C] () -- C:\Users\Eleanor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/23 02:55:35 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2009/01/22 19:28:52 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/01/22 19:22:57 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2009/01/22 19:22:56 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2009/01/22 19:22:56 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2009/01/22 19:04:00 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/04/09 18:00:30 | 000,053,478 | ---- | C] () -- C:\Windows\mvtcpui.ini
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2008/02/07 11:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2007/07/25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/01/03 08:10:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/10 09:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,298,952 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 006,458,182 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 002,198,324 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/08/20 23:03:49 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\Auslogics
[2010/05/05 08:32:10 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/25 12:43:11 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\Dropbox
[2010/12/17 19:02:07 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\Leadertech
[2011/07/03 16:56:17 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\LimeWire
[2010/05/07 17:05:08 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\OpenOffice.org
[2010/04/22 21:56:20 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\Research In Motion
[2010/04/07 10:32:56 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\Smith Micro
[2011/10/09 21:23:07 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\Spotify
[2009/01/28 23:13:55 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\Template
[2009/02/14 18:02:19 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\tmp
[2009/04/13 18:51:39 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\TokBox-Desktop.140E496FAF651FC6D79F73D360E855D4667C7B11.1
[2011/06/21 11:01:59 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\webex
[2011/10/23 23:37:58 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:14DAD114
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:223BB3A1

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 26 October 2011 - 07:16 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
O20 - HKLM Winlogon: UserInit - (C:\ProgramData\konasys32\gska\besys.exe) -C:\ProgramData\konasys32\gska\besys.exe ()

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\ProgramData\konasys32

:Commands
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
Raven.Drive.mom
Posted 31 October 2011 - 08:22 AM

Raven.Drive.mom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thank you. I am doing this now. I didnt see your reply until today. I thought i would get an email if my post was replied to but I dont believe I did.
  • 0

#4
RKinner
Posted 31 October 2011 - 04:06 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
You might check your profile and verify that it has the correct email address. Also check you spam folder to see if it got sent there by mistake.

Ron
  • 0

#5
Raven.Drive.mom
Posted 01 November 2011 - 07:12 AM

Raven.Drive.mom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
It was in my Spam folder. Anyway, I've done the scans as instructed. Here they are:

Malwarebytes log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8051

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

10/31/2011 11:30:08 AM
mbam-log-2011-10-31 (11-30-08).txt

Scan type: Quick scan
Objects scanned: 169290
Time elapsed: 8 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Combofix log:

ComboFix 11-10-30.03 - Eleanor 10/31/2011 12:00:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1037 [GMT -4:00]
Running from: c:\users\Eleanor\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Eleanor\g2mdlhlpx.exe
c:\windows\TEMP\IE9BC6B.tmp\IE9-support\ienrcore.exe
c:\windows\TEMP\IE9BC6B.tmp\SQMAPI.DLL
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-31 )))))))))))))))))))))))))))))))
.
.
2011-10-31 16:13 . 2011-10-31 16:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-31 15:02 . 2011-10-31 15:03 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5082DAE2-4BF8-464F-9562-BAB751664188}\MpKsl6cf8fe49.sys
2011-10-31 15:01 . 2011-10-31 15:01 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5082DAE2-4BF8-464F-9562-BAB751664188}\offreg.dll
2011-10-31 15:01 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5082DAE2-4BF8-464F-9562-BAB751664188}\mpengine.dll
2011-10-31 14:47 . 2011-10-31 14:47 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-10-31 14:47 . 2011-10-31 14:47 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-10-31 14:47 . 2011-10-31 14:47 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-10-31 14:43 . 2011-10-31 14:43 -------- d-----w- C:\_OTL
2011-10-26 14:41 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-25 14:00 . 2011-10-25 14:00 -------- d-----w- C:\found.001
2011-10-21 16:37 . 2011-10-21 16:37 -------- d-----w- C:\found.000
2011-10-12 17:32 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 17:32 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 17:32 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 17:32 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-12 02:02 . 2011-10-11 23:34 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE4516FF-6EE3-4795-8184-A77BB1E0B584}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 03:48 . 2010-08-06 16:37 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-31 21:00 . 2009-08-23 16:26 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-16 12:48 . 2011-08-25 07:11 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}]
2010-06-03 22:24 2736736 ----a-w- c:\program files\Free_TV_Bar_c3\tbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}"= "c:\program files\Free_TV_Bar_c3\tbFree.dll" [2010-06-03 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}"= "c:\program files\Free_TV_Bar_c3\tbFree.dll" [2010-06-03 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Eleanor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Eleanor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Eleanor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-31 39408]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-20 4615552]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2007-08-30 205480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-25 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-25 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-09-25 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-05-07 36864]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\users\Eleanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Device Monitor.lnk - c:\program files\ArcSoft\MediaConverter 3\Monitor.exe [2011-10-7 139264]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-1-22 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-02-28 23:27 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-08-31 15:25 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
.
R1 MpKsl04c6a152;MpKsl04c6a152;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E59ED9B7-38BF-4135-8952-48C1BAA7D97A}\MpKsl04c6a152.sys [x]
R1 MpKsl0c0681fc;MpKsl0c0681fc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{86BD937C-F8CF-4D3B-B45B-C3F76BF5C38B}\MpKsl0c0681fc.sys [x]
R1 MpKsl0ef13b83;MpKsl0ef13b83;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2EB8567-184B-4CD1-8B5C-C833C3B47FE5}\MpKsl0ef13b83.sys [x]
R1 MpKsl15bec4f9;MpKsl15bec4f9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70F65588-A87C-4C58-81E7-AA141AF26333}\MpKsl15bec4f9.sys [x]
R1 MpKsl18a3b54b;MpKsl18a3b54b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F36A164A-4712-4AA3-A7A3-F5CBFA73A132}\MpKsl18a3b54b.sys [x]
R1 MpKsl1e3bace9;MpKsl1e3bace9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B5740D1-6430-40CF-AD9E-DA462CBE6463}\MpKsl1e3bace9.sys [x]
R1 MpKsl1ea06b0c;MpKsl1ea06b0c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7DD23C8-70E5-4C65-A2F3-FD8EB5366FF4}\MpKsl1ea06b0c.sys [x]
R1 MpKsl20971e6c;MpKsl20971e6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CBEECD4C-C90D-4A38-B193-8E14E3D323D7}\MpKsl20971e6c.sys [x]
R1 MpKsl22339f01;MpKsl22339f01;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D521D620-9804-47BD-BD87-D28CD743E003}\MpKsl22339f01.sys [x]
R1 MpKsl2331ca1f;MpKsl2331ca1f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7DD23C8-70E5-4C65-A2F3-FD8EB5366FF4}\MpKsl2331ca1f.sys [x]
R1 MpKsl240abc5c;MpKsl240abc5c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADA48E2F-9303-4C90-9D56-081983DF4FB5}\MpKsl240abc5c.sys [x]
R1 MpKsl24e0135f;MpKsl24e0135f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35FA45C5-AB37-45C4-A83A-1254BCF3846E}\MpKsl24e0135f.sys [x]
R1 MpKsl27a47820;MpKsl27a47820;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6358CBEF-9CC2-4224-9FAC-923DCD193469}\MpKsl27a47820.sys [x]
R1 MpKsl2ec22112;MpKsl2ec22112;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B19BFC27-9807-49D3-BC8E-874CBC2DBE1A}\MpKsl2ec22112.sys [x]
R1 MpKsl31c8143b;MpKsl31c8143b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E01A0FEF-1A1D-4DA2-9A9C-5D589B09CA66}\MpKsl31c8143b.sys [x]
R1 MpKsl34b22294;MpKsl34b22294;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A87EEC05-D159-45F8-A249-F0F76AEE9F3F}\MpKsl34b22294.sys [x]
R1 MpKsl37b5235e;MpKsl37b5235e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EEB5C2D9-6C93-4B77-A08E-D62EFC7A336E}\MpKsl37b5235e.sys [x]
R1 MpKsl3bd1f685;MpKsl3bd1f685;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADA48E2F-9303-4C90-9D56-081983DF4FB5}\MpKsl3bd1f685.sys [x]
R1 MpKsl3f4a5917;MpKsl3f4a5917;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E85D311F-B90C-4EE2-9BCE-60E80C0A8E80}\MpKsl3f4a5917.sys [x]
R1 MpKsl433f4211;MpKsl433f4211;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B19BFC27-9807-49D3-BC8E-874CBC2DBE1A}\MpKsl433f4211.sys [x]
R1 MpKsl445a2df0;MpKsl445a2df0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A1F1A37-510F-4F5D-B5E7-DCE3BCE40553}\MpKsl445a2df0.sys [x]
R1 MpKsl448ef9f7;MpKsl448ef9f7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5EA1EB7-CD08-4166-8F74-99D65838C92E}\MpKsl448ef9f7.sys [x]
R1 MpKsl45c37355;MpKsl45c37355;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADA48E2F-9303-4C90-9D56-081983DF4FB5}\MpKsl45c37355.sys [x]
R1 MpKsl4652afa1;MpKsl4652afa1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7DD23C8-70E5-4C65-A2F3-FD8EB5366FF4}\MpKsl4652afa1.sys [x]
R1 MpKsl51bbbfe3;MpKsl51bbbfe3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B299AB38-70B7-4A21-BBAF-3B19E07714B8}\MpKsl51bbbfe3.sys [x]
R1 MpKsl525a68ff;MpKsl525a68ff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADA48E2F-9303-4C90-9D56-081983DF4FB5}\MpKsl525a68ff.sys [x]
R1 MpKsl5461fb3a;MpKsl5461fb3a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7DD23C8-70E5-4C65-A2F3-FD8EB5366FF4}\MpKsl5461fb3a.sys [x]
R1 MpKsl5510f5cc;MpKsl5510f5cc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E392C013-0476-4CE8-880D-7020FA2EAF4F}\MpKsl5510f5cc.sys [x]
R1 MpKsl576ad885;MpKsl576ad885;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6009CB8D-7BDC-4039-80B0-70778FF4CC9E}\MpKsl576ad885.sys [x]
R1 MpKsl57eda07c;MpKsl57eda07c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADA48E2F-9303-4C90-9D56-081983DF4FB5}\MpKsl57eda07c.sys [x]
R1 MpKsl5825dcf8;MpKsl5825dcf8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B2F4371-CAED-45A4-93AD-779FF7EAB646}\MpKsl5825dcf8.sys [x]
R1 MpKsl5a39433f;MpKsl5a39433f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{857D1AEA-C634-4424-91F2-549428451213}\MpKsl5a39433f.sys [x]
R1 MpKsl5a4d7e2a;MpKsl5a4d7e2a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7DD23C8-70E5-4C65-A2F3-FD8EB5366FF4}\MpKsl5a4d7e2a.sys [x]
R1 MpKsl6884d9e3;MpKsl6884d9e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E078922F-364B-4981-89F8-B0F117A0F306}\MpKsl6884d9e3.sys [x]
R1 MpKsl68e17f44;MpKsl68e17f44;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB21569F-1BFD-4A4F-A6BD-BF2EEA5D90D2}\MpKsl68e17f44.sys [x]
R1 MpKsl6af10afb;MpKsl6af10afb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF95B286-2E51-41A0-9FAE-DC45FBCC445E}\MpKsl6af10afb.sys [x]
R1 MpKsl6f0e9d05;MpKsl6f0e9d05;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6504E3D6-0EBA-479D-815A-EC670B1CF898}\MpKsl6f0e9d05.sys [x]
R1 MpKsl710fcf9e;MpKsl710fcf9e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC8F7C76-7359-40D5-AABD-154035F7CC00}\MpKsl710fcf9e.sys [x]
R1 MpKsl7e778e8a;MpKsl7e778e8a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3A50A532-2748-47D0-BD00-B78C9A793444}\MpKsl7e778e8a.sys [x]
R1 MpKsl80e8119e;MpKsl80e8119e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41A9CD16-B380-4ADB-BC0E-9B59D03C419F}\MpKsl80e8119e.sys [x]
R1 MpKsl81aee43c;MpKsl81aee43c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A4E99E0D-2FAD-4712-A3CD-1C086C1D9C85}\MpKsl81aee43c.sys [x]
R1 MpKsl85b6ed60;MpKsl85b6ed60;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E01A0FEF-1A1D-4DA2-9A9C-5D589B09CA66}\MpKsl85b6ed60.sys [x]
R1 MpKsl87792a19;MpKsl87792a19;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADA48E2F-9303-4C90-9D56-081983DF4FB5}\MpKsl87792a19.sys [x]
R1 MpKsl88ad2707;MpKsl88ad2707;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E392C013-0476-4CE8-880D-7020FA2EAF4F}\MpKsl88ad2707.sys [x]
R1 MpKsl88d1eb23;MpKsl88d1eb23;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7DD23C8-70E5-4C65-A2F3-FD8EB5366FF4}\MpKsl88d1eb23.sys [x]
R1 MpKsl8aff951a;MpKsl8aff951a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADA48E2F-9303-4C90-9D56-081983DF4FB5}\MpKsl8aff951a.sys [x]
R1 MpKsl9b23d449;MpKsl9b23d449;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01B7B8D5-42D3-48B5-BD47-7F246A64AB4C}\MpKsl9b23d449.sys [x]
R1 MpKsla38e6eb8;MpKsla38e6eb8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41A9CD16-B380-4ADB-BC0E-9B59D03C419F}\MpKsla38e6eb8.sys [x]
R1 MpKsla67b284d;MpKsla67b284d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A87EEC05-D159-45F8-A249-F0F76AEE9F3F}\MpKsla67b284d.sys [x]
R1 MpKslaa48ea9a;MpKslaa48ea9a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCD0B547-AAD7-4B87-B25F-7E1E6E28F3E6}\MpKslaa48ea9a.sys [x]
R1 MpKslabb911c8;MpKslabb911c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B299AB38-70B7-4A21-BBAF-3B19E07714B8}\MpKslabb911c8.sys [x]
R1 MpKslbfd472e8;MpKslbfd472e8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7DD23C8-70E5-4C65-A2F3-FD8EB5366FF4}\MpKslbfd472e8.sys [x]
R1 MpKslc9acfe28;MpKslc9acfe28;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B206152-3793-4294-AAA9-53DF3BAD4A88}\MpKslc9acfe28.sys [x]
R1 MpKslccf05567;MpKslccf05567;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7DD23C8-70E5-4C65-A2F3-FD8EB5366FF4}\MpKslccf05567.sys [x]
R1 MpKsldae683ab;MpKsldae683ab;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2EB8567-184B-4CD1-8B5C-C833C3B47FE5}\MpKsldae683ab.sys [x]
R1 MpKsldebb3ce2;MpKsldebb3ce2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCD0B547-AAD7-4B87-B25F-7E1E6E28F3E6}\MpKsldebb3ce2.sys [x]
R1 MpKsle34cdf91;MpKsle34cdf91;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E3CA37F-A4A0-412A-B714-CAD405347A38}\MpKsle34cdf91.sys [x]
R1 MpKsle61c3cb8;MpKsle61c3cb8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FBB741E-E45B-4A4A-8A98-4D26D0624A1C}\MpKsle61c3cb8.sys [x]
R1 MpKsle7a503da;MpKsle7a503da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E59ED9B7-38BF-4135-8952-48C1BAA7D97A}\MpKsle7a503da.sys [x]
R1 MpKsle84c923d;MpKsle84c923d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{528DFDB5-BE41-42FF-8C02-769AE0B00761}\MpKsle84c923d.sys [x]
R1 MpKslecc4db06;MpKslecc4db06;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B299AB38-70B7-4A21-BBAF-3B19E07714B8}\MpKslecc4db06.sys [x]
R1 MpKslf5713a58;MpKslf5713a58;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E01A0FEF-1A1D-4DA2-9A9C-5D589B09CA66}\MpKslf5713a58.sys [x]
R1 MpKslf686bc4b;MpKslf686bc4b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7DD23C8-70E5-4C65-A2F3-FD8EB5366FF4}\MpKslf686bc4b.sys [x]
R1 MpKslf6aed8fc;MpKslf6aed8fc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F90068A-FBF0-4F4F-9548-55997D5F7A1A}\MpKslf6aed8fc.sys [x]
R1 MpKslf7d6b26b;MpKslf7d6b26b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20F9D114-AA54-40D2-8DB7-F4D83C36D7C1}\MpKslf7d6b26b.sys [x]
R1 MpKslfc486db0;MpKslfc486db0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC8F7C76-7359-40D5-AABD-154035F7CC00}\MpKslfc486db0.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [2009-08-12 54416]
R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys [2009-08-12 160272]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys [2009-08-12 160272]
R3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDUWFLT.sys [2009-08-12 11920]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [2009-08-12 113680]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-28 12872]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-05-25 32408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MpKsl6cf8fe49;MpKsl6cf8fe49;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5082DAE2-4BF8-464F-9562-BAB751664188}\MpKsl6cf8fe49.sys [2011-10-31 28752]
S1 MpKsla63e49cc;MpKsla63e49cc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D1E7F2D9-66E7-4D19-BE33-45814F341070}\MpKsla63e49cc.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-09-19 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2011-09-19 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-09-19 116608]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 179712]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-04-23 16640]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL6CF8FE49
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-846242405-2255293798-2596077637-1000Core.job
- c:\users\Eleanor\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-14 22:54]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-846242405-2255293798-2596077637-1000UA.job
- c:\users\Eleanor\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-14 22:54]
.
.
------- Supplementary Scan -------
.
uStart Page = https://mail.google....l/?shva=1#inbox
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{42B0BD43-60C3-47FB-9C7E-292BE013B0A5}: NameServer = 66.174.95.44 69.78.96.14
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-31 12:13
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-31 12:18:54
ComboFix-quarantined-files.txt 2011-10-31 16:18
.
Pre-Run: 166,984,232,960 bytes free
Post-Run: 168,502,697,984 bytes free
.
- - End Of File - - 9B0B6BE2A77C3DE83BBF89EADAE73DEE

TDSSkiller Log:

12:26:23.0720 1204 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
12:26:24.0173 1204 ============================================================
12:26:24.0173 1204 Current date / time: 2011/10/31 12:26:24.0173
12:26:24.0173 1204 SystemInfo:
12:26:24.0173 1204
12:26:24.0173 1204 OS Version: 6.0.6002 ServicePack: 2.0
12:26:24.0173 1204 Product type: Workstation
12:26:24.0173 1204 ComputerName: ELEANOR-PC
12:26:24.0173 1204 UserName: Eleanor
12:26:24.0173 1204 Windows directory: C:\Windows
12:26:24.0173 1204 System windows directory: C:\Windows
12:26:24.0173 1204 Processor architecture: Intel x86
12:26:24.0173 1204 Number of processors: 2
12:26:24.0173 1204 Page size: 0x1000
12:26:24.0173 1204 Boot type: Normal boot
12:26:24.0173 1204 ============================================================
12:26:24.0984 1204 Initialize success
12:26:27.0074 6104 ============================================================
12:26:27.0074 6104 Scan started
12:26:27.0074 6104 Mode: Manual;
12:26:27.0074 6104 ============================================================
12:26:28.0010 6104 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:26:28.0010 6104 ACPI - ok
12:26:28.0088 6104 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
12:26:28.0104 6104 adp94xx - ok
12:26:28.0322 6104 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
12:26:28.0322 6104 adpahci - ok
12:26:28.0385 6104 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
12:26:28.0385 6104 adpu160m - ok
12:26:28.0603 6104 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
12:26:28.0603 6104 adpu320 - ok
12:26:28.0868 6104 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
12:26:28.0868 6104 Afc - ok
12:26:28.0931 6104 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:26:28.0931 6104 AFD - ok
12:26:29.0149 6104 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
12:26:29.0149 6104 agp440 - ok
12:26:29.0180 6104 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:26:29.0196 6104 aic78xx - ok
12:26:29.0446 6104 aliide (e32a92e1574a467f7c762922f6162d76) C:\Windows\system32\drivers\aliide.sys
12:26:29.0446 6104 aliide - ok
12:26:29.0602 6104 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
12:26:29.0602 6104 amdagp - ok
12:26:29.0726 6104 amdide (b52b576cb0099a62f87214f371031561) C:\Windows\system32\drivers\amdide.sys
12:26:29.0726 6104 amdide - ok
12:26:29.0836 6104 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
12:26:29.0836 6104 AmdK7 - ok
12:26:29.0960 6104 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
12:26:29.0960 6104 AmdK8 - ok
12:26:30.0023 6104 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
12:26:30.0023 6104 ApfiltrService - ok
12:26:30.0241 6104 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
12:26:30.0241 6104 arc - ok
12:26:30.0288 6104 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
12:26:30.0288 6104 arcsas - ok
12:26:30.0350 6104 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:26:30.0350 6104 AsyncMac - ok
12:26:30.0631 6104 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:26:30.0631 6104 atapi - ok
12:26:30.0709 6104 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:26:30.0709 6104 b57nd60x - ok
12:26:30.0834 6104 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:26:30.0834 6104 Beep - ok
12:26:30.0928 6104 blbdrive - ok
12:26:31.0115 6104 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:26:31.0115 6104 bowser - ok
12:26:31.0193 6104 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:26:31.0193 6104 BrFiltLo - ok
12:26:31.0255 6104 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:26:31.0255 6104 BrFiltUp - ok
12:26:31.0364 6104 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:26:31.0364 6104 Brserid - ok
12:26:31.0427 6104 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:26:31.0442 6104 BrSerWdm - ok
12:26:31.0474 6104 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:26:31.0489 6104 BrUsbMdm - ok
12:26:31.0552 6104 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:26:31.0567 6104 BrUsbSer - ok
12:26:31.0630 6104 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
12:26:31.0630 6104 BthEnum - ok
12:26:31.0692 6104 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:26:31.0692 6104 BTHMODEM - ok
12:26:31.0770 6104 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
12:26:31.0770 6104 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bthpan.sys. md5: 5904efa25f829bf84ea6fb045134a1d8
12:26:31.0770 6104 BthPan ( LockedFile.Multi.Generic ) - warning
12:26:31.0770 6104 BthPan - detected LockedFile.Multi.Generic (1)
12:26:31.0988 6104 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
12:26:32.0004 6104 BTHPORT - ok
12:26:32.0082 6104 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
12:26:32.0082 6104 BTHUSB - ok
12:26:32.0222 6104 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
12:26:32.0222 6104 btwaudio - ok
12:26:32.0269 6104 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
12:26:32.0269 6104 btwavdt - ok
12:26:32.0332 6104 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
12:26:32.0332 6104 btwrchid - ok
12:26:32.0519 6104 catchme - ok
12:26:32.0690 6104 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:26:32.0690 6104 cdfs - ok
12:26:32.0753 6104 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:26:32.0753 6104 cdrom - ok
12:26:32.0924 6104 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
12:26:32.0924 6104 circlass - ok
12:26:33.0002 6104 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:26:33.0002 6104 CLFS - ok
12:26:33.0221 6104 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
12:26:33.0221 6104 CmBatt - ok
12:26:33.0283 6104 cmdide (c177dd90b5dc1dcaa96ccece752e6f0f) C:\Windows\system32\drivers\cmdide.sys
12:26:33.0283 6104 cmdide - ok
12:26:33.0502 6104 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
12:26:33.0502 6104 Compbatt - ok
12:26:33.0548 6104 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
12:26:33.0548 6104 crcdisk - ok
12:26:33.0611 6104 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
12:26:33.0611 6104 Crusoe - ok
12:26:33.0767 6104 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
12:26:33.0767 6104 DfsC - ok
12:26:33.0829 6104 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:26:33.0829 6104 disk - ok
12:26:34.0016 6104 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
12:26:34.0016 6104 Dot4 - ok
12:26:34.0048 6104 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:26:34.0048 6104 Dot4Print - ok
12:26:34.0063 6104 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
12:26:34.0063 6104 dot4usb - ok
12:26:34.0141 6104 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:26:34.0141 6104 drmkaud - ok
12:26:34.0328 6104 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:26:34.0344 6104 DXGKrnl - ok
12:26:34.0562 6104 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
12:26:34.0562 6104 e1express - ok
12:26:34.0594 6104 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:26:34.0609 6104 E1G60 - ok
12:26:34.0750 6104 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:26:34.0750 6104 Ecache - ok
12:26:34.0859 6104 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
12:26:34.0859 6104 elxstor - ok
12:26:35.0046 6104 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:26:35.0046 6104 exfat - ok
12:26:35.0093 6104 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:26:35.0093 6104 fastfat - ok
12:26:35.0171 6104 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
12:26:35.0171 6104 fdc - ok
12:26:35.0296 6104 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:26:35.0296 6104 FileInfo - ok
12:26:35.0342 6104 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:26:35.0342 6104 Filetrace - ok
12:26:35.0420 6104 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
12:26:35.0420 6104 flpydisk - ok
12:26:35.0654 6104 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:26:35.0654 6104 FltMgr - ok
12:26:35.0842 6104 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
12:26:35.0842 6104 Fs_Rec - ok
12:26:35.0920 6104 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
12:26:35.0920 6104 gagp30kx - ok
12:26:36.0044 6104 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:26:36.0044 6104 GEARAspiWDM - ok
12:26:36.0216 6104 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:26:36.0232 6104 HDAudBus - ok
12:26:36.0310 6104 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:26:36.0310 6104 HidBth - ok
12:26:36.0388 6104 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:26:36.0388 6104 HidIr - ok
12:26:36.0497 6104 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
12:26:36.0497 6104 HidUsb - ok
12:26:36.0668 6104 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
12:26:36.0668 6104 HpCISSs - ok
12:26:36.0762 6104 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
12:26:36.0778 6104 HSF_DPV - ok
12:26:36.0902 6104 HSXHWAZL (cfbc2b81972e298f0e19ee68fa9e73da) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
12:26:36.0902 6104 HSXHWAZL - ok
12:26:36.0965 6104 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
12:26:36.0980 6104 HTTP - ok
12:26:37.0121 6104 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
12:26:37.0121 6104 i2omp - ok
12:26:37.0152 6104 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:26:37.0152 6104 i8042prt - ok
12:26:37.0199 6104 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
12:26:37.0214 6104 iaStor - ok
12:26:37.0246 6104 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
12:26:37.0246 6104 iaStorV - ok
12:26:37.0402 6104 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:26:37.0402 6104 iirsp - ok
12:26:37.0464 6104 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\DRIVERS\intelide.sys
12:26:37.0464 6104 intelide - ok
12:26:37.0495 6104 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:26:37.0511 6104 intelppm - ok
12:26:37.0698 6104 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:26:37.0698 6104 IpFilterDriver - ok
12:26:37.0729 6104 IpInIp - ok
12:26:37.0807 6104 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
12:26:37.0807 6104 IPMIDRV - ok
12:26:37.0932 6104 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:26:37.0948 6104 IPNAT - ok
12:26:38.0026 6104 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:26:38.0026 6104 IRENUM - ok
12:26:38.0166 6104 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
12:26:38.0166 6104 isapnp - ok
12:26:38.0228 6104 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:26:38.0228 6104 iScsiPrt - ok
12:26:38.0260 6104 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:26:38.0260 6104 iteatapi - ok
12:26:38.0447 6104 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:26:38.0447 6104 iteraid - ok
12:26:38.0540 6104 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:26:38.0540 6104 kbdclass - ok
12:26:38.0587 6104 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
12:26:38.0587 6104 kbdhid - ok
12:26:38.0806 6104 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
12:26:38.0806 6104 KSecDD - ok
12:26:38.0899 6104 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:26:38.0899 6104 lltdio - ok
12:26:39.0071 6104 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
12:26:39.0071 6104 LSI_FC - ok
12:26:39.0102 6104 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
12:26:39.0102 6104 LSI_SAS - ok
12:26:39.0118 6104 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
12:26:39.0118 6104 LSI_SCSI - ok
12:26:39.0180 6104 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:26:39.0180 6104 luafv - ok
12:26:39.0320 6104 MCSTRM - ok
12:26:39.0383 6104 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:26:39.0383 6104 mdmxsdk - ok
12:26:39.0539 6104 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
12:26:39.0554 6104 megasas - ok
12:26:39.0601 6104 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:26:39.0601 6104 Modem - ok
12:26:39.0648 6104 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:26:39.0648 6104 monitor - ok
12:26:39.0773 6104 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:26:39.0773 6104 mouclass - ok
12:26:39.0820 6104 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:26:39.0820 6104 mouhid - ok
12:26:39.0851 6104 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:26:39.0851 6104 MountMgr - ok
12:26:40.0069 6104 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
12:26:40.0085 6104 MpFilter - ok
12:26:40.0163 6104 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
12:26:40.0163 6104 mpio - ok
12:26:40.0272 6104 MpKsl04c6a152 - ok
12:26:40.0288 6104 MpKsl0c0681fc - ok
12:26:40.0334 6104 MpKsl0ef13b83 - ok
12:26:40.0366 6104 MpKsl15bec4f9 - ok
12:26:40.0381 6104 MpKsl18a3b54b - ok
12:26:40.0397 6104 MpKsl1e3bace9 - ok
12:26:40.0412 6104 MpKsl1ea06b0c - ok
12:26:40.0428 6104 MpKsl20971e6c - ok
12:26:40.0459 6104 MpKsl22339f01 - ok
12:26:40.0475 6104 MpKsl2331ca1f - ok
12:26:40.0490 6104 MpKsl240abc5c - ok
12:26:40.0506 6104 MpKsl24e0135f - ok
12:26:40.0522 6104 MpKsl27a47820 - ok
12:26:40.0537 6104 MpKsl2ec22112 - ok
12:26:40.0568 6104 MpKsl31c8143b - ok
12:26:40.0615 6104 MpKsl34b22294 - ok
12:26:40.0724 6104 MpKsl37b5235e - ok
12:26:40.0740 6104 MpKsl3bd1f685 - ok
12:26:40.0787 6104 MpKsl3f4a5917 - ok
12:26:40.0802 6104 MpKsl433f4211 - ok
12:26:40.0834 6104 MpKsl445a2df0 - ok
12:26:40.0896 6104 MpKsl448ef9f7 - ok
12:26:40.0912 6104 MpKsl45c37355 - ok
12:26:40.0927 6104 MpKsl4652afa1 - ok
12:26:40.0974 6104 MpKsl51bbbfe3 - ok
12:26:41.0052 6104 MpKsl525a68ff - ok
12:26:41.0099 6104 MpKsl5461fb3a - ok
12:26:41.0130 6104 MpKsl5510f5cc - ok
12:26:41.0161 6104 MpKsl576ad885 - ok
12:26:41.0208 6104 MpKsl57eda07c - ok
12:26:41.0239 6104 MpKsl5825dcf8 - ok
12:26:41.0364 6104 MpKsl5a39433f - ok
12:26:41.0380 6104 MpKsl5a4d7e2a - ok
12:26:41.0411 6104 MpKsl6884d9e3 - ok
12:26:41.0426 6104 MpKsl68e17f44 - ok
12:26:41.0489 6104 MpKsl6af10afb - ok
12:26:41.0582 6104 MpKsl6cf8fe49 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5082DAE2-4BF8-464F-9562-BAB751664188}\MpKsl6cf8fe49.sys
12:26:41.0582 6104 MpKsl6cf8fe49 - ok
12:26:41.0676 6104 MpKsl6f0e9d05 - ok
12:26:41.0723 6104 MpKsl710fcf9e - ok
12:26:41.0738 6104 MpKsl7e778e8a - ok
12:26:41.0801 6104 MpKsl80e8119e - ok
12:26:41.0816 6104 MpKsl81aee43c - ok
12:26:41.0832 6104 MpKsl85b6ed60 - ok
12:26:41.0863 6104 MpKsl87792a19 - ok
12:26:41.0894 6104 MpKsl88ad2707 - ok
12:26:41.0910 6104 MpKsl88d1eb23 - ok
12:26:41.0941 6104 MpKsl8aff951a - ok
12:26:42.0050 6104 MpKsl9b23d449 - ok
12:26:42.0066 6104 MpKsla38e6eb8 - ok
12:26:42.0113 6104 MpKsla63e49cc - ok
12:26:42.0175 6104 MpKsla67b284d - ok
12:26:42.0175 6104 MpKslaa48ea9a - ok
12:26:42.0206 6104 MpKslabb911c8 - ok
12:26:42.0222 6104 MpKslbfd472e8 - ok
12:26:42.0316 6104 MpKslc9acfe28 - ok
12:26:42.0347 6104 MpKslccf05567 - ok
12:26:42.0440 6104 MpKsldae683ab - ok
12:26:42.0487 6104 MpKsldebb3ce2 - ok
12:26:42.0503 6104 MpKsle34cdf91 - ok
12:26:42.0518 6104 MpKsle61c3cb8 - ok
12:26:42.0550 6104 MpKsle7a503da - ok
12:26:42.0565 6104 MpKsle84c923d - ok
12:26:42.0581 6104 MpKslecc4db06 - ok
12:26:42.0612 6104 MpKslf5713a58 - ok
12:26:42.0643 6104 MpKslf686bc4b - ok
12:26:42.0659 6104 MpKslf6aed8fc - ok
12:26:42.0690 6104 MpKslf7d6b26b - ok
12:26:42.0706 6104 MpKslfc486db0 - ok
12:26:42.0846 6104 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
12:26:42.0846 6104 MpNWMon - ok
12:26:42.0893 6104 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:26:42.0908 6104 mpsdrv - ok
12:26:42.0986 6104 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:26:42.0986 6104 Mraid35x - ok
12:26:43.0174 6104 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:26:43.0174 6104 MRxDAV - ok
12:26:43.0252 6104 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:26:43.0267 6104 mrxsmb - ok
12:26:43.0408 6104 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:26:43.0408 6104 mrxsmb10 - ok
12:26:43.0548 6104 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:26:43.0548 6104 mrxsmb20 - ok
12:26:43.0688 6104 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
12:26:43.0688 6104 msahci - ok
12:26:43.0720 6104 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
12:26:43.0735 6104 msdsm - ok
12:26:43.0922 6104 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:26:43.0922 6104 Msfs - ok
12:26:44.0016 6104 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:26:44.0016 6104 msisadrv - ok
12:26:44.0219 6104 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:26:44.0219 6104 MSKSSRV - ok
12:26:44.0375 6104 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:26:44.0375 6104 MSPCLOCK - ok
12:26:44.0422 6104 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:26:44.0422 6104 MSPQM - ok
12:26:44.0500 6104 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:26:44.0515 6104 MsRPC - ok
12:26:44.0593 6104 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:26:44.0609 6104 mssmbios - ok
12:26:44.0640 6104 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:26:44.0640 6104 MSTEE - ok
12:26:44.0702 6104 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:26:44.0702 6104 Mup - ok
12:26:44.0812 6104 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:26:44.0812 6104 NativeWifiP - ok
12:26:44.0952 6104 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:26:44.0952 6104 NDIS - ok
12:26:45.0061 6104 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:26:45.0061 6104 NdisTapi - ok
12:26:45.0170 6104 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:26:45.0170 6104 Ndisuio - ok
12:26:45.0295 6104 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:26:45.0311 6104 NdisWan - ok
12:26:45.0436 6104 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:26:45.0436 6104 NDProxy - ok
12:26:45.0592 6104 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:26:45.0592 6104 NetBIOS - ok
12:26:45.0763 6104 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:26:45.0763 6104 netbt - ok
12:26:45.0935 6104 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
12:26:45.0982 6104 NETw4v32 - ok
12:26:46.0200 6104 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:26:46.0200 6104 nfrd960 - ok
12:26:46.0262 6104 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:26:46.0262 6104 NisDrv - ok
12:26:46.0481 6104 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:26:46.0481 6104 Npfs - ok
12:26:46.0543 6104 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:26:46.0543 6104 nsiproxy - ok
12:26:46.0621 6104 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:26:46.0652 6104 Ntfs - ok
12:26:46.0793 6104 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:26:46.0793 6104 ntrigdigi - ok
12:26:46.0871 6104 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
12:26:46.0871 6104 NuidFltr - ok
12:26:46.0918 6104 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:26:46.0918 6104 Null - ok
12:26:47.0308 6104 nvlddmkm (615024cafe830d0bdccafddac8a23650) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:26:47.0432 6104 nvlddmkm - ok
12:26:47.0588 6104 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
12:26:47.0588 6104 nvraid - ok
12:26:47.0635 6104 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
12:26:47.0635 6104 nvstor - ok
12:26:47.0666 6104 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
12:26:47.0666 6104 nv_agp - ok
12:26:47.0698 6104 NwlnkFlt - ok
12:26:47.0729 6104 NwlnkFwd - ok
12:26:47.0807 6104 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
12:26:47.0807 6104 OEM02Dev - ok
12:26:47.0916 6104 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
12:26:47.0916 6104 OEM02Vfx - ok
12:26:47.0947 6104 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
12:26:47.0947 6104 ohci1394 - ok
12:26:48.0072 6104 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:26:48.0072 6104 Parport - ok
12:26:48.0134 6104 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
12:26:48.0134 6104 partmgr - ok
12:26:48.0290 6104 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:26:48.0290 6104 Parvdm - ok
12:26:48.0337 6104 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:26:48.0353 6104 pci - ok
12:26:48.0415 6104 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
12:26:48.0431 6104 pciide - ok
12:26:48.0618 6104 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:26:48.0618 6104 pcmcia - ok
12:26:48.0696 6104 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:26:48.0712 6104 PEAUTH - ok
12:26:49.0024 6104 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:26:49.0039 6104 PptpMiniport - ok
12:26:49.0102 6104 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
12:26:49.0102 6104 Processor - ok
12:26:49.0226 6104 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:26:49.0226 6104 PSched - ok
12:26:49.0367 6104 PTDUBus (dbaf8a53d7669efb4742896b458181d0) C:\Windows\system32\DRIVERS\PTDUBus.sys
12:26:49.0367 6104 PTDUBus - ok
12:26:49.0445 6104 PTDUMdm (fa4e2a5cf478624d3154fb045fb2d076) C:\Windows\system32\DRIVERS\PTDUMdm.sys
12:26:49.0445 6104 PTDUMdm - ok
12:26:49.0554 6104 PTDUVsp (9c489b38ca13f251289004fe4f8631dd) C:\Windows\system32\DRIVERS\PTDUVsp.sys
12:26:49.0554 6104 PTDUVsp - ok
12:26:49.0648 6104 PTDUWFLT (37a75ac00d26364a5ea2050a6f85c2d0) C:\Windows\system32\DRIVERS\PTDUWFLT.sys
12:26:49.0648 6104 PTDUWFLT - ok
12:26:49.0788 6104 PTDUWWAN (f4a789a94ff74a47eb321be4465259d0) C:\Windows\system32\DRIVERS\PTDUWWAN.sys
12:26:49.0788 6104 PTDUWWAN - ok
12:26:49.0850 6104 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
12:26:49.0850 6104 PxHelp20 - ok
12:26:50.0053 6104 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
12:26:50.0069 6104 ql2300 - ok
12:26:50.0240 6104 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:26:50.0240 6104 ql40xx - ok
12:26:50.0303 6104 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:26:50.0303 6104 QWAVEdrv - ok
12:26:50.0428 6104 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
12:26:50.0459 6104 R300 - ok
12:26:50.0584 6104 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:26:50.0584 6104 RasAcd - ok
12:26:50.0662 6104 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:26:50.0662 6104 Rasl2tp - ok
12:26:50.0864 6104 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:26:50.0864 6104 RasPppoe - ok
12:26:50.0896 6104 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:26:50.0896 6104 RasSstp - ok
12:26:50.0958 6104 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:26:50.0958 6104 rdbss - ok
12:26:51.0114 6104 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:26:51.0114 6104 RDPCDD - ok
12:26:51.0223 6104 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
12:26:51.0223 6104 rdpdr - ok
12:26:51.0364 6104 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:26:51.0364 6104 RDPENCDD - ok
12:26:51.0488 6104 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
12:26:51.0504 6104 RDPWD - ok
12:26:51.0644 6104 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
12:26:51.0644 6104 RFCOMM - ok
12:26:51.0691 6104 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
12:26:51.0691 6104 rimmptsk - ok
12:26:51.0754 6104 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
12:26:51.0754 6104 rimsptsk - ok
12:26:51.0863 6104 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
12:26:51.0863 6104 RimUsb - ok
12:26:51.0894 6104 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
12:26:51.0894 6104 RimVSerPort - ok
12:26:51.0972 6104 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
12:26:51.0972 6104 rismxdp - ok
12:26:52.0081 6104 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
12:26:52.0081 6104 ROOTMODEM - ok
12:26:52.0190 6104 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:26:52.0190 6104 rspndr - ok
12:26:52.0300 6104 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:26:52.0300 6104 SASDIFSV - ok
12:26:52.0409 6104 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
12:26:52.0409 6104 SASENUM - ok
12:26:52.0456 6104 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
12:26:52.0456 6104 SASKUTIL - ok
12:26:52.0690 6104 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:26:52.0690 6104 sbp2port - ok
12:26:52.0939 6104 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
12:26:52.0939 6104 sdbus - ok
12:26:53.0033 6104 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:26:53.0033 6104 secdrv - ok
12:26:53.0142 6104 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
12:26:53.0142 6104 Serenum - ok
12:26:53.0236 6104 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
12:26:53.0236 6104 Serial - ok
12:26:53.0314 6104 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:26:53.0314 6104 sermouse - ok
12:26:53.0407 6104 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
12:26:53.0407 6104 sffdisk - ok
12:26:53.0501 6104 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
12:26:53.0501 6104 sffp_mmc - ok
12:26:53.0641 6104 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:26:53.0641 6104 sffp_sd - ok
12:26:53.0688 6104 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:26:53.0688 6104 sfloppy - ok
12:26:53.0813 6104 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
12:26:53.0813 6104 sisagp - ok
12:26:53.0938 6104 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
12:26:53.0938 6104 SiSRaid2 - ok
12:26:54.0000 6104 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
12:26:54.0000 6104 SiSRaid4 - ok
12:26:54.0140 6104 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:26:54.0140 6104 Smb - ok
12:26:54.0281 6104 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
12:26:54.0281 6104 SMSIVZAM5 - ok
12:26:54.0468 6104 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:26:54.0468 6104 spldr - ok
12:26:54.0608 6104 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:26:54.0624 6104 srv - ok
12:26:54.0780 6104 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:26:54.0780 6104 srv2 - ok
12:26:54.0920 6104 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:26:54.0920 6104 srvnet - ok
12:26:55.0108 6104 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
12:26:55.0123 6104 STHDA - ok
12:26:55.0201 6104 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:26:55.0201 6104 swenum - ok
12:26:55.0310 6104 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:26:55.0310 6104 Symc8xx - ok
12:26:55.0404 6104 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:26:55.0404 6104 Sym_hi - ok
12:26:55.0451 6104 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:26:55.0451 6104 Sym_u3 - ok
12:26:55.0747 6104 Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys
12:26:55.0763 6104 Tcpip - ok
12:26:55.0934 6104 Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys
12:26:55.0950 6104 Tcpip6 - ok
12:26:56.0168 6104 tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys
12:26:56.0168 6104 tcpipreg - ok
12:26:56.0246 6104 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:26:56.0246 6104 TDPIPE - ok
12:26:56.0356 6104 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:26:56.0356 6104 TDTCP - ok
12:26:56.0449 6104 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:26:56.0449 6104 tdx - ok
12:26:56.0480 6104 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:26:56.0480 6104 TermDD - ok
12:26:56.0761 6104 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:26:56.0761 6104 tssecsrv - ok
12:26:56.0839 6104 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:26:56.0839 6104 tunmp - ok
12:26:57.0042 6104 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
12:26:57.0058 6104 tunnel - ok
12:26:57.0182 6104 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
12:26:57.0182 6104 uagp35 - ok
12:26:57.0354 6104 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:26:57.0354 6104 udfs - ok
12:26:57.0666 6104 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
12:26:57.0666 6104 uliagpkx - ok
12:26:57.0760 6104 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
12:26:57.0775 6104 uliahci - ok
12:26:57.0962 6104 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:26:57.0962 6104 UlSata - ok
12:26:58.0181 6104 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:26:58.0181 6104 ulsata2 - ok
12:26:58.0321 6104 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:26:58.0321 6104 umbus - ok
12:26:58.0540 6104 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\Windows\system32\Drivers\usbaapl.sys
12:26:58.0540 6104 USBAAPL - ok
12:26:58.0836 6104 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:26:58.0836 6104 usbccgp - ok
12:26:59.0054 6104 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:26:59.0070 6104 usbcir - ok
12:26:59.0148 6104 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:26:59.0164 6104 usbehci - ok
12:26:59.0210 6104 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:26:59.0210 6104 usbhub - ok
12:26:59.0507 6104 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
12:26:59.0507 6104 usbohci - ok
12:26:59.0756 6104 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
12:26:59.0756 6104 usbprint - ok
12:26:59.0866 6104 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
12:26:59.0866 6104 usbscan - ok
12:26:59.0928 6104 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:26:59.0928 6104 USBSTOR - ok
12:27:00.0053 6104 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
12:27:00.0053 6104 usbuhci - ok
12:27:00.0162 6104 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
12:27:00.0178 6104 vga - ok
12:27:00.0412 6104 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:27:00.0412 6104 VgaSave - ok
12:27:00.0646 6104 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
12:27:00.0661 6104 viaagp - ok
12:27:00.0911 6104 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
12:27:00.0911 6104 ViaC7 - ok
12:27:01.0145 6104 viaide (689547ce911998d1e0da7a5992e025fc) C:\Windows\system32\drivers\viaide.sys
12:27:01.0145 6104 viaide - ok
12:27:01.0332 6104 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:27:01.0332 6104 volmgr - ok
12:27:01.0441 6104 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:27:01.0441 6104 volmgrx - ok
12:27:01.0660 6104 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:27:01.0660 6104 volsnap - ok
12:27:01.0847 6104 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
12:27:01.0862 6104 vsmraid - ok
12:27:02.0159 6104 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:27:02.0159 6104 WacomPen - ok
12:27:02.0315 6104 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:27:02.0315 6104 Wanarp - ok
12:27:02.0346 6104 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:27:02.0346 6104 Wanarpv6 - ok
12:27:02.0455 6104 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
12:27:02.0455 6104 Wd - ok
12:27:02.0533 6104 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
12:27:02.0549 6104 Wdf01000 - ok
12:27:02.0767 6104 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
12:27:02.0783 6104 winachsf - ok
12:27:03.0157 6104 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:27:03.0157 6104 WmiAcpi - ok
12:27:03.0313 6104 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
12:27:03.0313 6104 WpdUsb - ok
12:27:03.0407 6104 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:27:03.0407 6104 ws2ifsl - ok
12:27:03.0454 6104 WsAudio_DeviceS(1) (a75dc063c9f0b787cce296c8ccad9c30) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
12:27:03.0454 6104 WsAudio_DeviceS(1) - ok
12:27:03.0672 6104 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:27:03.0672 6104 WUDFRd - ok
12:27:03.0734 6104 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
12:27:03.0734 6104 XAudio - ok
12:27:03.0968 6104 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:27:04.0000 6104 \Device\Harddisk0\DR0 - ok
12:27:04.0015 6104 Boot (0x1200) (e2ca842db32e45c8601e0108c3b58114) \Device\Harddisk0\DR0\Partition0
12:27:04.0015 6104 \Device\Harddisk0\DR0\Partition0 - ok
12:27:04.0031 6104 Boot (0x1200) (c2c3a3aff3d93d98ed7a3cee0d0a04f7) \Device\Harddisk0\DR0\Partition1
12:27:04.0031 6104 \Device\Harddisk0\DR0\Partition1 - ok
12:27:04.0031 6104 ============================================================
12:27:04.0031 6104 Scan finished
12:27:04.0031 6104 ============================================================
12:27:04.0062 1004 Detected object count: 1
12:27:04.0062 1004 Actual detected object count: 1
12:30:00.0716 1004 HKLM\SYSTEM\ControlSet001\services\BthPan - will be deleted on reboot
12:30:00.0763 1004 HKLM\SYSTEM\ControlSet002\services\BthPan - will be deleted on reboot
12:30:00.0779 1004 C:\Windows\system32\DRIVERS\bthpan.sys - will be deleted on reboot
12:30:00.0779 1004 BthPan ( LockedFile.Multi.Generic ) - User select action: Delete
12:30:04.0975 3180 Deinitialize success


aswMBR log: (I did not see the "a-vscan button" to change it to None per your instructions ??)
The fix button was NOT enabled

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-31 12:59:03
-----------------------------
12:59:03.183 OS Version: Windows 6.0.6002 Service Pack 2
12:59:03.184 Number of processors: 2 586 0xF0D
12:59:03.185 ComputerName: ELEANOR-PC UserName: Eleanor
12:59:04.404 Initialize success
12:59:19.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:59:19.132 Disk 0 Vendor: TOSHIBA_ LB01 Size: 238475MB BusType: 3
12:59:19.155 Disk 0 MBR read successfully
12:59:19.161 Disk 0 MBR scan
12:59:19.168 Disk 0 Windows VISTA default MBR code
12:59:19.179 Disk 0 scanning sectors +488394752
12:59:19.291 Disk 0 scanning C:\Windows\system32\drivers
12:59:29.645 Service scanning
12:59:31.351 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
12:59:32.116 Modules scanning
12:59:47.744 Scan finished successfully
13:01:08.025 Disk 0 MBR has been saved successfully to "C:\Users\Eleanor\Desktop\MBR.dat"
13:01:08.045 The log file has been saved successfully to "C:\Users\Eleanor\Desktop\aswMBR.txt"


OTL logs:

OTL logfile created on: 10/31/2011 1:04:45 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eleanor\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 29.01% Memory free
4.23 Gb Paging File | 2.60 Gb Available in Paging File | 61.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.30 Gb Total Space | 157.22 Gb Free Space | 71.37% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.38 Gb Free Space | 33.78% Space Free | Partition Type: NTFS

Computer Name: ELEANOR-PC | User Name: Eleanor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/25 12:31:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eleanor\Desktop\OTL.exe
PRC - [2011/10/20 17:02:55 | 004,615,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/09/19 11:09:04 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/09/07 18:14:04 | 000,161,336 | ---- | M] (Google) -- C:\Users\Eleanor\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/14 10:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/07/24 16:10:13 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/02 13:48:22 | 000,139,264 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/22 19:22:20 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008/11/13 13:17:38 | 000,439,616 | ---- | M] () -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/02 00:37:16 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2008/01/02 00:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2008/01/02 00:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/12/03 01:58:54 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/11/01 17:39:28 | 000,189,736 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/09/24 05:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/24 05:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/24 05:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/24 05:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2006/11/27 11:14:52 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
PRC - [2006/11/03 19:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 19:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/31 12:48:31 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/10/31 12:48:31 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/10/23 23:25:52 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/09/19 12:37:23 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/05/18 15:20:11 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008/05/07 22:33:46 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll
MOD - [2008/02/19 02:33:34 | 000,446,352 | ---- | M] () -- C:\Windows\System32\OpenQuicktimeLib.dll
MOD - [2007/11/16 17:02:18 | 000,479,232 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll
MOD - [2007/11/16 17:02:18 | 000,401,408 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll
MOD - [2006/12/10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2006/11/20 15:29:10 | 000,101,376 | ---- | M] () -- C:\Windows\System32\APOMngr.dll
MOD - [2006/11/13 12:07:34 | 000,066,560 | ---- | M] () -- C:\Windows\System32\CmdRtr.dll
MOD - [2006/11/03 19:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/03 19:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/09/19 11:09:04 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/22 19:22:20 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/11/13 13:17:38 | 000,439,616 | ---- | M] () [Auto | Running] -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/02 00:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008/01/02 00:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/09/19 11:09:01 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/19 11:09:01 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/02/28 19:27:08 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/12 07:13:32 | 000,160,272 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2009/08/12 07:13:32 | 000,113,680 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2009/08/12 07:13:32 | 000,054,416 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2009/08/12 07:13:28 | 000,160,272 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2009/08/12 07:13:28 | 000,011,920 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUWFLT.sys -- (PTDUWFLT)
DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/04/23 16:51:18 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2008/06/23 08:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/02 00:37:18 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/12/03 01:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/12/03 01:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/25 04:40:58 | 007,617,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/24 05:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/08/13 05:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/11/27 03:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 03:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 03:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFree.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google....l/?shva=1#inbox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Eleanor\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Eleanor\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Eleanor\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eleanor\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eleanor\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/07/01 20:12:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/28 03:06:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Eleanor\AppData\Roaming\Move Networks [2010/04/15 15:48:33 | 000,000,000 | ---D | M]

[2009/03/09 23:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eleanor\AppData\Roaming\Mozilla\Extensions
[2009/03/09 23:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eleanor\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Eleanor\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Eleanor\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Eleanor\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Eleanor\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Eleanor\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Eleanor\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Eleanor\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/10/31 12:13:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free TV Bar c3 Toolbar) - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFree.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Free TV Bar c3 Toolbar) - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Free TV Bar c3 Toolbar) - {3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3} - C:\Program Files\Free_TV_Bar_c3\tbFree.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Eleanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Eleanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42B0BD43-60C3-47FB-9C7E-292BE013B0A5}: NameServer = 66.174.95.44 69.78.96.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90A8B256-62D3-4693-BA2E-468926491517}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C227C1FB-8BB0-4A3E-8A16-8B1ABF41F118}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Eleanor\Pictures\IMG00003-20100627-2039.jpg
O24 - Desktop BackupWallPaper: C:\Users\Eleanor\Pictures\IMG00003-20100627-2039.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/31 12:51:50 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Eleanor\Desktop\aswMBR.exe
[2011/10/31 12:35:08 | 000,000,000 | -HSD | C] -- C:\found.002
[2011/10/31 12:25:42 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Eleanor\Desktop\tdsskiller.exe
[2011/10/31 12:19:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/31 11:47:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/31 11:47:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/31 11:47:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/31 11:47:06 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/31 11:47:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/31 11:45:19 | 004,278,520 | R--- | C] (Swearware) -- C:\Users\Eleanor\Desktop\ComboFix.exe
[2011/10/31 10:43:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/25 12:30:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Eleanor\Desktop\OTL.exe
[2011/10/25 10:00:36 | 000,000,000 | ---D | C] -- C:\found.001
[2011/10/21 12:37:37 | 000,000,000 | ---D | C] -- C:\found.000
[2011/10/12 13:32:38 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/12 13:32:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/10/12 13:31:59 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/12 13:31:59 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/12 13:31:59 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/12 13:31:58 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/12 13:31:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/12 13:31:39 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/12 13:31:33 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/12 13:31:33 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/10/12 13:31:33 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/12 13:31:32 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/12 13:31:32 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/12 13:31:32 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/12 13:31:32 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/12 13:31:31 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/10/12 13:31:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/10/12 13:31:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/12 13:31:31 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/12 13:31:31 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/12 13:31:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/12 13:31:30 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/10/12 13:31:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/12 13:31:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/10/12 13:31:25 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/07 15:33:11 | 000,000,000 | ---D | C] -- C:\Users\Eleanor\Documents\MediaConverter
[2011/10/07 15:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft MediaConverter 3
[2011/10/07 12:52:15 | 000,000,000 | ---D | C] -- C:\Users\Eleanor\Desktop\desktop

========== Files - Modified Within 30 Days ==========

[2011/10/31 13:01:08 | 000,000,512 | ---- | M] () -- C:\Users\Eleanor\Desktop\MBR.dat
[2011/10/31 12:51:51 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Eleanor\Desktop\aswMBR.exe
[2011/10/31 12:48:34 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/31 12:48:34 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/31 12:48:03 | 000,027,525 | ---- | M] () -- C:\Users\Eleanor\AppData\Roaming\nvModes.001
[2011/10/31 12:45:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/31 12:45:00 | 2145,431,552 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/31 12:30:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/31 12:25:46 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Eleanor\Desktop\tdsskiller.exe
[2011/10/31 12:25:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-846242405-2255293798-2596077637-1000UA.job
[2011/10/31 12:25:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-846242405-2255293798-2596077637-1000Core.job
[2011/10/31 12:13:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/31 11:45:31 | 004,278,520 | R--- | M] (Swearware) -- C:\Users\Eleanor\Desktop\ComboFix.exe
[2011/10/31 10:23:15 | 000,298,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/27 11:07:57 | 000,002,054 | ---- | M] () -- C:\Users\Eleanor\Desktop\Google Chrome.lnk
[2011/10/27 11:07:57 | 000,002,016 | ---- | M] () -- C:\Users\Eleanor\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/26 12:57:21 | 307,293,375 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/25 12:31:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eleanor\Desktop\OTL.exe
[2011/10/24 19:09:36 | 000,042,374 | ---- | M] () -- C:\Users\Eleanor\Documents\190935.jpg
[2011/10/24 19:09:02 | 000,068,486 | ---- | M] () -- C:\Users\Eleanor\Documents\190900.jpg
[2011/10/24 19:08:39 | 000,044,394 | ---- | M] () -- C:\Users\Eleanor\Documents\190837.jpg
[2011/10/24 19:08:12 | 000,032,974 | ---- | M] () -- C:\Users\Eleanor\Documents\190811.jpg
[2011/10/23 23:08:30 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 22:25:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/10/23 22:25:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/10/23 14:06:19 | 006,458,182 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/23 14:06:19 | 002,198,324 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/17 18:51:10 | 000,074,355 | ---- | M] () -- C:\Users\Eleanor\Desktop\Scan.PDF
[2011/10/13 11:08:09 | 000,391,808 | ---- | M] () -- C:\Users\Eleanor\Desktop\fax cover0001.pdf
[2011/10/08 14:11:14 | 000,000,829 | ---- | M] () -- C:\Users\Eleanor\Desktop\Spotify.lnk
[2011/10/07 21:06:56 | 000,000,552 | ---- | M] () -- C:\Users\Eleanor\AppData\Local\d3d8caps.dat
[2011/10/07 15:42:59 | 000,052,335 | ---- | M] () -- C:\Users\Eleanor\Desktop\IMG00121-20100905-0902.jpg
[2011/10/07 15:31:58 | 000,001,836 | ---- | M] () -- C:\Users\Public\Desktop\Media Converter 3.lnk
[2011/10/07 15:31:58 | 000,001,809 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor.lnk
[2011/10/04 23:40:23 | 000,181,646 | ---- | M] () -- C:\Users\Eleanor\Documents\order_history.pdf

========== Files Created - No Company Name ==========

[2011/10/31 13:01:08 | 000,000,512 | ---- | C] () -- C:\Users\Eleanor\Desktop\MBR.dat
[2011/10/31 11:47:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/31 11:47:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/31 11:47:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/31 11:47:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/31 11:47:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/25 10:16:08 | 2145,431,552 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/24 19:11:54 | 000,068,486 | ---- | C] () -- C:\Users\Eleanor\Documents\190900.jpg
[2011/10/24 19:11:54 | 000,044,394 | ---- | C] () -- C:\Users\Eleanor\Documents\190837.jpg
[2011/10/24 19:11:54 | 000,042,374 | ---- | C] () -- C:\Users\Eleanor\Documents\190935.jpg
[2011/10/24 19:11:54 | 000,032,974 | ---- | C] () -- C:\Users\Eleanor\Documents\190811.jpg
[2011/10/23 22:25:17 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/10/23 22:25:17 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/10/17 18:51:06 | 000,074,355 | ---- | C] () -- C:\Users\Eleanor\Desktop\Scan.PDF
[2011/10/13 11:07:03 | 000,391,808 | ---- | C] () -- C:\Users\Eleanor\Desktop\fax cover0001.pdf
[2011/10/08 14:11:14 | 000,000,829 | ---- | C] () -- C:\Users\Eleanor\Desktop\Spotify.lnk
[2011/10/08 14:11:14 | 000,000,815 | ---- | C] () -- C:\Users\Eleanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2011/10/07 21:06:56 | 000,000,552 | ---- | C] () -- C:\Users\Eleanor\AppData\Local\d3d8caps.dat
[2011/10/07 15:42:59 | 000,052,335 | ---- | C] () -- C:\Users\Eleanor\Desktop\IMG00121-20100905-0902.jpg
[2011/10/07 15:31:58 | 000,001,836 | ---- | C] () -- C:\Users\Public\Desktop\Media Converter 3.lnk
[2011/10/07 15:31:58 | 000,001,809 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor.lnk
[2011/10/04 23:40:21 | 000,181,646 | ---- | C] () -- C:\Users\Eleanor\Documents\order_history.pdf
[2011/05/23 07:56:31 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/12/16 22:08:45 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/12/16 22:08:44 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/12/16 22:08:44 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/12/16 22:08:44 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/12/16 22:08:44 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/12/16 22:08:44 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/12/16 22:08:44 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/12/16 22:08:44 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/12/16 22:08:44 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/12/16 22:08:44 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/12/16 22:08:44 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/12/16 22:08:44 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/12/16 22:08:44 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/12/16 22:08:44 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/12/16 22:08:44 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/12/16 22:08:44 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/12/16 22:06:39 | 000,000,044 | ---- | C] () -- C:\Windows\EPSPR280.ini
[2010/08/08 16:45:11 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2010/08/03 19:58:19 | 000,000,004 | ---- | C] () -- C:\Users\Eleanor\AppData\Roaming\D1B35E
[2010/08/03 19:58:18 | 000,870,128 | ---- | C] () -- C:\Users\Eleanor\AppData\Roaming\mcs.rma
[2010/05/05 08:48:34 | 000,135,110 | ---- | C] () -- C:\Windows\hpwins10.dat.temp
[2010/05/05 08:48:34 | 000,001,042 | ---- | C] () -- C:\Windows\hpwmdl10.dat.temp
[2010/05/05 08:48:19 | 000,010,385 | ---- | C] () -- C:\Windows\hpwscr10.dat
[2010/05/05 08:48:19 | 000,001,042 | ---- | C] () -- C:\Windows\hpwmdl10.dat
[2009/11/09 22:31:57 | 000,148,929 | ---- | C] () -- C:\Windows\hpoins19.dat
[2009/11/09 22:31:37 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009/11/06 15:31:15 | 000,155,648 | ---- | C] () -- C:\Windows\System32\hpsfs.dll
[2009/11/04 17:51:46 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/09/18 07:27:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 07:27:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/14 19:22:33 | 000,134,266 | ---- | C] () -- C:\Windows\hpwins10.dat
[2009/02/17 21:42:59 | 000,007,592 | ---- | C] () -- C:\Users\Eleanor\AppData\Local\d3d9caps.dat
[2009/01/31 10:16:10 | 000,027,525 | ---- | C] () -- C:\Users\Eleanor\AppData\Roaming\nvModes.001
[2009/01/31 03:40:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/29 22:30:14 | 000,027,525 | ---- | C] () -- C:\Users\Eleanor\AppData\Roaming\nvModes.dat
[2009/01/28 23:13:40 | 000,009,926 | ---- | C] () -- C:\Users\Eleanor\AppData\Roaming\wklnhst.dat
[2009/01/28 22:50:46 | 000,027,136 | ---- | C] () -- C:\Users\Eleanor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/23 02:55:35 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2009/01/22 19:28:52 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/01/22 19:22:57 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2009/01/22 19:22:56 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2009/01/22 19:22:56 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2009/01/22 19:04:00 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/04/09 18:00:30 | 000,053,478 | ---- | C] () -- C:\Windows\mvtcpui.ini
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2008/02/07 11:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2007/07/25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/01/03 08:10:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/10 09:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,298,952 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 006,458,182 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 002,198,324 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:14DAD114
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:223BB3A1

< End of report >

OTL Extras logfile created on: 10/31/2011 1:04:45 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eleanor\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 29.01% Memory free
4.23 Gb Paging File | 2.60 Gb Available in Paging File | 61.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.30 Gb Total Space | 157.22 Gb Free Space | 71.37% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.38 Gb Free Space | 33.78% Space Free | Partition Type: NTFS

Computer Name: ELEANOR-PC | User Name: Eleanor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Eleanor\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1626431B-C29D-44D8-8892-C3FA9B3077D2}" = rport=445 | protocol=6 | dir=out | app=system |
"{17C41D19-695C-41B7-95AD-120610A4B838}" = lport=137 | protocol=17 | dir=in | app=system |
"{21D6EAFE-9069-42FC-A8C8-8436768B8E3A}" = lport=445 | protocol=6 | dir=in | app=system |
"{3BC3FFC2-40F5-4279-A9B4-1DD6C36BBDF5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4998484A-4609-48BA-B78D-7692A51FFD20}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{508A8981-A768-4924-8B13-3B602DBEF005}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{52A7F22C-25BE-4120-BF34-425980CF5DD7}" = lport=139 | protocol=6 | dir=in | app=system |
"{72FC88F9-D677-4E5E-B7C7-C5F384CADF87}" = lport=6346 | protocol=6 | dir=in | name=limewire |
"{7301DDD9-808B-4832-AF84-F09789C70877}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D8DB846-E793-4F57-BFED-40C03E3FD4E6}" = lport=138 | protocol=17 | dir=in | app=system |
"{9AAB7017-DBE2-43E5-8437-F705F1AB4922}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A424FD19-76EC-497E-91C3-70028E2878CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA3C4D43-9D0B-4427-B28A-AE501D4BB320}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF8E6AEB-890B-4F59-B68C-55AF7A0C7AE7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D9C0DE3F-C3E6-4485-B590-FFD661A59CBC}" = rport=139 | protocol=6 | dir=out | app=system |
"{D9D221E6-A8E3-4BEE-8460-C8B1DC570F60}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E724B61D-A5AF-459D-9233-5445358DF31C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1977F0A-3B79-4950-ABE9-E33EAA757325}" = rport=137 | protocol=17 | dir=out | app=system |
"{F3D3F69C-D7A3-461E-8B90-752D9BBD8445}" = lport=80 | protocol=6 | dir=in | name=access |
"{F51A2D33-41FF-44C1-B0DE-6C47BBDCC79B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02651669-53C2-4D33-A537-A3067980FE5A}" = protocol=1 | dir=in | [email protected],-28543 |
"{25759AC2-1BED-4890-A4DC-70DF27B4F9C1}" = protocol=17 | dir=in | app=c:\users\eleanor\appdata\roaming\dropbox\bin\dropbox.exe |
"{2D08BCB8-7CF3-4437-BAD5-D908325AFAB3}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{311E1CFE-3E1D-4CF2-83A9-8A62FC563D2B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{3D36A233-63BE-43F5-90BE-791DDE284FC8}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{47954DA7-9859-40F5-995F-77B442E2ED64}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{482F25EF-38F3-456F-BB5B-220387BD73EB}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{4FB085B0-C30B-409E-8944-A01861082E48}" = protocol=1 | dir=out | [email protected],-28544 |
"{57B91844-DD1C-44FF-A903-84E67BA86C70}" = protocol=58 | dir=in | [email protected],-28545 |
"{5BD414D7-73ED-497D-B0BB-65819C39B6E0}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{5D2AFB6A-3B8F-47E3-B948-2437F9A79068}" = protocol=6 | dir=in | app=c:\users\eleanor\appdata\roaming\dropbox\bin\dropbox.exe |
"{623C0377-C27F-4BA2-B4EB-289E48F86928}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{75DDE584-4E16-4B2A-9957-4446142AA7F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A797AA22-9085-40E7-9FAE-39A2E077ADA7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B10E8678-DB02-48B6-A972-E39E39B657BA}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{B670E4D7-D36C-4AEA-A85D-13E213838B8D}" = protocol=17 | dir=in | app=c:\program files\v cast music with rhapsody\rhapsody.exe |
"{B706B761-1A11-4225-95DB-5E4231FBC11A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C795B59C-E621-4A64-9628-D4B3D29167E1}" = protocol=58 | dir=out | [email protected],-28546 |
"{CE83B08F-C110-4074-8DA7-6BBF379707EA}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{CECD69E0-8B14-402C-A20F-B0A9C33E0ADC}" = protocol=6 | dir=in | app=c:\program files\v cast music with rhapsody\rhapsody.exe |
"{D871D282-6E7B-4014-A664-5344AAB96482}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{FB934826-4A47-4AFA-BF37-D0958597EA75}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{10F3242C-8443-439E-B1F4-3CFDFCDBDC31}C:\users\eleanor\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\eleanor\appdata\roaming\spotify\spotify.exe |
"TCP Query User{408FF69A-D4C1-4F71-B725-C5748B5B01DC}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{6FBDAA08-4B9B-43CF-ACA5-8D90C24E896C}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{80CA1F32-0BD5-45D5-9990-E61EE01009E8}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{B468C04D-EC61-40B2-9BAC-9B967822F3E8}C:\users\eleanor\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\eleanor\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{028CC71A-A70F-43EC-8553-E830777CB0E5}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{21C22CCF-40C1-42AC-B4DB-130252BC6709}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{7A8BF561-2239-49E2-9E5D-575604E0ACEF}C:\users\eleanor\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\eleanor\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{822DE5B5-B549-452A-B1D3-73A5852FBA29}C:\users\eleanor\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\eleanor\appdata\roaming\spotify\spotify.exe |
"UDP Query User{FAABE8B5-49E8-4782-AF93-21CCA6E2FEB9}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{037BE7BE-5618-4EE5-9AB6-23690148921D}" = ArcSoft MediaConverter 3
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio EasyArchive
"{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2B14A44F-5815-4136-9ECF-B56E928CEC0F}" = 6200
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F4267E6-E4EE-1224-127E-C8C87656C628}" = TokBox
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C43EAE7-22C0-4b33-ABFB-3757ECA5FD7B}" = HP Officejet All-In-One Series
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{40BA976E-38B8-4C63-990C-50999C8C3521}" = BPD_Scan
"{41A96655-19FB-473c-AAB7-429E372527C8}" = ProductContext
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{68AB3A70-25E1-4D41-BDFF-7ED20C07D623}" = 6200Trb
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7732DA71-2FB6-5C99-D0D9-58A2DB360895}" = FlipShare
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7985F97F-7363-4A1E-80B9-50C4F0E8D19E}" = 6200_Help
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2CC286B-BFE9-4D1F-9EDA-AA3E8289CA12}" = BPDSoftware_Ini
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{AB8BDDBF-7965-4476-B9BC-ED8DFD603AA8}" = HP Officejet All-In-One Series
"{ABDC7CFA-FEB4-4743-A18A-D549571F0B2A}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9530 smartphone
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C13AF9C7-8E06-4354-B629-DF6192CE4A66}" = PANTECH UM175 Driver
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Premier
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CDC85536-A0EF-4401-82A6-25D8EFC7EFAC}" = VZAccess Manager
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E2B4FE1C-2CFA-47EE-A88C-A14D0FF1F0B0}" = BBSAK
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F574616C-4C15-49CE-9C98-E998CD80264A}" = BlackBerry Device Software Updater
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F872A4F8-4EC5-4668-A908-7C7275B0BE49}" = hppusgP2030
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 6.0
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Aimersoft Blackberry Media Converter_is1" = Aimersoft Blackberry Media Converter(Build 1.2.0.0)
"BlackBerry_{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"Free_TV_Bar_c3 Toolbar" = Free TV Bar c3 Toolbar
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP LaserJet P2030 Series" = HP LaserJet P2030 Series
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"LimeWire" = LimeWire 5.2.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"ProInst" = Intel® PROSet/Wireless Software
"Silent Package Run-Time Sample" = EPSON R280 User's Guide
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.0.0.799
"Move Media Player" = Move Media Player
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/20/2011 11:01:54 PM | Computer Name = Eleanor-PC | Source = LoadPerf | ID = 3011
Description =

Error - 2/22/2011 3:23:11 PM | Computer Name = Eleanor-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.19019 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1fa0 Start Time: 01cbd292e87f4480 Termination Time: 59

Error - 2/22/2011 5:13:40 PM | Computer Name = Eleanor-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19019, time stamp
0x4d0c3d4c, faulting module SHELL32.dll, version 6.0.6002.18393, time stamp 0x4d39b5c7,
exception code 0xc0000005, fault offset 0x00088db1, process id 0x1bd8, application
start time 0x01cbd2c5f5265f10.

Error - 2/24/2011 9:59:12 AM | Computer Name = Eleanor-PC | Source = LoadPerf | ID = 3012
Description =

Error - 2/24/2011 9:59:12 AM | Computer Name = Eleanor-PC | Source = LoadPerf | ID = 3011
Description =

Error - 2/24/2011 10:02:46 PM | Computer Name = Eleanor-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19019, time stamp
0x4d0c3d4c, faulting module swg.dll_unloaded, version 0.0.0.0, time stamp 0x4c645671,
exception code 0xc0000005, fault offset 0x049ea611, process id 0x5a8, application
start time 0x01cbd48fecfc2330.

Error - 2/25/2011 10:07:40 AM | Computer Name = Eleanor-PC | Source = LoadPerf | ID = 3012
Description =

Error - 2/25/2011 10:07:40 AM | Computer Name = Eleanor-PC | Source = LoadPerf | ID = 3011
Description =

Error - 2/28/2011 11:36:23 AM | Computer Name = Eleanor-PC | Source = LoadPerf | ID = 3012
Description =

Error - 2/28/2011 11:36:23 AM | Computer Name = Eleanor-PC | Source = LoadPerf | ID = 3011
Description =

[ Media Center Events ]
Error - 5/10/2009 11:35:55 PM | Computer Name = Eleanor-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 12:03:25 PM | Computer Name = Eleanor-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 6:48:12 PM | Computer Name = Eleanor-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#6
RKinner
Posted 01 November 2011 - 12:21 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
TDSSKiller found something. Said it would fix it on the reboot. Please run it again and post the log so I can be sure it did.

MSSE is not working right.


Download and Save the free Avast installer.
http://www.avast.com...ivirus-download

Uninstall Microsoft Security Essentials

Reboot

Install the free Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
See if you can find C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt. Copy and paste it into a reply.

Ron
  • 0

#7
Raven.Drive.mom
Posted 02 November 2011 - 09:47 AM

Raven.Drive.mom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here is the TSSkiller log:

20:52:22.0182 3180 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
20:52:22.0591 3180 ============================================================
20:52:22.0591 3180 Current date / time: 2011/11/01 20:52:22.0591
20:52:22.0591 3180 SystemInfo:
20:52:22.0591 3180
20:52:22.0592 3180 OS Version: 6.0.6002 ServicePack: 2.0
20:52:22.0592 3180 Product type: Workstation
20:52:22.0592 3180 ComputerName: ELEANOR-PC
20:52:22.0592 3180 UserName: Eleanor
20:52:22.0592 3180 Windows directory: C:\Windows
20:52:22.0592 3180 System windows directory: C:\Windows
20:52:22.0592 3180 Processor architecture: Intel x86
20:52:22.0592 3180 Number of processors: 2
20:52:22.0593 3180 Page size: 0x1000
20:52:22.0593 3180 Boot type: Normal boot
20:52:22.0593 3180 ============================================================
20:52:24.0081 3180 Initialize success
20:52:26.0185 4236 ============================================================
20:52:26.0185 4236 Scan started
20:52:26.0185 4236 Mode: Manual;
20:52:26.0185 4236 ============================================================
20:52:27.0958 4236 07384042 - ok
20:52:28.0406 4236 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:52:28.0412 4236 ACPI - ok
20:52:28.0861 4236 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
20:52:28.0872 4236 adp94xx - ok
20:52:29.0364 4236 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
20:52:29.0372 4236 adpahci - ok
20:52:29.0891 4236 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
20:52:29.0894 4236 adpu160m - ok
20:52:30.0330 4236 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
20:52:30.0351 4236 adpu320 - ok
20:52:30.0675 4236 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
20:52:30.0677 4236 Afc - ok
20:52:31.0003 4236 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:52:31.0009 4236 AFD - ok
20:52:31.0313 4236 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
20:52:31.0315 4236 agp440 - ok
20:52:31.0821 4236 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:52:31.0824 4236 aic78xx - ok
20:52:32.0164 4236 aliide (e32a92e1574a467f7c762922f6162d76) C:\Windows\system32\drivers\aliide.sys
20:52:32.0165 4236 aliide - ok
20:52:32.0439 4236 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
20:52:32.0441 4236 amdagp - ok
20:52:32.0864 4236 amdide (b52b576cb0099a62f87214f371031561) C:\Windows\system32\drivers\amdide.sys
20:52:32.0866 4236 amdide - ok
20:52:33.0201 4236 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
20:52:33.0203 4236 AmdK7 - ok
20:52:33.0749 4236 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
20:52:33.0751 4236 AmdK8 - ok
20:52:34.0169 4236 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:52:34.0174 4236 ApfiltrService - ok
20:52:34.0600 4236 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
20:52:34.0603 4236 arc - ok
20:52:35.0019 4236 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
20:52:35.0022 4236 arcsas - ok
20:52:35.0545 4236 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:52:35.0546 4236 AsyncMac - ok
20:52:36.0404 4236 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:52:36.0405 4236 atapi - ok
20:52:36.0832 4236 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:52:36.0837 4236 b57nd60x - ok
20:52:37.0349 4236 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:52:37.0350 4236 Beep - ok
20:52:37.0858 4236 blbdrive - ok
20:52:38.0174 4236 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:52:38.0177 4236 bowser - ok
20:52:38.0730 4236 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:52:38.0732 4236 BrFiltLo - ok
20:52:39.0409 4236 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:52:39.0411 4236 BrFiltUp - ok
20:52:39.0831 4236 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:52:39.0833 4236 Brserid - ok
20:52:40.0323 4236 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:52:40.0325 4236 BrSerWdm - ok
20:52:41.0147 4236 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:52:41.0149 4236 BrUsbMdm - ok
20:52:41.0771 4236 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:52:41.0773 4236 BrUsbSer - ok
20:52:42.0400 4236 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
20:52:42.0401 4236 BthEnum - ok
20:52:42.0827 4236 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:52:42.0829 4236 BTHMODEM - ok
20:52:43.0103 4236 BthPan - ok
20:52:43.0929 4236 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
20:52:43.0943 4236 BTHPORT - ok
20:52:44.0487 4236 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
20:52:44.0489 4236 BTHUSB - ok
20:52:45.0072 4236 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
20:52:45.0075 4236 btwaudio - ok
20:52:45.0551 4236 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
20:52:45.0555 4236 btwavdt - ok
20:52:46.0070 4236 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
20:52:46.0072 4236 btwrchid - ok
20:52:46.0434 4236 catchme - ok
20:52:47.0073 4236 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:52:47.0075 4236 cdfs - ok
20:52:47.0794 4236 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:52:47.0797 4236 cdrom - ok
20:52:48.0406 4236 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
20:52:48.0408 4236 circlass - ok
20:52:48.0873 4236 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:52:48.0880 4236 CLFS - ok
20:52:49.0410 4236 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:52:49.0412 4236 CmBatt - ok
20:52:50.0298 4236 cmdide (c177dd90b5dc1dcaa96ccece752e6f0f) C:\Windows\system32\drivers\cmdide.sys
20:52:50.0343 4236 cmdide - ok
20:52:51.0254 4236 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:52:51.0255 4236 Compbatt - ok
20:52:51.0776 4236 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
20:52:51.0778 4236 crcdisk - ok
20:52:52.0352 4236 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
20:52:52.0354 4236 Crusoe - ok
20:52:52.0729 4236 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:52:52.0732 4236 DfsC - ok
20:52:53.0574 4236 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:52:53.0577 4236 disk - ok
20:52:54.0143 4236 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
20:52:54.0147 4236 Dot4 - ok
20:52:54.0486 4236 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:52:54.0487 4236 Dot4Print - ok
20:52:54.0734 4236 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
20:52:54.0736 4236 dot4usb - ok
20:52:54.0891 4236 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:52:54.0893 4236 drmkaud - ok
20:52:55.0447 4236 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:52:55.0618 4236 DXGKrnl - ok
20:52:56.0240 4236 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
20:52:56.0246 4236 e1express - ok
20:52:56.0655 4236 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:52:56.0659 4236 E1G60 - ok
20:52:57.0269 4236 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:52:57.0273 4236 Ecache - ok
20:52:57.0692 4236 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
20:52:57.0701 4236 elxstor - ok
20:52:58.0108 4236 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:52:58.0112 4236 exfat - ok
20:52:58.0705 4236 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:52:58.0709 4236 fastfat - ok
20:52:59.0078 4236 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
20:52:59.0080 4236 fdc - ok
20:52:59.0465 4236 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:52:59.0467 4236 FileInfo - ok
20:53:00.0022 4236 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:53:00.0023 4236 Filetrace - ok
20:53:00.0586 4236 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
20:53:00.0588 4236 flpydisk - ok
20:53:00.0866 4236 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:53:00.0872 4236 FltMgr - ok
20:53:01.0335 4236 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:53:01.0337 4236 Fs_Rec - ok
20:53:02.0336 4236 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
20:53:02.0338 4236 gagp30kx - ok
20:53:02.0851 4236 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:53:02.0853 4236 GEARAspiWDM - ok
20:53:03.0411 4236 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:53:03.0426 4236 HDAudBus - ok
20:53:03.0783 4236 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:53:03.0785 4236 HidBth - ok
20:53:04.0048 4236 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:53:04.0050 4236 HidIr - ok
20:53:04.0165 4236 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:53:04.0166 4236 HidUsb - ok
20:53:04.0331 4236 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
20:53:04.0333 4236 HpCISSs - ok
20:53:04.0536 4236 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:53:04.0560 4236 HSF_DPV - ok
20:53:04.0707 4236 HSXHWAZL (cfbc2b81972e298f0e19ee68fa9e73da) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:53:04.0713 4236 HSXHWAZL - ok
20:53:04.0792 4236 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:53:04.0802 4236 HTTP - ok
20:53:04.0931 4236 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
20:53:04.0933 4236 i2omp - ok
20:53:04.0999 4236 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:53:05.0002 4236 i8042prt - ok
20:53:05.0051 4236 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
20:53:05.0059 4236 iaStor - ok
20:53:05.0213 4236 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
20:53:05.0219 4236 iaStorV - ok
20:53:05.0256 4236 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:53:05.0259 4236 iirsp - ok
20:53:05.0349 4236 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\DRIVERS\intelide.sys
20:53:05.0351 4236 intelide - ok
20:53:05.0469 4236 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:53:05.0471 4236 intelppm - ok
20:53:05.0514 4236 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:53:05.0517 4236 IpFilterDriver - ok
20:53:05.0540 4236 IpInIp - ok
20:53:05.0605 4236 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
20:53:05.0608 4236 IPMIDRV - ok
20:53:05.0727 4236 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:53:05.0731 4236 IPNAT - ok
20:53:05.0813 4236 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:53:05.0814 4236 IRENUM - ok
20:53:05.0948 4236 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
20:53:05.0950 4236 isapnp - ok
20:53:06.0016 4236 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:53:06.0022 4236 iScsiPrt - ok
20:53:06.0048 4236 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:53:06.0050 4236 iteatapi - ok
20:53:06.0198 4236 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:53:06.0200 4236 iteraid - ok
20:53:06.0262 4236 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:53:06.0264 4236 kbdclass - ok
20:53:06.0292 4236 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:53:06.0293 4236 kbdhid - ok
20:53:06.0732 4236 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
20:53:06.0743 4236 KSecDD - ok
20:53:06.0896 4236 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:53:06.0899 4236 lltdio - ok
20:53:07.0013 4236 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
20:53:07.0015 4236 LSI_FC - ok
20:53:07.0207 4236 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
20:53:07.0210 4236 LSI_SAS - ok
20:53:07.0289 4236 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
20:53:07.0292 4236 LSI_SCSI - ok
20:53:07.0332 4236 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:53:07.0335 4236 luafv - ok
20:53:07.0470 4236 MCSTRM - ok
20:53:07.0548 4236 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:53:07.0550 4236 mdmxsdk - ok
20:53:07.0634 4236 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
20:53:07.0637 4236 megasas - ok
20:53:07.0755 4236 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:53:07.0758 4236 Modem - ok
20:53:07.0804 4236 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:53:07.0805 4236 monitor - ok
20:53:07.0874 4236 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:53:07.0876 4236 mouclass - ok
20:53:07.0981 4236 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:53:07.0983 4236 mouhid - ok
20:53:08.0032 4236 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:53:08.0035 4236 MountMgr - ok
20:53:08.0255 4236 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
20:53:08.0261 4236 MpFilter - ok
20:53:08.0327 4236 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
20:53:08.0330 4236 mpio - ok
20:53:08.0438 4236 MpKsl04c6a152 - ok
20:53:08.0458 4236 MpKsl0c0681fc - ok
20:53:08.0498 4236 MpKsl0ef13b83 - ok
20:53:08.0527 4236 MpKsl15bec4f9 - ok
20:53:08.0544 4236 MpKsl18a3b54b - ok
20:53:08.0568 4236 MpKsl1e3bace9 - ok
20:53:08.0603 4236 MpKsl1ea06b0c - ok
20:53:08.0614 4236 MpKsl20971e6c - ok
20:53:08.0633 4236 MpKsl22339f01 - ok
20:53:08.0650 4236 MpKsl2331ca1f - ok
20:53:08.0671 4236 MpKsl240abc5c - ok
20:53:08.0690 4236 MpKsl24e0135f - ok
20:53:08.0713 4236 MpKsl27a47820 - ok
20:53:08.0733 4236 MpKsl2ec22112 - ok
20:53:08.0790 4236 MpKsl31c8143b - ok
20:53:08.0845 4236 MpKsl34b22294 - ok
20:53:08.0892 4236 MpKsl37b5235e - ok
20:53:08.0909 4236 MpKsl3bd1f685 - ok
20:53:08.0936 4236 MpKsl3f4a5917 - ok
20:53:08.0956 4236 MpKsl433f4211 - ok
20:53:08.0983 4236 MpKsl445a2df0 - ok
20:53:09.0019 4236 MpKsl448ef9f7 - ok
20:53:09.0034 4236 MpKsl45c37355 - ok
20:53:09.0051 4236 MpKsl4652afa1 - ok
20:53:09.0156 4236 MpKsl51bbbfe3 - ok
20:53:09.0197 4236 MpKsl525a68ff - ok
20:53:09.0250 4236 MpKsl5461fb3a - ok
20:53:09.0329 4236 MpKsl5510f5cc - ok
20:53:09.0347 4236 MpKsl576ad885 - ok
20:53:09.0414 4236 MpKsl57eda07c - ok
20:53:09.0545 4236 MpKsl5825dcf8 - ok
20:53:09.0562 4236 MpKsl5a39433f - ok
20:53:09.0603 4236 MpKsl5a4d7e2a - ok
20:53:09.0790 4236 MpKsl6884d9e3 - ok
20:53:09.0990 4236 MpKsl68e17f44 - ok
20:53:10.0234 4236 MpKsl6af10afb - ok
20:53:10.0291 4236 MpKsl6f0e9d05 - ok
20:53:10.0345 4236 MpKsl710fcf9e - ok
20:53:10.0362 4236 MpKsl7e778e8a - ok
20:53:10.0501 4236 MpKsl80e8119e - ok
20:53:10.0557 4236 MpKsl81aee43c - ok
20:53:10.0631 4236 MpKsl85b6ed60 - ok
20:53:10.0678 4236 MpKsl87792a19 - ok
20:53:10.0778 4236 MpKsl88ad2707 - ok
20:53:10.0813 4236 MpKsl88d1eb23 - ok
20:53:10.0830 4236 MpKsl8aff951a - ok
20:53:10.0979 4236 MpKsl9b23d449 - ok
20:53:11.0024 4236 MpKsla38e6eb8 - ok
20:53:11.0100 4236 MpKsla67b284d - ok
20:53:11.0118 4236 MpKslaa48ea9a - ok
20:53:11.0223 4236 MpKslabb911c8 - ok
20:53:11.0280 4236 MpKslbfd472e8 - ok
20:53:11.0345 4236 MpKslc9acfe28 - ok
20:53:11.0364 4236 MpKslccf05567 - ok
20:53:11.0467 4236 MpKsldae683ab - ok
20:53:11.0602 4236 MpKsldebb3ce2 - ok
20:53:11.0620 4236 MpKsle34cdf91 - ok
20:53:11.0640 4236 MpKsle61c3cb8 - ok
20:53:11.0701 4236 MpKsle7a503da - ok
20:53:11.0719 4236 MpKsle84c923d - ok
20:53:11.0768 4236 MpKslecc4db06 - ok
20:53:11.0857 4236 MpKslf5713a58 - ok
20:53:11.0926 4236 MpKslf686bc4b - ok
20:53:11.0977 4236 MpKslf6aed8fc - ok
20:53:11.0994 4236 MpKslf7d6b26b - ok
20:53:12.0015 4236 MpKslfc486db0 - ok
20:53:12.0201 4236 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
20:53:12.0202 4236 MpNWMon - ok
20:53:12.0266 4236 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:53:12.0269 4236 mpsdrv - ok
20:53:12.0447 4236 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:53:12.0449 4236 Mraid35x - ok
20:53:12.0534 4236 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:53:12.0538 4236 MRxDAV - ok
20:53:12.0689 4236 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:53:12.0693 4236 mrxsmb - ok
20:53:12.0773 4236 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:53:12.0779 4236 mrxsmb10 - ok
20:53:12.0957 4236 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:53:12.0960 4236 mrxsmb20 - ok
20:53:13.0049 4236 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
20:53:13.0050 4236 msahci - ok
20:53:13.0238 4236 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
20:53:13.0240 4236 msdsm - ok
20:53:13.0605 4236 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:53:13.0607 4236 Msfs - ok
20:53:14.0009 4236 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:53:14.0011 4236 msisadrv - ok
20:53:14.0368 4236 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:53:14.0370 4236 MSKSSRV - ok
20:53:14.0868 4236 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:53:14.0870 4236 MSPCLOCK - ok
20:53:15.0000 4236 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:53:15.0002 4236 MSPQM - ok
20:53:15.0080 4236 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:53:15.0085 4236 MsRPC - ok
20:53:15.0156 4236 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:53:15.0158 4236 mssmbios - ok
20:53:15.0352 4236 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:53:15.0353 4236 MSTEE - ok
20:53:15.0474 4236 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:53:15.0476 4236 Mup - ok
20:53:15.0555 4236 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:53:15.0560 4236 NativeWifiP - ok
20:53:15.0624 4236 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:53:15.0632 4236 NDIS - ok
20:53:15.0733 4236 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:53:15.0736 4236 NdisTapi - ok
20:53:15.0795 4236 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:53:15.0797 4236 Ndisuio - ok
20:53:15.0933 4236 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:53:15.0937 4236 NdisWan - ok
20:53:15.0973 4236 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:53:15.0976 4236 NDProxy - ok
20:53:16.0231 4236 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:53:16.0233 4236 NetBIOS - ok
20:53:16.0445 4236 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:53:16.0450 4236 netbt - ok
20:53:16.0717 4236 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
20:53:16.0752 4236 NETw4v32 - ok
20:53:16.0970 4236 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:53:16.0972 4236 nfrd960 - ok
20:53:17.0219 4236 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:53:17.0221 4236 NisDrv - ok
20:53:17.0507 4236 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:53:17.0509 4236 Npfs - ok
20:53:17.0696 4236 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:53:17.0698 4236 nsiproxy - ok
20:53:17.0890 4236 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:53:17.0915 4236 Ntfs - ok
20:53:18.0170 4236 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:53:18.0173 4236 ntrigdigi - ok
20:53:18.0387 4236 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
20:53:18.0389 4236 NuidFltr - ok
20:53:18.0586 4236 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:53:18.0588 4236 Null - ok
20:53:18.0998 4236 nvlddmkm (615024cafe830d0bdccafddac8a23650) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:53:19.0251 4236 nvlddmkm - ok
20:53:19.0393 4236 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
20:53:19.0396 4236 nvraid - ok
20:53:19.0428 4236 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
20:53:19.0431 4236 nvstor - ok
20:53:19.0469 4236 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
20:53:19.0472 4236 nv_agp - ok
20:53:19.0494 4236 NwlnkFlt - ok
20:53:19.0528 4236 NwlnkFwd - ok
20:53:19.0607 4236 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
20:53:19.0613 4236 OEM02Dev - ok
20:53:19.0720 4236 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
20:53:19.0722 4236 OEM02Vfx - ok
20:53:19.0759 4236 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:53:19.0762 4236 ohci1394 - ok
20:53:19.0875 4236 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:53:19.0879 4236 Parport - ok
20:53:20.0036 4236 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:53:20.0039 4236 partmgr - ok
20:53:20.0097 4236 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:53:20.0099 4236 Parvdm - ok
20:53:20.0162 4236 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:53:20.0166 4236 pci - ok
20:53:20.0311 4236 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
20:53:20.0313 4236 pciide - ok
20:53:20.0392 4236 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:53:20.0397 4236 pcmcia - ok
20:53:20.0534 4236 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:53:20.0554 4236 PEAUTH - ok
20:53:20.0851 4236 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:53:20.0854 4236 PptpMiniport - ok
20:53:20.0928 4236 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
20:53:20.0930 4236 Processor - ok
20:53:21.0030 4236 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:53:21.0033 4236 PSched - ok
20:53:21.0209 4236 PTDUBus (dbaf8a53d7669efb4742896b458181d0) C:\Windows\system32\DRIVERS\PTDUBus.sys
20:53:21.0211 4236 PTDUBus - ok
20:53:21.0282 4236 PTDUMdm (fa4e2a5cf478624d3154fb045fb2d076) C:\Windows\system32\DRIVERS\PTDUMdm.sys
20:53:21.0285 4236 PTDUMdm - ok
20:53:21.0324 4236 PTDUVsp (9c489b38ca13f251289004fe4f8631dd) C:\Windows\system32\DRIVERS\PTDUVsp.sys
20:53:21.0327 4236 PTDUVsp - ok
20:53:21.0486 4236 PTDUWFLT (37a75ac00d26364a5ea2050a6f85c2d0) C:\Windows\system32\DRIVERS\PTDUWFLT.sys
20:53:21.0488 4236 PTDUWFLT - ok
20:53:21.0532 4236 PTDUWWAN (f4a789a94ff74a47eb321be4465259d0) C:\Windows\system32\DRIVERS\PTDUWWAN.sys
20:53:21.0535 4236 PTDUWWAN - ok
20:53:21.0614 4236 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
20:53:21.0616 4236 PxHelp20 - ok
20:53:21.0804 4236 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
20:53:21.0825 4236 ql2300 - ok
20:53:21.0983 4236 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:53:21.0987 4236 ql40xx - ok
20:53:22.0053 4236 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:53:22.0056 4236 QWAVEdrv - ok
20:53:22.0187 4236 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
20:53:22.0232 4236 R300 - ok
20:53:22.0365 4236 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:53:22.0367 4236 RasAcd - ok
20:53:22.0431 4236 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:53:22.0434 4236 Rasl2tp - ok
20:53:22.0740 4236 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:53:22.0743 4236 RasPppoe - ok
20:53:22.0964 4236 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:53:22.0967 4236 RasSstp - ok
20:53:23.0207 4236 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:53:23.0214 4236 rdbss - ok
20:53:23.0462 4236 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:53:23.0464 4236 RDPCDD - ok
20:53:23.0749 4236 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
20:53:23.0759 4236 rdpdr - ok
20:53:23.0899 4236 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:53:23.0901 4236 RDPENCDD - ok
20:53:24.0003 4236 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:53:24.0008 4236 RDPWD - ok
20:53:24.0251 4236 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
20:53:24.0257 4236 RFCOMM - ok
20:53:24.0431 4236 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
20:53:24.0433 4236 rimmptsk - ok
20:53:24.0474 4236 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
20:53:24.0477 4236 rimsptsk - ok
20:53:24.0594 4236 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
20:53:24.0596 4236 RimUsb - ok
20:53:24.0651 4236 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
20:53:24.0653 4236 RimVSerPort - ok
20:53:24.0711 4236 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
20:53:24.0714 4236 rismxdp - ok
20:53:24.0896 4236 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
20:53:24.0900 4236 ROOTMODEM - ok
20:53:25.0183 4236 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:53:25.0185 4236 rspndr - ok
20:53:25.0282 4236 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:53:25.0284 4236 SASDIFSV - ok
20:53:25.0365 4236 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
20:53:25.0366 4236 SASENUM - ok
20:53:25.0417 4236 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
20:53:25.0419 4236 SASKUTIL - ok
20:53:25.0684 4236 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:53:25.0687 4236 sbp2port - ok
20:53:25.0923 4236 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
20:53:25.0926 4236 sdbus - ok
20:53:26.0028 4236 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:53:26.0030 4236 secdrv - ok
20:53:26.0207 4236 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:53:26.0209 4236 Serenum - ok
20:53:26.0304 4236 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:53:26.0307 4236 Serial - ok
20:53:26.0382 4236 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:53:26.0384 4236 sermouse - ok
20:53:26.0574 4236 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
20:53:26.0576 4236 sffdisk - ok
20:53:26.0638 4236 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
20:53:26.0640 4236 sffp_mmc - ok
20:53:26.0708 4236 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:53:26.0710 4236 sffp_sd - ok
20:53:26.0823 4236 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:53:26.0826 4236 sfloppy - ok
20:53:26.0934 4236 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
20:53:26.0936 4236 sisagp - ok
20:53:27.0089 4236 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
20:53:27.0091 4236 SiSRaid2 - ok
20:53:27.0200 4236 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
20:53:27.0203 4236 SiSRaid4 - ok
20:53:27.0381 4236 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:53:27.0384 4236 Smb - ok
20:53:27.0518 4236 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
20:53:27.0520 4236 SMSIVZAM5 - ok
20:53:27.0739 4236 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:53:27.0741 4236 spldr - ok
20:53:27.0829 4236 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:53:27.0837 4236 srv - ok
20:53:27.0893 4236 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:53:27.0899 4236 srv2 - ok
20:53:28.0033 4236 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:53:28.0037 4236 srvnet - ok
20:53:28.0191 4236 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
20:53:28.0200 4236 STHDA - ok
20:53:28.0257 4236 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:53:28.0259 4236 swenum - ok
20:53:28.0365 4236 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:53:28.0367 4236 Symc8xx - ok
20:53:28.0460 4236 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:53:28.0463 4236 Sym_hi - ok
20:53:28.0500 4236 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:53:28.0503 4236 Sym_u3 - ok
20:53:28.0761 4236 Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys
20:53:28.0783 4236 Tcpip - ok
20:53:28.0892 4236 Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys
20:53:28.0906 4236 Tcpip6 - ok
20:53:28.0993 4236 tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys
20:53:28.0996 4236 tcpipreg - ok
20:53:29.0083 4236 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:53:29.0085 4236 TDPIPE - ok
20:53:29.0246 4236 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:53:29.0248 4236 TDTCP - ok
20:53:29.0341 4236 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:53:29.0344 4236 tdx - ok
20:53:29.0437 4236 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:53:29.0440 4236 TermDD - ok
20:53:29.0617 4236 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:53:29.0619 4236 tssecsrv - ok
20:53:29.0684 4236 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:53:29.0686 4236 tunmp - ok
20:53:29.0815 4236 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:53:29.0818 4236 tunnel - ok
20:53:29.0898 4236 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
20:53:29.0901 4236 uagp35 - ok
20:53:29.0973 4236 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:53:29.0980 4236 udfs - ok
20:53:30.0125 4236 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
20:53:30.0128 4236 uliagpkx - ok
20:53:30.0220 4236 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
20:53:30.0226 4236 uliahci - ok
20:53:30.0305 4236 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:53:30.0308 4236 UlSata - ok
20:53:30.0442 4236 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:53:30.0445 4236 ulsata2 - ok
20:53:30.0509 4236 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:53:30.0513 4236 umbus - ok
20:53:30.0653 4236 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\Windows\system32\Drivers\usbaapl.sys
20:53:30.0656 4236 USBAAPL - ok
20:53:30.0808 4236 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:53:30.0811 4236 usbccgp - ok
20:53:30.0916 4236 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:53:30.0919 4236 usbcir - ok
20:53:31.0043 4236 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:53:31.0046 4236 usbehci - ok
20:53:31.0086 4236 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:53:31.0092 4236 usbhub - ok
20:53:31.0188 4236 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:53:31.0191 4236 usbohci - ok
20:53:31.0267 4236 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:53:31.0269 4236 usbprint - ok
20:53:31.0361 4236 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:53:31.0364 4236 usbscan - ok
20:53:31.0427 4236 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:53:31.0430 4236 USBSTOR - ok
20:53:31.0507 4236 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:53:31.0509 4236 usbuhci - ok
20:53:31.0702 4236 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
20:53:31.0704 4236 vga - ok
20:53:31.0770 4236 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:53:31.0772 4236 VgaSave - ok
20:53:31.0908 4236 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
20:53:31.0910 4236 viaagp - ok
20:53:31.0945 4236 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
20:53:31.0947 4236 ViaC7 - ok
20:53:32.0019 4236 viaide (689547ce911998d1e0da7a5992e025fc) C:\Windows\system32\drivers\viaide.sys
20:53:32.0021 4236 viaide - ok
20:53:32.0282 4236 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:53:32.0285 4236 volmgr - ok
20:53:32.0415 4236 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:53:32.0424 4236 volmgrx - ok
20:53:32.0574 4236 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:53:32.0580 4236 volsnap - ok
20:53:32.0695 4236 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
20:53:32.0699 4236 vsmraid - ok
20:53:32.0865 4236 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:53:32.0867 4236 WacomPen - ok
20:53:32.0936 4236 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:53:32.0944 4236 Wanarp - ok
20:53:32.0963 4236 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:53:32.0966 4236 Wanarpv6 - ok
20:53:33.0092 4236 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
20:53:33.0094 4236 Wd - ok
20:53:33.0341 4236 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:53:33.0354 4236 Wdf01000 - ok
20:53:33.0721 4236 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:53:33.0737 4236 winachsf - ok
20:53:34.0092 4236 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:53:34.0094 4236 WmiAcpi - ok
20:53:34.0227 4236 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:53:34.0230 4236 WpdUsb - ok
20:53:34.0323 4236 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:53:34.0325 4236 ws2ifsl - ok
20:53:34.0482 4236 WsAudio_DeviceS(1) (a75dc063c9f0b787cce296c8ccad9c30) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
20:53:34.0485 4236 WsAudio_DeviceS(1) - ok
20:53:34.0604 4236 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:53:34.0607 4236 WUDFRd - ok
20:53:34.0683 4236 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
20:53:34.0685 4236 XAudio - ok
20:53:34.0917 4236 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:53:34.0942 4236 \Device\Harddisk0\DR0 - ok
20:53:34.0957 4236 Boot (0x1200) (e2ca842db32e45c8601e0108c3b58114) \Device\Harddisk0\DR0\Partition0
20:53:34.0958 4236 \Device\Harddisk0\DR0\Partition0 - ok
20:53:34.0968 4236 Boot (0x1200) (c2c3a3aff3d93d98ed7a3cee0d0a04f7) \Device\Harddisk0\DR0\Partition1
20:53:34.0970 4236 \Device\Harddisk0\DR0\Partition1 - ok
20:53:34.0974 4236 ============================================================
20:53:34.0975 4236 Scan finished
20:53:34.0975 4236 ============================================================
20:53:35.0003 4632 Detected object count: 0
20:53:35.0003 4632 Actual detected object count: 0
20:53:39.0198 5736 Deinitialize success


I deleted Microsoft Security Essenials and download Avast and did the scan. It did find one virus. During the scan I saw that it was "malware-gen".
I couldn't find C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt :)
  • 0

#8
RKinner
Posted 02 November 2011 - 10:22 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#9
Raven.Drive.mom
Posted 02 November 2011 - 10:30 AM

Raven.Drive.mom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Okay..doing that right now..

I did look at the Avast scan logs and here what it said:
File Name: C:users\Eleanor\Documents\legal\EXiT\SC602\FrostWireInstaller.exel>$TEMP\worker.exel>nsis.hdr
(the underlined l is really a staight line but I don't know how to make that symbol)
Severity: High
Status: Threat:Other:Malware-gen
Result: Error: There are no more files(18)
  • 0

#10
Raven.Drive.mom
Posted 02 November 2011 - 02:55 PM

Raven.Drive.mom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I did everything you asked. The disk Check ran (by the way, it still wants to run on every reboot)
When I did the driver check, there were quite a few listed but there were no dates.?

Here is the VEV log:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 02/11/2011 4:49:59 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/11/2011 6:54:11 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: 07384042

Log: 'System' Date/Time: 02/11/2011 6:54:07 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 02/11/2011 6:54:07 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The event description cannot be found.

Log: 'System' Date/Time: 02/11/2011 6:53:20 PM
Type: Error Category: 0
Event: 5101 Source: Microsoft Antimalware
Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): ?11/?2/?2011 6:53:20 PM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/11/2011 6:51:27 PM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetLink ™ Fast Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 02/11/2011 4:35:58 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 02/11/2011 4:35:57 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll
  • 0

Advertisements

#11
Raven.Drive.mom
Posted 02 November 2011 - 03:08 PM

Raven.Drive.mom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Not sure if this will be helpful but on the Signature Verification Results, there were 55 unsigned and 67 not scanned.
The ones listed were all in file C:\windows\nvtmpinst and had names that all looked similar like nv3dchs.chm, nvdesm.chm, nv3dita.chm, nv3dfra.chm, nvph.chm, ....and it said "unknown" for all of them under dtate modified.

The last two listed are different

Name: bthpan.sys in file C:\windows\system32\driver and date modified is "unknown"

Name: wsaudio-devices(1).sys in file C:\windows\system32\driver and modified on 4/23/2009
  • 0

#12
RKinner
Posted 02 November 2011 - 04:54 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/11/2011 6:54:11 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: 07384042


Right click on Computer and select Manage (Continue) then Device Manager then at the top, View, Show Hidden Devices. Look for one called:
07384042
I expect it will have a red mark next to it - might be in the Non-Plug and Play Drivers section. If you find it right click on it and Uninstall or Disable.


Log: 'System' Date/Time: 02/11/2011 6:54:07 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The MCSTRM service failed to start due to the following error: The system cannot find the file specified.


Right click on Computer and select Manage (Continue) then Services and Applications then Services. See if you can find MCSTRM or anything associated with Real Player. Right click and select Properties then change the Startup Type: to Disabled. Apply.


Log: 'System' Date/Time: 02/11/2011 6:54:07 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The event description cannot be found.


Right click on Computer and select Manage (Continue) then Event Viewer then Windows Logs then System. See if you can find this event. If you click on Level it should sort them by severity so this one should be near the top. Try and copy it and paste it into a reply.

Log: 'System' Date/Time: 02/11/2011 6:53:20 PM
Type: Error Category: 0
Event: 5101 Source: Microsoft Antimalware
Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): ?11/?2/?2011 6:53:20 PM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.


This sometimes happens with Vista. Are you getting a little flag down in the bottom right saying this copy is not valid? If so:
Copy and paste the report produced by the MGADiag tool (download and save to desktop - http://go.microsoft....k/?linkid=52012 )
Once saved, run the tool.
Click on the Continue button, which will produce the report.



For the diskcheck running every time:

Copy the next line:
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /s > \junk.txt

Start, All Programs, Accessories then right click on Command Prompt and Run As Admin.

Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.
Type:
fsutil  dirty  query  c:
(If it says:
Volume - c: is NOT Dirty
then it shouldn't run next time.  If it says it is Dirty then )

CHKNTFS /X C:

You may have a memory problem causing the constant disk checks. Run the memory check that is builtin to Vista:

http://www.howtogeek...iagnostic-tool/

Ron
  • 0

#13
Raven.Drive.mom
Posted 03 November 2011 - 11:13 AM

Raven.Drive.mom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Right click on Computer and select Manage (Continue) then Device Manager then at the top, View, Show Hidden Devices. Look for one called:
07384042
I expect it will have a red mark next to it - might be in the Non-Plug and Play Drivers section. If you find it right click on it and Uninstall or Disable.


I did not see anything that was called 07384042 or any with a red mark next to them. There were a few that had a yellow triangle with an "!" inside but nothing with that number.

Right click on Computer and select Manage (Continue) then Services and Applications then Services. See if you can find MCSTRM or anything associated with Real Player. Right click and select Properties then change the Startup Type: to Disabled. Apply.

I couldn't find MCSTRM or anything associated with Real Player. When I clicked on Services there was no drop down list. Should there be?

Right click on Computer and select Manage (Continue) then Event Viewer then Windows Logs then System. See if you can find this event. If you click on Level it should sort them by severity so this one should be near the top. Try and copy it and paste it into a reply.

Here it is :

Log Name: System
Source: Service Control Manager
Date: 11/2/2011 2:54:07 PM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Eleanor-PC
Description:
The description for Event ID 7023 from source Service Control Manager cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Microsoft Antimalware Service
%%2147949456

The locale specific resource for the desired message is not present

Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-11-02T18:54:07.000Z" />
<EventRecordID>190310</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Eleanor-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Microsoft Antimalware Service</Data>
<Data Name="param2">%%2147949456</Data>
</EventData>
</Event>

The description for Event ID 7023 from source Service Control Manager cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

Event properties:
Log Name: System
Source: Service Control Manager
Date: 11/2/2011 2:54:07 PM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Eleanor-PC
Description:
The description for Event ID 7023 from source Service Control Manager cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Microsoft Antimalware Service
%%2147949456

The locale specific resource for the desired message is not present

Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-11-02T18:54:07.000Z" />
<EventRecordID>190310</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Eleanor-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Microsoft Antimalware Service</Data>
<Data Name="param2">%%2147949456</Data>
</EventData>
</Event>



This sometimes happens with Vista. Are you getting a little flag down in the bottom right saying this copy is not valid? If so:
Copy and paste the report produced by the MGADiag tool (download and save to desktop - http://go.microsoft....k/?linkid=52012 )
Once saved, run the tool.
Click on the Continue button, which will produce the report.

I am not getting a little flag at the bottom right saying this copy is not valid but I ran the MGADiag Tool anyway:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
Windows Product ID: 89578-OEM-7332157-00204
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {E1B42D92-082D-4B19-97ED-1BBBCAFDA418}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista ™ Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.110617-0336
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{E1B42D92-082D-4B19-97ED-1BBBCAFDA418}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-846242405-2255293798-2596077637</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 1420 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A09</Version><SMBIOSVersion major="2" minor="4"/><Date>20080711000000.000000+000</Date></BIOS><HWID>64313507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>M08 </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows™ Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500204-02-1033-6000.0000-0282009
Installation ID: 012314578583437656858294584555862012475152545234834026
Processor Certificate URL: http://go.microsoft....k/?LinkID=43473
Machine Certificate URL: http://go.microsoft....k/?LinkID=43474
Use License URL: http://go.microsoft....k/?LinkID=43476
Product Key Certificate URL: http://go.microsoft....k/?LinkID=43475
Partial Product Key: B9HD2
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: PAAAAAEABgABAAEAAQACAAAAAwABAAEAJJSEdiKfGtPqTSSWUmauf0aD8MDc5vL05vfUI9Ih8ISsViqF

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL M08
FACP DELL M08
HPET DELL M08
BOOT DELL M08
MCFG DELL M08
SLIC DELL M08
SSDT PmRef CpuPm






For the diskcheck running every time:

Copy the next line:
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /s > \junk.txt

Start, All Programs, Accessories then right click on Command Prompt and Run As Admin.

Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.
Type:
fsutil dirty query c:
(If it says:
Volume - c: is NOT Dirty
then it shouldn't run next time. If it says it is Dirty then )

CHKNTFS /X C:



It says it is "NOT Dirty"


You may have a memory problem causing the constant disk checks. Run the memory check that is builtin to Vista:

http://www.howtogeek...iagnostic-tool/

I'll do this next but sending this reply first.

BTW...thanks so much for your help so far !
  • 0

#14
Raven.Drive.mom
Posted 04 November 2011 - 06:53 AM

Raven.Drive.mom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I used the Memory Diagnostic Tool and I have no problems there.
  • 0

#15
RKinner
Posted 04 November 2011 - 11:44 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Did it want to run the disk check when you rebooted after the memory check?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP