Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus?


  • Please log in to reply

#1
clarissagraff

clarissagraff

    Member

  • Member
  • PipPip
  • 41 posts
Think I may have a virus can you help me I will need the first step for you to look at my computer Im running windows xp
OTL logfile created on: 10/26/2011 5:00:08 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 552.80 Mb Available Physical Memory | 54.06% Memory free
2.40 Gb Paging File | 2.05 Gb Available in Paging File | 85.46% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.44 Gb Total Space | 73.77 Gb Free Space | 85.34% Space Free | Partition Type: NTFS
Drive D: | 6.71 Gb Total Space | 3.97 Gb Free Space | 59.19% Space Free | Partition Type: FAT32

Computer Name: YOUR-AD5B808096 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\445592723:1825272037.exe
PRC - [2011/10/26 17:00:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\OTL.exe
PRC - [2011/07/11 17:06:48 | 000,176,128 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/11/05 09:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/11/03 16:03:00 | 000,125,528 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1310422344\EE\AOLHostManager.exe
PRC - [2004/11/03 16:03:00 | 000,110,680 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1310422344\EE\AOLServiceHost.exe
PRC - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/16 07:55:10 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/11/03 16:03:00 | 000,143,360 | ---- | M] () -- C:\Program Files\Common Files\AOL\1310422344\EE\libexpat.dll
MOD - [2004/09/28 03:54:48 | 000,269,824 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/11 17:06:48 | 000,176,128 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


========== Driver Services (SafeList) ==========

DRV - [2011/07/11 17:13:18 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/02/11 03:52:00 | 000,157,056 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/02/02 00:39:20 | 000,970,240 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/17 08:27:00 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/08/30 00:39:00 | 000,190,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/06/28 02:03:42 | 000,276,480 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/06/28 02:02:34 | 000,034,048 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/06/17 02:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 02:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 02:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 08:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Owner.YOUR-AD5B808096\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)



O1 HOSTS File: ([2004/08/10 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1310422344\EE\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE (New Boundary Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC2BACB1-098B-4475-82DD-4E44BFC8B79F}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Owner.YOUR-AD5B808096\Local Settings\Application Data\93348f1a\X) -C:\Documents and Settings\Owner.YOUR-AD5B808096\Local Settings\Application Data\93348f1a\X ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/27 20:20:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 20:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/10/26 16:59:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\OTL.exe
[2011/10/26 16:27:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/26 16:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Application Data\Malwarebytes
[2011/10/26 16:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/25 23:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/10/25 23:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/10/25 22:58:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/10/25 22:56:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Local Settings\Application Data\93348f1a
[2011/10/24 10:00:47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/24 10:00:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/24 10:00:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/10/26 17:00:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\OTL.exe
[2011/10/26 16:47:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/26 16:37:47 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/26 16:37:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\445592723
[2011/10/26 16:37:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/26 16:37:30 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/26 16:35:22 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/26 16:25:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/26 12:34:23 | 000,048,016 | -HS- | M] () -- C:\WINDOWS\System32\c_38803.nl_
[2011/10/11 19:09:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/11 19:07:50 | 000,208,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/11 18:54:50 | 000,442,114 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/11 18:54:50 | 000,071,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/11 18:48:52 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/03 05:06:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/03 05:06:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/03 05:06:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/10/03 05:06:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/10/03 03:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/10/03 02:37:52 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/26 12:34:23 | 000,048,016 | -HS- | C] () -- C:\WINDOWS\System32\c_38803.nl_
[2011/10/25 22:56:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\445592723
[2011/10/24 16:35:28 | 000,233,444 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010005.JPG
[2011/10/24 16:35:17 | 000,234,556 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010004.JPG
[2011/10/24 16:35:06 | 000,233,016 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010003.JPG
[2011/10/24 16:34:51 | 000,262,623 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010002.JPG
[2011/10/24 16:34:42 | 000,232,214 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010001.JPG
[2011/08/19 10:35:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/07/17 13:20:22 | 000,612,216 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/13 18:11:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/11 17:12:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/11 17:11:27 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2011/07/11 17:06:49 | 000,471,298 | ---- | C] () -- C:\WINDOWS\wallpg.exe
[2011/07/11 16:50:37 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2011/07/11 16:30:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/07/11 16:29:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011/07/11 16:29:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011/07/11 16:29:03 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/07/11 16:29:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011/07/11 16:28:52 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011/07/11 16:28:44 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011/07/11 16:23:57 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/07/11 16:15:44 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/07/11 16:15:35 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/07/11 16:15:23 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/07/11 16:05:33 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2011/07/11 16:05:33 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2011/07/11 16:05:32 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2011/07/11 16:05:32 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2011/07/11 16:05:32 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2011/07/11 16:03:15 | 000,073,845 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/10/28 12:47:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/27 21:43:40 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/10/27 20:24:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/27 20:14:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/27 19:53:07 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/27 19:53:07 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/10/27 19:52:06 | 000,442,114 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/27 19:52:06 | 000,071,884 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/27 13:07:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/27 13:06:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\445592723:1825272037.exe

< End of report >


OTL Extras logfile created on: 10/26/2011 5:00:08 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 552.80 Mb Available Physical Memory | 54.06% Memory free
2.40 Gb Paging File | 2.05 Gb Available in Paging File | 85.46% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.44 Gb Total Space | 73.77 Gb Free Space | 85.34% Space Free | Partition Type: NTFS
Drive D: | 6.71 Gb Total Space | 3.97 Gb Free Space | 59.19% Space Free | Partition Type: FAT32

Computer Name: YOUR-AD5B808096 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1310422344\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1310422344\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\dwwin.exe" = C:\WINDOWS\system32\dwwin.exe:*:Enabled:Microsoft Application Error Reporting -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 29
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = TIxx21
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"America Online us" = America Online (Choose which version to remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_0460107B" = SoftV92 Data Fax Modem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"ie8" = Windows Internet Explorer 8
"InstallShield_{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = Texas Instruments PCIxx21/x515 drivers.
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Port Magic" = Pure Networks Port Magic
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/31/2011 8:39:33 PM | Computer Name = YOUR-AD5B808096 | Source = Application Error | ID = 1000
Description = Faulting application yahoom~1.exe, version 11.0.0.2009, faulting module
yahoom~1.exe, version 11.0.0.2009, fault address 0x0023a51d.

Error - 7/31/2011 10:40:27 PM | Computer Name = YOUR-AD5B808096 | Source = Application Error | ID = 1001
Description = Fault bucket -1786667840.

Error - 8/9/2011 5:34:14 PM | Computer Name = YOUR-AD5B808096 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/9/2011 5:34:19 PM | Computer Name = YOUR-AD5B808096 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 8/12/2011 1:15:33 PM | Computer Name = YOUR-AD5B808096 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19120, fault address 0x00067b98.

Error - 8/12/2011 1:15:36 PM | Computer Name = YOUR-AD5B808096 | Source = Application Error | ID = 1001
Description = Fault bucket -1739320241.

Error - 8/19/2011 11:12:47 AM | Computer Name = YOUR-AD5B808096 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module jvm.dll, version 20.1.0.2, fault address 0x0005e5c2.

Error - 8/19/2011 11:15:51 AM | Computer Name = YOUR-AD5B808096 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/19/2011 11:16:06 AM | Computer Name = YOUR-AD5B808096 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

[ System Events ]
Error - 10/26/2011 5:38:00 PM | Computer Name = YOUR-AD5B808096 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/26/2011 5:38:02 PM | Computer Name = YOUR-AD5B808096 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/26/2011 5:38:03 PM | Computer Name = YOUR-AD5B808096 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/26/2011 5:38:03 PM | Computer Name = YOUR-AD5B808096 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/26/2011 5:41:05 PM | Computer Name = YOUR-AD5B808096 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/26/2011 5:41:11 PM | Computer Name = YOUR-AD5B808096 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/26/2011 5:41:23 PM | Computer Name = YOUR-AD5B808096 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/26/2011 5:41:42 PM | Computer Name = YOUR-AD5B808096 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/26/2011 5:51:04 PM | Computer Name = YOUR-AD5B808096 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/26/2011 5:54:09 PM | Computer Name = YOUR-AD5B808096 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >

Edited by clarissagraff, 26 October 2011 - 04:07 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
It's the zero access rootkit. Not hopeless but not easy. Let's see how it goes.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
clarissagraff

clarissagraff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Ok I downloaded combofix I ran the program and it removed the virus so it said and gave me the log file I was able to dl the tskiller via jump drive and run it found 2 threats but it doesnt give me a log when I click on the next fix program in your list it goes to a new window and says blank. What can I do to move on to the next step? I used my jump drive to get you the combo fix log here it is.

ComboFix 11-10-26.08 - Owner 10/26/2011 20:53:23.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.706 [GMT -5:00]
Running from: c:\documents and settings\Owner.YOUR-AD5B808096\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner.YOUR-AD5B808096\Local Settings\Application Data\93348f1a
c:\documents and settings\Owner.YOUR-AD5B808096\Local Settings\Application Data\93348f1a\@
c:\documents and settings\Owner.YOUR-AD5B808096\Local Settings\Application Data\93348f1a\U\[email protected]
c:\documents and settings\Owner.YOUR-AD5B808096\Local Settings\Application Data\93348f1a\U\[email protected]
c:\documents and settings\Owner.YOUR-AD5B808096\Local Settings\Application Data\93348f1a\X
c:\documents and settings\Owner.YOUR-AD5B808096\WINDOWS
c:\windows\$NtUninstallKB58321$\1019673552
c:\windows\$NtUninstallKB58321$\2469695258\@
c:\windows\$NtUninstallKB58321$\2469695258\L\qilnwkjq
c:\windows\$NtUninstallKB58321$\2469695258\loader.tlb
c:\windows\$NtUninstallKB58321$\2469695258\U\@00000001
c:\windows\$NtUninstallKB58321$\2469695258\U\@000000c0
c:\windows\$NtUninstallKB58321$\2469695258\U\@000000cb
c:\windows\$NtUninstallKB58321$\2469695258\U\@000000cf
c:\windows\$NtUninstallKB58321$\2469695258\U\@80000000
c:\windows\$NtUninstallKB58321$\2469695258\U\@800000c0
c:\windows\$NtUninstallKB58321$\2469695258\U\@800000cb
c:\windows\$NtUninstallKB58321$\2469695258\U\@800000cf
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\system32\
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\d3d9caps.dat
D:\Autorun.inf
c:\windows\$NtUninstallKB58321$ . . . . Failed to delete
.
Infected copy of c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP95\A0017176.exe
.
Infected copy of c:\windows\system32\Ati2evxx.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP95\A0017175.exe
.
Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP95\A0017180.exe
.
Infected copy of c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS was found and disinfected
Restored copy from - c:\system volume information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP95\A0017178.SYS
.
Infected copy of c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP95\A0017179.exe
.
Infected copy of c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS was found and disinfected
Restored copy from - c:\system volume information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP95\A0017178.SYS
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_93348f1a
.
.
((((((((((((((((((((((((( Files Created from 2011-09-27 to 2011-10-27 )))))))))))))))))))))))))))))))
.
.
2011-10-26 21:27 . 2011-10-26 21:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-26 21:27 . 2011-10-26 21:27 -------- d-----w- c:\documents and settings\Owner.YOUR-AD5B808096\Application Data\Malwarebytes
2011-10-26 21:27 . 2011-10-26 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-26 17:34 . 2011-10-26 17:34 48016 --sha-w- c:\windows\system32\c_38803.nl_
2011-10-26 05:10 . 2011-10-26 05:10 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2011-10-26 03:58 . 2011-10-26 03:58 -------- d-----w- c:\windows\system32\LogFiles
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-12 00:09 . 2011-07-11 22:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 10:06 . 2011-08-19 15:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 07:37 . 2011-08-19 15:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 16:41 . 2011-07-11 21:15 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2011-07-11 21:15 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2011-07-11 21:04 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2011-07-11 21:30 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2011-07-11 21:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2011-07-11 21:15 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2011-07-11 21:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2011-07-11 21:05 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2011-07-11 21:04 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"HostManager"="c:\program files\Common Files\AOL\1310422344\EE\AOLHostManager.exe" [2004-11-03 125528]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-02 339968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-11 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2011-7-11 729088]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1310422344\\EE\\AOLServiceHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/15/2011 7:05 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/15/2011 7:05 PM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-16 00:04]
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-16 00:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-26 21:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3228)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\COMMON~1\AOL\131042~1\EE\AOLHOS~1.EXE
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\progra~1\COMMON~1\AOL\131042~1\EE\AOLServiceHost.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-10-26 21:28:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-27 02:28
.
Pre-Run: 79,061,639,168 bytes free
Post-Run: 80,048,955,392 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - B34410FADB7ABD55FC5FB687C03B61F2

Edited by clarissagraff, 26 October 2011 - 09:17 PM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Reboot and then run Combofix again.

Then run OTL, quickscan and post its log too.

Ron
  • 0

#5
clarissagraff

clarissagraff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
OTL logfile created on: 10/27/2011 11:00:57 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 608.15 Mb Available Physical Memory | 59.48% Memory free
2.40 Gb Paging File | 2.11 Gb Available in Paging File | 88.01% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.44 Gb Total Space | 74.58 Gb Free Space | 86.27% Space Free | Partition Type: NTFS
Drive D: | 6.71 Gb Total Space | 3.97 Gb Free Space | 59.19% Space Free | Partition Type: FAT32

Computer Name: YOUR-AD5B808096 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/26 17:00:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\OTL.exe
PRC - [2011/07/11 17:06:48 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/11/05 09:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/11/03 16:03:00 | 000,125,528 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1310422344\EE\AOLHostManager.exe
PRC - [2004/11/03 16:03:00 | 000,110,680 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1310422344\EE\AOLServiceHost.exe
PRC - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/16 07:55:10 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/11/03 16:03:00 | 000,143,360 | ---- | M] () -- C:\Program Files\Common Files\AOL\1310422344\EE\libexpat.dll
MOD - [2004/09/28 03:54:48 | 000,269,824 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/11 17:06:48 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/07/11 17:13:18 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/02/11 03:52:00 | 000,157,056 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/02/02 00:39:20 | 000,970,240 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/17 08:27:00 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/08/30 00:39:00 | 000,190,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/06/28 02:03:42 | 000,276,480 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/06/28 02:02:34 | 000,034,048 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/06/17 02:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 02:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 02:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 08:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Owner.YOUR-AD5B808096\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)



O1 HOSTS File: ([2011/10/26 22:43:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1310422344\EE\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE (New Boundary Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC2BACB1-098B-4475-82DD-4E44BFC8B79F}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/27 20:20:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/26 23:41:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/26 22:30:35 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/10/26 20:44:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/26 20:41:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/26 20:41:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/26 20:41:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/26 20:41:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/26 20:41:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/26 20:41:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/26 20:40:19 | 004,271,590 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\ComboFix.exe
[2011/10/26 16:59:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\OTL.exe
[2011/10/26 16:27:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/26 16:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Application Data\Malwarebytes
[2011/10/26 16:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/25 23:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/10/25 23:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/10/25 22:58:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/10/24 10:00:47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/24 10:00:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/24 10:00:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/27 10:25:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/26 22:43:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/26 22:43:33 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/26 22:40:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/26 22:40:10 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/26 22:12:22 | 000,048,016 | -HS- | M] () -- C:\WINDOWS\System32\c_38803.nl_
[2011/10/26 20:44:25 | 000,000,312 | RHS- | M] () -- C:\boot.ini
[2011/10/26 20:40:19 | 004,271,590 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\ComboFix.exe
[2011/10/26 17:00:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\OTL.exe
[2011/10/26 16:35:22 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/11 19:09:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/11 19:07:50 | 000,208,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/11 18:54:50 | 000,442,114 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/11 18:54:50 | 000,071,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/11 18:48:52 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/03 05:06:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/03 05:06:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/03 05:06:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/10/03 05:06:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/10/03 03:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/10/03 02:37:52 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/26 20:44:25 | 000,000,197 | ---- | C] () -- C:\Boot.bak
[2011/10/26 20:44:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/26 20:41:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/26 20:41:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/26 20:41:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/26 20:41:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/26 20:41:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/26 12:34:23 | 000,048,016 | -HS- | C] () -- C:\WINDOWS\System32\c_38803.nl_
[2011/10/24 16:35:28 | 000,233,444 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010005.JPG
[2011/10/24 16:35:17 | 000,234,556 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010004.JPG
[2011/10/24 16:35:06 | 000,233,016 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010003.JPG
[2011/10/24 16:34:51 | 000,262,623 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010002.JPG
[2011/10/24 16:34:42 | 000,232,214 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010001.JPG
[2011/08/19 10:35:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/07/17 13:20:22 | 000,612,216 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/11 17:12:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/11 17:11:27 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2011/07/11 17:06:49 | 000,471,298 | ---- | C] () -- C:\WINDOWS\wallpg.exe
[2011/07/11 16:50:37 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2011/07/11 16:30:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/07/11 16:29:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011/07/11 16:29:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011/07/11 16:29:03 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/07/11 16:29:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011/07/11 16:28:52 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011/07/11 16:28:44 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011/07/11 16:23:57 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/07/11 16:15:44 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/07/11 16:15:35 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/07/11 16:15:23 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/07/11 16:03:15 | 000,073,845 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/10/28 12:47:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/27 21:43:40 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/10/27 20:24:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/27 20:14:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/27 19:53:07 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/27 19:53:07 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/10/27 19:52:06 | 000,442,114 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/27 19:52:06 | 000,071,884 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/27 13:07:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/27 13:06:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Combofix log?

TDSSKiller now has a Report button you need to press to get the log.

Can you get aswMBR to run?

Apparently you have lost Internet connectivity? Was this before or after running Combofix?

Start, Run, cmd, OK to bring up a Command Window. Type with an Enter after each line:

net  start  dhcp  >  \junk.txt
netsh  winsock  show  catalog
ipconfig  /release  >>  \junk.txt
ipconfig  /flushdns  >>  \junk.txt
ipconfig  /renew  >>  \junk.txt 
ipconfig  /all  >>  \junk.txt
ping  127.0.0.1  >>  \junk.txt
nslookup  att.com   >>  \junk.txt  
reg  query  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters  /s  >>  \junk.txt
netsh  winsock  reset  catalog
netsh  int  ip  reset  \reset.log

Reboot after the last one.
Let me know if it starts working.

Please get the C:\junk.txt and C:\reset.log files and attach them to your next post if it doesn't start working after a reboot.

Ron
  • 0

#7
clarissagraff

clarissagraff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
I tlicked on report but it wont let me copy what is there for some reason Also when I click on aswMBR it goes to a blank page do you have a http www link for this? I did lose internet connection after running combofix but I did get it back online and working



ComboFix 11-10-27.05 - Owner 10/27/2011 12:07:34.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.663 [GMT -5:00]
Running from: c:\documents and settings\Owner.YOUR-AD5B808096\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-27 to 2011-10-27 )))))))))))))))))))))))))))))))
.
.
2011-10-27 03:30 . 2011-07-15 13:29 456320 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys
2011-10-27 03:30 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-10-26 21:27 . 2011-10-26 21:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-26 21:27 . 2011-10-26 21:27 -------- d-----w- c:\documents and settings\Owner.YOUR-AD5B808096\Application Data\Malwarebytes
2011-10-26 21:27 . 2011-10-26 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-26 17:34 . 2011-10-27 03:12 48016 --sha-w- c:\windows\system32\c_38803.nl_
2011-10-26 05:10 . 2011-10-26 05:10 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2011-10-26 03:58 . 2011-10-26 03:58 -------- d-----w- c:\windows\system32\LogFiles
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-27 03:11 . 2011-07-11 21:15 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-10-27 03:08 . 2011-07-11 21:05 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-10-27 03:04 . 2011-07-11 21:04 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-12 00:09 . 2011-07-11 22:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 10:06 . 2011-08-19 15:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 07:37 . 2011-08-19 15:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 16:41 . 2011-07-11 21:15 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2011-07-11 21:15 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2011-07-11 21:04 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2011-07-11 21:30 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2011-07-11 21:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2011-07-11 21:15 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2011-07-11 21:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2011-07-11 21:05 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( [email protected]_02.25.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-27 03:40 . 2011-10-27 03:40 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"HostManager"="c:\program files\Common Files\AOL\1310422344\EE\AOLHostManager.exe" [2004-11-03 125528]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-02 339968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-11 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2011-7-11 729088]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1310422344\\EE\\AOLServiceHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/15/2011 7:05 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/15/2011 7:05 PM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-16 00:04]
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-16 00:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-27 12:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3668)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-10-27 12:12:58
ComboFix-quarantined-files.txt 2011-10-27 17:12
ComboFix2.txt 2011-10-27 03:46
ComboFix3.txt 2011-10-27 02:28
.
Pre-Run: 80,000,839,680 bytes free
Post-Run: 80,046,604,288 bytes free
.
- - End Of File - - 38D5EF8085AB19A222B84DDAEF99543D

Edited by clarissagraff, 27 October 2011 - 11:18 AM.

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Glad you are back on line. Combofix log looks good. Did it say at the bottom of the TDSSKiller report that it found anything? You might look at C:\TDSSKiller.txt which is where it is supposed to put the log. Perhaps you can attach the file.

aswmbr should be at:
http://public.avast.com/~gmerek/aswMBR.exe

I just checked the link and it is working.

I think since this is zero access and things still are acting a bit funky we should let it download and do the anti-virus scan and check the IO so just:

Double click the aswMBR.exe to run it
Allow it to download the antivirus files.
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Let's also try ESET:
Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

You no longer seem to have an anti-virus so I recommend you download the free version of Avast.

http://www.avast.com...ivirus-download


Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe

Download and save the free Avast installer.
http://www.avast.com...ivirus-download
Uninstall AVG

Run the Avg Remover

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

I think on XP systems the log file can be found in text form in C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\boot.txt

Stick with Avast for a while and see how you like it. Some people object to the voice notification of updates. To turn it off, click on the Avast ball then on Settings. Then on Sounds and uncheck Automatic Updates OK. (It will still update it just won't tell you about in a loud voice in the middle of the night.)

They have also started using their info popup to try and get you to upgrade so I go into Settings, Popups and change the first two to 1 second.

The registration is good for 12-14 months then you will need to register again. They will, of course, try to talk you into buying the product but you can always register again for another year free.

Ron
  • 0

#9
clarissagraff

clarissagraff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Ok I got the program to scan the fix button was not clickable.
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-27 13:00:09
-----------------------------
13:00:09.062 OS Version: Windows 5.1.2600 Service Pack 3
13:00:09.062 Number of processors: 1 586 0xD08
13:00:09.062 ComputerName: YOUR-AD5B808096 UserName: Owner
13:00:10.000 Initialize success
13:00:28.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
13:00:28.968 Disk 0 Vendor: HTS541010G9AT00 MBZOA60A Size: 95396MB BusType: 3
13:00:31.000 Disk 0 MBR read successfully
13:00:31.000 Disk 0 MBR scan
13:00:31.000 Disk 0 unknown MBR code
13:00:31.000 Disk 0 scanning sectors +195366465
13:00:31.093 Disk 0 scanning C:\WINDOWS\system32\drivers
13:00:37.250 Service scanning
13:00:38.390 Modules scanning
13:00:43.593 Scan finished successfully
13:01:22.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\MBR.dat"
13:01:22.812 The log file has been saved successfully to "C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-27 13:07:38
-----------------------------
13:07:38.515 OS Version: Windows 5.1.2600 Service Pack 3
13:07:38.515 Number of processors: 1 586 0xD08
13:07:38.515 ComputerName: YOUR-AD5B808096 UserName: Owner
13:07:39.359 Initialize success
13:14:23.015 AVAST engine defs: 11102700
13:19:02.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
13:19:02.953 Disk 0 Vendor: HTS541010G9AT00 MBZOA60A Size: 95396MB BusType: 3
13:19:04.968 Disk 0 MBR read successfully
13:19:04.984 Disk 0 MBR scan
13:19:05.015 Disk 0 unknown MBR code
13:19:05.015 Disk 0 scanning sectors +195366465
13:19:05.109 Disk 0 scanning C:\WINDOWS\system32\drivers
13:19:16.984 Service scanning
13:19:18.093 Modules scanning
13:19:23.796 AVAST engine scan C:\WINDOWS
13:19:34.359 AVAST engine scan C:\WINDOWS\system32
13:21:22.218 AVAST engine scan C:\WINDOWS\system32\drivers
13:21:39.281 AVAST engine scan C:\Documents and Settings\Owner.YOUR-AD5B808096
13:23:27.281 AVAST engine scan C:\Documents and Settings\All Users
13:23:36.484 Scan finished successfully
13:24:06.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\MBR.dat"
13:24:06.093 The log file has been saved successfully to "C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\aswMBR.txt"






Found 2 infected files!
-----------------------

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe --> Trojan.Patched.HE
--> Process aoltpspd.exe (1872)

C:\WINDOWS\system32\c_38803.nl_ --> Gen:[email protected]



Processes
---------
AOL Service Libraries 2300 C:\Program Files\Common Files\AOL\1310422344\EE\AOLHostManager.exe
AOL Service Libraries 2452 C:\PROGRA~1\COMMON~1\AOL\131042~1\EE\AOLServiceHost.exe
AOL TopSpeed™ 1872 C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
AOL TopSpeed™ Monitor 1832 C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
ATI Desktop Component 1492 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
ATI External Event Utility for WindowsN 880 C:\WINDOWS\system32\Ati2evxx.exe
ATI External Event Utility for WindowsN 1356 C:\WINDOWS\system32\Ati2evxx.exe
Java™ Platform SE 6 U29 1992 C:\Program Files\Java\jre6\bin\jqs.exe
Java™ Platform SE Auto Updater 2 0 244 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System 604 C:\WINDOWS\ehome\ehmsas.exe
Microsoft® Windows® Operating System 1860 C:\WINDOWS\ehome\ehRecvr.exe
Microsoft® Windows® Operating System 1884 C:\WINDOWS\ehome\ehSched.exe
Microsoft® Windows® Operating System 372 C:\WINDOWS\ehome\ehtray.exe
Microsoft® Windows® Operating System 1412 C:\WINDOWS\system32\spoolsv.exe
Microsoft® Windows® Operating System 1924 C:\WINDOWS\system32\wscntfy.exe
PowerDVD 1236 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PrismXL Software Family 220 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
QuickTime 1480 C:\Program Files\QuickTime\qttask.exe
Synaptics Pointing Device Driver 464 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Synaptics Pointing Device Driver 2028 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Yahoo! Messenger 3536 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
Yahoo! Messenger 3792 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
(verified) GoogleToolbarNotifier 1712 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Microsoft® Windows® Operating System 3668 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 1556 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 636 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 3612 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 1280 C:\WINDOWS\system32\dllhost.exe
(verified) Microsoft® Windows® Operating System 728 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 716 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 568 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1800 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1124 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1072 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1024 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 988 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 892 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1928 C:\WINDOWS\system32\wbem\wmiprvse.exe
(verified) Microsoft® Windows® Operating System 668 C:\WINDOWS\system32\winlogon.exe
(verified) Windows® Internet Explorer 2112 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3632 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3084 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Yahoo! AutoUpdater 268 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


Network activity
----------------
Process iexplore.exe (2112) connected on port 80 (HTTP) --> 74.125.227.32
Process iexplore.exe (2112) connected on port 80 (HTTP) --> 66.235.142.3
Process iexplore.exe (2112) connected on port 80 (HTTP) --> 91.199.104.31
Process YahooMessenger.exe (3536) connected on port 5050 (Yahoo Messenger) --> 98.136.48.113
Process YahooMessenger.exe (3536) connected on port 5050 (Yahoo Messenger) --> 98.137.130.20

Process svchost.exe (988) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
AOL Service Libraries C:\Program Files\Common Files\AOL\1310422344\EE\AOLHostManager.exe
ATI Desktop Component C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
ATI External Event Utility for NT, W2K C:\WINDOWS\system32\Ati2evxx.dll
Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System C:\WINDOWS\ehome\ehtray.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
PowerDVD C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PrismXL Software Family C:\Program Files\SIFXINST\SIFXINST.EXE
QuickTime C:\Program Files\QuickTime\qttask.exe
Recguard Application C:\WINDOWS\SMINST\RECGUARD.EXE
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Yahoo! Messenger C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelper Library C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
BrowserPlus (from Yahoo!) v2.9.8 C:\Documents and Settings\Owner.YOUR-AD5B808096\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
Google Toolbar for Internet Explorer C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
Google Update C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
Java™ Platform SE 6 U29 C:\Program Files\Java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U29 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Java™ Platform SE 6 U29 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll
Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
Yahoo! Single Instance for Mail c:\program files\yahoo!\companion\installs\cpn0\ytsingleinstance.dll
Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn0\yt.dll
Yahoo! Toolbar Nav Assistant plugin c:\program files\yahoo!\companion\installs\cpn0\ytnavassist.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


Scan
----
MD5: 77f7d9c09162e73977d47e74e96a0e5f C:\Documents and Settings\Owner.YOUR-AD5B808096\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
MD5: 42729c3de75a7a51fc6f9ef6546c9199 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
MD5: f38b870f0c35450431b6bd48ffb46cae C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll
MD5: 2b01897f38e1c19e033fdfa2c89c9cfb C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll
MD5: f259dcc4854d80040c8ab649f5993665 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MD5: 67e0ec222715ef777d19e58bf9670875 C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.ENU
MD5: 2e6ed35c3e2374bc63c8b91b90da72e2 C:\Program Files\Common Files\AOL\1310422344\EE\AOLHostManager.exe
MD5: c2208152de85f44a73abb6bb5866b314 C:\Program Files\Common Files\AOL\1310422344\EE\AOLServiceHost.exe
MD5: 569c2a7b0243c62417403886f93f553d C:\Program Files\Common Files\AOL\1310422344\EE\AOLSvcMgr.DLL
MD5: c2a8b2f9bf44c4c1fa11229861f71dda C:\Program Files\Common Files\AOL\1310422344\EE\libexpat.dll
MD5: b18fef0c13fd1273b416e138a972c92f C:\Program Files\Common Files\AOL\1310422344\EE\services\aolsystrayservice\ver_0_9_2\AOLSysTrayService.dll
MD5: dc2ce3e78a2d6eca5ccf2c03c2c253f1 C:\Program Files\Common Files\AOL\1310422344\EE\Xprt3.dll
MD5: 7677a3308556551125b5efffff072718 C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
MD5: 97dac9eb5f6250dce030dd5812fa4985 C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.dll
MD5: 7fb54900aa9792ab6307c699ec1859d4 C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
MD5: 3c17939d4369a01cb25040186c38fa88 C:\Program Files\Common Files\AOL\TopSpeed\2.0\velocity.dll
MD5: 6e3245df783e58375b3465f03274743e C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: fb4c7b747d17882f8c5e3644cf07012f C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
MD5: 33d7285f12d934268a34206dfc4ad1b3 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
MD5: 535203dea5820f3b5f3faace0d51252c C:\Program Files\CyberLink\PowerDVD\CLRCEngine2.dll
MD5: 8fb740d758b14b1bc950cc347c21e461 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
MD5: c3ae580c6383e40e738d2f9ecbdc6ec0 C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_180E402F04DFD0EC.dll
MD5: e0929d3026599b26c0c2478b5e0e5329 C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll
MD5: c097df5cd7dcb95e0d95644a993ac7ec C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
MD5: 872e0242259f0cdda05354dd1a5f3b89 C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\gtn.dll
MD5: a953e104137df406b70477d60bc29008 C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
MD5: 8c2044169be2224c8a7cb8e81e7581af C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
MD5: 8eb0a2a9040cf4b66690fc80ca355902 C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 865250e2742e49c02b0c4307ab042478 C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 1115eea4ae0da72e416b210adba424a2 C:\Program Files\Internet Explorer\xpshims.dll
MD5: dc365b6e595683f67bc21a203432e336 C:\Program Files\Java\jre6\bin\jp2ssv.dll
MD5: 381b25dc8e958d905b33130d500bbf29 C:\Program Files\Java\jre6\bin\jqs.exe
MD5: 1e96525ae85d402f9f8047f8caef5f06 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: e3a7850421a4ab8b15fc174eb587bc6b C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: c341ccfbe98bc7df6e0b856bb9fc265a C:\Program Files\QuickTime\qttask.exe
MD5: f114b3381d680d5dd79cc60cf356a9fd C:\Program Files\SIFXINST\SIFXINST.EXE
MD5: 55582f239914c8efccf89bd632639542 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MD5: 3665ba88b993554db062ff96542d85ff C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
MD5: bcdff548f7d31a2bcf1cf98da7eb5445 C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
MD5: 28698e66b0bb6cfa6b683da68592610e c:\program files\yahoo!\companion\installs\cpn0\yt.dll
MD5: 59ec3ecd89447fb97d0d4128f4aab2be c:\program files\yahoo!\companion\installs\cpn0\ytnavassist.dll
MD5: 10468e3ea0986dafb61522beefab769a c:\program files\yahoo!\companion\installs\cpn0\ytsingleinstance.dll
MD5: 815739e9e3906faad078c19e9bd4dc84 C:\Program Files\Yahoo!\Messenger\ConnectionWizard.dll
MD5: 8231594704c69703d7fcb8bbdc3167c9 C:\Program Files\Yahoo!\Messenger\core_video.dll
MD5: 30e82bafbebefa09077c7166f437bcf6 C:\Program Files\Yahoo!\Messenger\ft60.dll
MD5: 11953c9cbc6e076bbfc3eacd5b55e5e3 C:\Program Files\Yahoo!\Messenger\nspr4.dll
MD5: 8750d98ec560d1484e535b2ab82006de C:\Program Files\Yahoo!\Messenger\pcre.dll
MD5: a4da095e3aaca69f0c3ffa5e72dbf578 C:\Program Files\Yahoo!\Messenger\resources\en-US\res_msgr.dll
MD5: 8003e1c4b505ad4392a704e8f7718b7c C:\Program Files\Yahoo!\Messenger\RGX.dll
MD5: 71ca6ec345a4729ac793c36c6ab20da1 C:\Program Files\Yahoo!\Messenger\rmc_audio.dll
MD5: f9077a93e10e9014d24b0303dfe08785 C:\Program Files\Yahoo!\Messenger\rmc_video.dll
MD5: e81897476aa9ec53dd7b5fd9980fff78 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
MD5: 8920410dcbc4bdea9ecbe235c28e5461 C:\Program Files\Yahoo!\Messenger\YAlertCenterM.DLL
MD5: 7f11c07d3a4b17c44274bbdf73fff8b3 C:\Program Files\Yahoo!\Messenger\YCPFoundation.dll
MD5: 45837d69eb37cdef3781bfb56ab0ea41 C:\Program Files\Yahoo!\Messenger\YCPSSL.dll
MD5: b7b8d7adce609fa11762ef26f7eb033f C:\Program Files\Yahoo!\Messenger\YHTTP.dll
MD5: f803cfa80c9aead109dcdc101d34550c C:\Program Files\Yahoo!\Messenger\YImage.dll
MD5: e19958e2c1c4d2fd544a20e3fc3cb7fd C:\Program Files\Yahoo!\Messenger\YIniDom.dll
MD5: bc1c38adfcb5c0375d0d764adb46d5bc C:\Program Files\Yahoo!\Messenger\ylog.dll
MD5: 33c5343043a3f4da4c0494967661ea0e C:\Program Files\Yahoo!\Messenger\ymdm_audio.dll
MD5: c34791243d381b10da18517c16aafadb C:\Program Files\Yahoo!\Messenger\ymdm_video.dll
MD5: 088b68fa555bdea109806ffa13934dab C:\Program Files\Yahoo!\Messenger\YML.dll
MD5: 2c797c1bafff1dcfe2ff6c0776b4157e C:\Program Files\Yahoo!\Messenger\ymsdk.dll
MD5: 677f37bf2f7eba77953c9716f03e8e54 C:\Program Files\Yahoo!\Messenger\YMSGLite.dll
MD5: 2fd67775789787a90f6a6c081649c450 C:\Program Files\Yahoo!\Messenger\ypagerps.dll
MD5: 3ba4f9046621ae51cb757dd3347a6da0 C:\Program Files\Yahoo!\Messenger\YPluginRegistry.dll
MD5: e57ea08885b6d71ace96aa6c24f8eb62 C:\Program Files\Yahoo!\Messenger\yui.dll
MD5: fbcc7d584c4c0e1b2666e9c4d2233dd8 C:\Program Files\Yahoo!\Shared\npYState.dll
MD5: c2208152de85f44a73abb6bb5866b314 C:\PROGRA~1\COMMON~1\AOL\131042~1\EE\AOLServiceHost.exe
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 823451876778f382b23afe20ef2ddc20 C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: 04f893509c03c84f717a83189ed51336 C:\WINDOWS\ehome\ehmsas.exe
MD5: 326a73f82bcec1d01f8d25c69c297245 C:\WINDOWS\eHome\ehProxy.dll
MD5: 63f371f0248e3732a4821f86e6d0e370 C:\WINDOWS\ehome\ehRecvr.exe
MD5: 16910f8b482919bb6035ed053b691692 C:\WINDOWS\ehome\ehSched.exe
MD5: f90137a9897071ede961a5aba4ea524f C:\WINDOWS\ehome\ehtray.exe
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: d3cc7a3813123e955b3a497c04b404e2 C:\WINDOWS\SMINST\RECGUARD.EXE
MD5: 6a19fd2f527b2862ac58acb93a2c9d39 C:\WINDOWS\system32\Ati2edxx.dll
MD5: 8c7561bcd00955464b1bc96108e93546 C:\WINDOWS\system32\Ati2evxx.dll
MD5: d80eb0b6a201b6680a5fc627963781f6 C:\WINDOWS\system32\Ati2evxx.exe
MD5: abe74ef975b3aaf8d42a5b4758b37034 C:\WINDOWS\system32\c_38803.nl_
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: f5430b03e141e098c78d5db46b00f8fc C:\WINDOWS\system32\confmsp.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: be369da2dda97258303abf1b36b40fa4 C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll
MD5: 2a9e427681169f02274ad8c17d52fa2d C:\WINDOWS\system32\CSRSRV.dll
MD5: 0607cbc6fa20114cb491efe4b2f9efad C:\WINDOWS\system32\d3d9.dll
MD5: 79e4ec1d4b6b9a80543b13958ac773d0 C:\WINDOWS\system32\D3DIM.DLL
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: aa0507f0516a4dff1b1279ab4a2abb37 C:\WINDOWS\system32\DINPUT8.dll
MD5: 78e862846112347eee8214b649ae563f C:\WINDOWS\system32\dispex.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys
MD5: e42f83f1e85cf0b9f9873851543dcd9d C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
MD5: 2dc524a5d9c4879e7a7cb7100a2d36b4 C:\WINDOWS\system32\DRIVERS\b57xp32.sys
MD5: de801bbc3ec95aec556947cf6b1b6e1c C:\WINDOWS\system32\drivers\camcaud.sys
MD5: cb9eda5216b6218e0a377813a767bf7e C:\WINDOWS\system32\drivers\camchal.sys
MD5: 2dc7c0b6175a0a8ed84a4f70199c93b5 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
MD5: b2dfc168d6f7512faea085253c5a37ad C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
MD5: 140ba850417896b6b3322048de280368 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
MD5: 3c318b9cd391371bed62126581ee9961 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
MD5: 7f2f1d2815a6449d346fcccbc569fbd6 C:\WINDOWS\system32\DRIVERS\mhndrv.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
MD5: e1cdf20697d992cf83ff86dd04df1285 C:\WINDOWS\system32\DRIVERS\mxnic.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys
MD5: c90018bafdc7098619a4a95b046b30f3 C:\WINDOWS\system32\DRIVERS\p3.sys
MD5: 40f2031bd9148d3194353ea7dec97a07 C:\WINDOWS\System32\Drivers\PxHelp20.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: eb363ddfbe8b6d51003ccab29d93d744 C:\WINDOWS\system32\DRIVERS\SynTP.sys
MD5: 8778a553003a3d37a550a1f9cff6be28 C:\WINDOWS\system32\drivers\tifm21.sys
MD5: c89da341fcc883a3d79dc11727484fc2 C:\WINDOWS\system32\DRIVERS\w29n51.sys
MD5: 0a716c08cb13c3a8f4f51e882dbf7416 C:\WINDOWS\system32\DRIVERS\wanatw4.sys
MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll
MD5: ce8c3bc1377b83dbcd7304ab2d0a4735 C:\WINDOWS\system32\h323msp.dll
MD5: 0217cd51d55ca3e693a682664d3de2bf C:\WINDOWS\system32\IEFRAME.dll
MD5: aaf56985933f7d3e953e1b994d22e4f4 C:\WINDOWS\system32\iepeers.dll
MD5: 7cfdeb1560eacad6006d653ec55d12d0 C:\WINDOWS\system32\iertutil.dll
MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: bd007d624e4cd905ab2e8df2c6de891c C:\WINDOWS\system32\Macromed\Flash\Flash11c.ocx
MD5: b7521f69c0a9b29d356157229376fb21 C:\WINDOWS\System32\mhn.dll
MD5: 9e0d70607f833470963672d170bc035d C:\WINDOWS\system32\msfeeds.dll
MD5: 4963cb503600fc3bcbdbfba51fba1fac C:\WINDOWS\system32\mshtml.dll
MD5: d3f72d50de53f9f1f55240115af4d42e c:\windows\system32\msi.dll
MD5: 6eaa72fd9ef993ec1fa9a06de65105da C:\WINDOWS\system32\mspmsnsv.dll
MD5: 29bd913d8fd1feb6728dc9b43b55c1d2 C:\WINDOWS\system32\MSRATING.dll
MD5: c2e173c85478c09acb1084b015e5cba7 C:\WINDOWS\system32\msvidctl.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll
MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\OLEACC.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 766d9646911a6435b1d7a2df6fa1653d C:\WINDOWS\system32\sbe.dll
MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll
MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\system32\SECURITY.DLL
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\shdocvw.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 07e1f1997d717a4b1c85ba524bcb664a C:\WINDOWS\system32\SynCOM.dll
MD5: 434937e43cf87066f73724a0d3122824 C:\WINDOWS\system32\SynTPAPI.dll
MD5: 63bc0c63325234379fa86cd14b237017 C:\WINDOWS\system32\SynTPFcs.dll
MD5: 3f8411328e808a8794a41da9acb22dd9 C:\WINDOWS\system32\tapi3.dll
MD5: 8edd9dcd5196b6c54a622e9549f667b8 C:\WINDOWS\system32\termmgr.dll
MD5: 17e0cf9c8cbb717d05948656bcd86efa C:\WINDOWS\system32\txflog.dll
MD5: 31b6e9e116a3d6f8eb13202c9b5db403 C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: 31cf51dcda1424b813cc97b20f71b431 C:\WINDOWS\system32\vbscript.dll
MD5: e837fdbb92e9873e538395b623f45462 C:\WINDOWS\system32\wbem\cimwin32.dll
MD5: 4306fa2f1099d7c606139255fdb62b19 C:\WINDOWS\system32\wbem\framedyn.dll
MD5: c81b8635dee0d3ef5f64b3dd643023a5 C:\WINDOWS\system32\wdfmgr.exe
MD5: 1a377838b4b468e37c3eeb5baa24f925 C:\WINDOWS\system32\WININET.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 95cf3446911a6e25ee4086df8a45b2aa C:\WINDOWS\system32\winsrv.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe
MD5: bea4aee74fef171eb61de1bad8faf427 C:\WINDOWS\system32\XmlLite.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: 8d25a3bf9d0005d264f105414ae2cde6 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCP80.dll
MD5: 0ef2917efd6d96e4c9cf121738cf5409 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll

The following file(s) must be uploaded for server-side scanning:
C:\WINDOWS\system32\c_38803.nl_

Upload started - 1 file(s)
c_38803.nl_ (48016)
Upload speed - 6 KB/s
Upload finished - 1 uploaded, 0 failed

Scan finished - communication took 9 sec
Total traffic - 0.06 MB sent, 0.79 KB recvd
Scanned 616 files and modules - 33 seconds

==============================================================================



C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe Win32/Patched.HN trojan cleaned - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Owner.YOUR-AD5B808096\Local Settings\Application Data\93348f1a\X.vir Win32/Sirefef.DD trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe.vir Win32/Patched.HN trojan cleaned - quarantined
C:\Qoobox\Quarantine\C\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS.vir Win32/Patched.HN trojan cleaned - quarantined
C:\Qoobox\Quarantine\C\Program Files\Java\jre6\bin\jqs.exe.vir Win32/Patched.HN trojan cleaned - quarantined
C:\Qoobox\Quarantine\C\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe.vir Win32/Patched.HN trojan cleaned - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Ati2evxx.exe.vir Win32/Patched.HN trojan cleaned - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mrxsmb.sys.vir a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP96\A0017574.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP96\A0017580.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP96\A0017581.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP96\A0017651.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP96\A0017654.exe Win32/Patched.HN trojan cleaned - quarantined
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP96\A0017655.exe Win32/Patched.HN trojan cleaned - quarantined
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP96\A0017656.exe Win32/Patched.HN trojan cleaned - quarantined
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP96\A0017657.SYS Win32/Patched.HN trojan cleaned - quarantined
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP96\A0017658.exe Win32/Patched.HN trojan cleaned - quarantined
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP96\A0017753.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP96\A0017786.exe Win32/Patched.HN trojan cleaned - quarantined
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP96\A0017787.exe Win32/Patched.HN trojan cleaned - quarantined
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP96\A0017788.exe Win32/Patched.HN trojan cleaned - quarantined
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP96\A0017789.SYS Win32/Patched.HN trojan cleaned - quarantined
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP96\A0017790.exe Win32/Patched.HN trojan cleaned - quarantined
C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP96\A0018030.exe Win32/Patched.HN trojan cleaned - quarantined


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8031

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/27/2011 3:30:11 PM
mbam-log-2011-10-27 (15-30-11).txt

Scan type: Quick scan
Objects scanned: 176117
Time elapsed: 11 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by clarissagraff, 27 October 2011 - 02:32 PM.

  • 0

#10
clarissagraff

clarissagraff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Im still thinking this isnt fixed computer is slow and when I first go on to internet explorer it goes to a blank page. I went into internet options and placed a website as a home page and save it then exit the internet then when I go back on to internet explorer it reverts right back to a blank page.
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Open IE. Tools, Internet Options then Advanced. At the bottom should be a reset option.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

Run OTL

select the All option in the Services, Drivers, Standard and Extra Registry groups then Run Scan.

You should get two logs. Please copy and paste both of them. The OTL may be rather large so you can attach it.

Ron
  • 0

#12
clarissagraff

clarissagraff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 30/10/2011 2:26:05 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/10/2011 12:41:05 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/10/2011 2:24:16 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Vino's Event Viewer v01c run on Windows XP in English
Report run at 30/10/2011 2:28:19 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Process PID CPU Private Bytes Working Set Description Company Name
alg.exe 3512 1,596 K 4,252 K Application Layer Gateway Service Microsoft Corporation
AOLHostManager.exe 2112 1,432 K 3,020 K AOLHostManager Service America Online, Inc.
AOLServiceHost.exe 2376 1,664 K 3,576 K AOLServiceHost Service America Online, Inc.
aoltsmon.exe 2200 1,016 K 2,692 K AOL TopSpeed™ Monitor America Online, Inc
Ati2evxx.exe 1320 568 K 2,376 K ATI External Event Utility EXE Module ATI Technologies Inc.
Ati2evxx.exe 1016 980 K 3,144 K ATI External Event Utility EXE Module ATI Technologies Inc.
atiptaxx.exe 2060 3,276 K 5,188 K ATI Desktop Control Panel ATI Technologies, Inc.
bdagent.exe 2316 17,048 K 1,356 K Bitdefender Agent Bitdefender
csrss.exe 1032 1,708 K 4,024 K Client Server Runtime Process Microsoft Corporation
ctfmon.exe 2728 1,412 K 4,540 K CTF Loader Microsoft Corporation
dllhost.exe 2264 3,336 K 7,612 K COM Surrogate Microsoft Corporation
ehmsas.exe 2128 1,092 K 4,404 K Media Center Media Status Aggregator Service Microsoft Corporation
ehRecvr.exe 2368 2,788 K 5,060 K Media Center Receiver Service Microsoft Corporation
ehSched.exe 2436 1,924 K 6,480 K Media Center Scheduler Service Microsoft Corporation
ehtray.exe 1252 2,676 K 1,624 K Media Center Tray Applet Microsoft Corporation
explorer.exe 1804 14,660 K 24,060 K Windows Explorer Microsoft Corporation
GoogleToolbarNotifier.exe 2704 4,084 K 728 K GoogleToolbarNotifier Google Inc.
iexplore.exe 4008 9,196 K 11,000 K Internet Explorer Microsoft Corporation
iexplore.exe 1416 79,408 K 93,792 K Internet Explorer Microsoft Corporation
jqs.exe 2612 2,576 K 1,456 K Java™ Quick Starter Service Sun Microsystems, Inc.
jusched.exe 2076 1,196 K 3,564 K Java™ Update Scheduler Sun Microsystems, Inc.
lsass.exe 1124 3,972 K 1,728 K LSA Shell (Export Version) Microsoft Corporation
pchooklaunch32.exe 2632 2,012 K 4,220 K Bitdefender
PDVDServ.exe 1596 1,228 K 3,864 K PowerDVD RC Service Cyberlink Corp.
PRISMXL.SYS 2976 796 K 2,412 K PrismXL Service New Boundary Technologies, Inc.
services.exe 1112 1,796 K 3,600 K Services and Controller app Microsoft Corporation
smss.exe 980 172 K 432 K Windows NT Session Manager Microsoft Corporation
spoolsv.exe 696 3,292 K 5,156 K Spooler SubSystem App Microsoft Corporation
svchost.exe 1336 3,192 K 5,480 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1444 1,908 K 4,688 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1500 22,580 K 35,164 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1576 1,788 K 4,108 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1716 5,308 K 7,108 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 876 1,776 K 4,580 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1464 1,940 K 4,100 K Generic Host Process for Win32 Services Microsoft Corporation
SynTPEnh.exe 1644 2,084 K 6,184 K Synaptics TouchPad Enhancements Synaptics, Inc.
SynTPLpr.exe 1624 1,236 K 3,360 K TouchPad Driver Helper Application Synaptics, Inc.
System 4 0 K 256 K
updatesrv.exe 3068 3,996 K 7,796 K Bitdefender Update Service Bitdefender
vsserv.exe 1276 145,708 K 3,276 K Bitdefender Security Service Bitdefender
winlogon.exe 1064 7,752 K 6,296 K Windows NT Logon Application Microsoft Corporation
wmiprvse.exe 3604 2,828 K 5,640 K WMI Microsoft Corporation
YahooAUService.exe 3812 5,128 K 8,000 K AutoUpater Service Module Yahoo! Inc.
Ymsgr_tray.exe 660 19,784 K 6,516 K Yahoo! Messenger Tray Yahoo! Inc.
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
procexp.exe 396 3.13 11,192 K 10,492 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
System Idle Process 0 96.88 0 K 28 K



Summary
Operating System
MS Windows XP Media Center Edition Professional 32-bit SP3
CPU
Intel Pentium M 750
Dothan 90nm Technology
RAM
1.00 GB Dual-Channel DDR2 @ 266MHz (4-4-4-11)
Motherboard
Gateway 49 °C
Graphics
Default Monitor ([email protected])
64MB ATI MOBILITY RADEON X700 (Gateway 2000)
Hard Drives
98GB Hitachi HTS541010G9AT00 (PATA) 33 °C
Optical Drives
QSI DVD+-RW SDW-082
Audio
Conexant AC-Link Audio
Operating System
MS Windows XP Media Center Edition Professional 32-bit SP3
Installation Date: 11 July 2011, 18:17
Serial Number:
Windows Security Center
Windows Update
AutoUpdate Download Automatically and Install at Set Scheduled time
Schedule Frequency Every day
Schedule Time 3 am
Firewall
Firewall Enabled
Company Name Bitdefender
Display Name Bitdefender Firewall
Product Version 15.0.33.1409
Antivirus
Antivirus Enabled
Company Name Bitdefender
Display Name Bitdefender Antivirus
Product Version 15.0.33.1409
Environment Variables
USERPROFILE C:\Documents and Settings\Owner.YOUR-AD5B808096
SystemRoot C:\WINDOWS
User Variables
TEMP C:\Documents and Settings\Owner.YOUR-AD5B808096\Local Settings\Temp
TMP C:\Documents and Settings\Owner.YOUR-AD5B808096\Local Settings\Temp
Machine Variables
ComSpec C:\WINDOWS\system32\cmd.exe
Path
C:\WINDOWS\system32
C:\WINDOWS
C:\WINDOWS\system32\wbem
C:\Program Files\ATI Technologies\ATI Control Panel
C:\WINDOWS\system32\WindowsPowerShell\v1.0
windir C:\WINDOWS
FP_NO_HOST_CHECK NO
OS Windows_NT
PROCESSOR_ARCHITECTURE x86
PROCESSOR_LEVEL 6
PROCESSOR_IDENTIFIER x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_REVISION 0d08
NUMBER_OF_PROCESSORS 1
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
TEMP C:\WINDOWS\TEMP
TMP C:\WINDOWS\TEMP
Process List
alg.exe
Process ID 3512
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\System32\alg.exe
Memory Usage 4.15 MB
Peak Memory Usage 4.16 MB
aolhostmanager.exe
Process ID 2112
User Owner
Domain YOUR-AD5B808096
Path C:\PROGRA~1\COMMON~1\AOL\131042~1\EE\AOLHOS~1.EXE
Memory Usage 2.95 MB
Peak Memory Usage 3.98 MB
aolservicehost.exe
Process ID 2376
User Owner
Domain YOUR-AD5B808096
Path C:\PROGRA~1\COMMON~1\AOL\131042~1\EE\AOLServiceHost.exe
Memory Usage 3.49 MB
Peak Memory Usage 3.94 MB
aoltsmon.exe
Process ID 2200
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
Memory Usage 2.63 MB
Peak Memory Usage 2.63 MB
ati2evxx.exe
Process ID 1320
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\Ati2evxx.exe
Memory Usage 2.32 MB
Peak Memory Usage 2.32 MB
ati2evxx.exe
Process ID 1016
User Owner
Domain YOUR-AD5B808096
Path C:\WINDOWS\system32\Ati2evxx.exe
Memory Usage 3.07 MB
Peak Memory Usage 3.14 MB
atiptaxx.exe
Process ID 2060
User Owner
Domain YOUR-AD5B808096
Path C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Memory Usage 5.07 MB
Peak Memory Usage 5.07 MB
bdagent.exe
Process ID 2316
User Owner
Domain YOUR-AD5B808096
Path C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
Memory Usage 1.41 MB
Peak Memory Usage 19 MB
csrss.exe
Process ID 1032
User SYSTEM
Domain NT AUTHORITY
Path \??\C:\WINDOWS\system32\csrss.exe
Memory Usage 4.01 MB
Peak Memory Usage 4.13 MB
ctfmon.exe
Process ID 2728
User Owner
Domain YOUR-AD5B808096
Path C:\WINDOWS\system32\ctfmon.exe
Memory Usage 4.52 MB
Peak Memory Usage 4.53 MB
dllhost.exe
Process ID 2264
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\dllhost.exe
Memory Usage 7.43 MB
Peak Memory Usage 7.43 MB
ehmsas.exe
Process ID 2128
User Owner
Domain YOUR-AD5B808096
Path C:\WINDOWS\eHome\ehmsas.exe
Memory Usage 4.30 MB
Peak Memory Usage 4.31 MB
ehrecvr.exe
Process ID 2368
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\eHome\ehRecvr.exe
Memory Usage 4.94 MB
Peak Memory Usage 4.95 MB
ehsched.exe
Process ID 2436
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\eHome\ehSched.exe
Memory Usage 6.33 MB
Peak Memory Usage 6.41 MB
ehtray.exe
Process ID 1252
User Owner
Domain YOUR-AD5B808096
Path C:\WINDOWS\ehome\ehtray.exe
Memory Usage 1.59 MB
Peak Memory Usage 5.31 MB
explorer.exe
Process ID 1804
User Owner
Domain YOUR-AD5B808096
Path C:\WINDOWS\Explorer.EXE
Memory Usage 24 MB
Peak Memory Usage 24 MB
googletoolbarnotifier.exe
Process ID 2704
User Owner
Domain YOUR-AD5B808096
Path C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Memory Usage 2.11 MB
Peak Memory Usage 7.65 MB
iexplore.exe
Process ID 4008
User Owner
Domain YOUR-AD5B808096
Path C:\Program Files\Internet Explorer\iexplore.exe
Memory Usage 14 MB
Peak Memory Usage 21 MB
iexplore.exe
Process ID 1416
User Owner
Domain YOUR-AD5B808096
Path C:\Program Files\Internet Explorer\iexplore.exe
Memory Usage 100 MB
Peak Memory Usage 122 MB
iexplore.exe
Process ID 2524
User Owner
Domain YOUR-AD5B808096
Path C:\Program Files\Internet Explorer\iexplore.exe
Memory Usage 68 MB
Peak Memory Usage 74 MB
jqs.exe
Process ID 2612
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Java\jre6\bin\jqs.exe
Memory Usage 1.41 MB
Peak Memory Usage 17 MB
jusched.exe
Process ID 2076
User Owner
Domain YOUR-AD5B808096
Path C:\Program Files\Common Files\Java\Java Update\jusched.exe
Memory Usage 3.48 MB
Peak Memory Usage 3.48 MB
lsass.exe
Process ID 1124
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\lsass.exe
Memory Usage 2.45 MB
Peak Memory Usage 6.48 MB
pchooklaunch32.exe
Process ID 2632
User Owner
Domain YOUR-AD5B808096
Path C:\Program Files\Bitdefender\Bitdefender 2012\pchooklaunch32.exe
Memory Usage 4.12 MB
Peak Memory Usage 4.12 MB
pdvdserv.exe
Process ID 1596
User Owner
Domain YOUR-AD5B808096
Path C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
Memory Usage 3.77 MB
Peak Memory Usage 3.78 MB
prismxl.sys
Process ID 2976
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
Memory Usage 2.36 MB
Peak Memory Usage 2.36 MB
services.exe
Process ID 1112
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\services.exe
Memory Usage 3.52 MB
Peak Memory Usage 3.68 MB
smss.exe
Process ID 980
User SYSTEM
Domain NT AUTHORITY
Path \SystemRoot\System32\smss.exe
Memory Usage 432 KB
Peak Memory Usage 524 KB
speccy.exe
Process ID 692
User Owner
Domain YOUR-AD5B808096
Path C:\Program Files\Speccy\Speccy.exe
Memory Usage 13 MB
Peak Memory Usage 16 MB
spoolsv.exe
Process ID 696
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\spoolsv.exe
Memory Usage 5.04 MB
Peak Memory Usage 6.03 MB
svchost.exe
Process ID 1464
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 4.00 MB
Peak Memory Usage 4.01 MB
svchost.exe
Process ID 1576
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 3.95 MB
Peak Memory Usage 4.42 MB
svchost.exe
Process ID 1336
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 5.35 MB
Peak Memory Usage 5.43 MB
svchost.exe
Process ID 1444
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 4.59 MB
Peak Memory Usage 4.63 MB
svchost.exe
Process ID 1500
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 34 MB
Peak Memory Usage 40 MB
svchost.exe
Process ID 1716
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 6.95 MB
Peak Memory Usage 7.03 MB
svchost.exe
Process ID 876
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 4.48 MB
Peak Memory Usage 4.48 MB
syntpenh.exe
Process ID 1644
User Owner
Domain YOUR-AD5B808096
Path C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Memory Usage 6.04 MB
Peak Memory Usage 6.04 MB
syntplpr.exe
Process ID 1624
User Owner
Domain YOUR-AD5B808096
Path C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Memory Usage 3.28 MB
Peak Memory Usage 3.28 MB
system
Process ID 4
Memory Usage 256 KB
Peak Memory Usage 3.28 MB
system idle process
Process ID 0
updatesrv.exe
Process ID 3068
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
Memory Usage 7.61 MB
Peak Memory Usage 7.71 MB
vsserv.exe
Process ID 1276
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
Memory Usage 62 MB
Peak Memory Usage 127 MB
winlogon.exe
Process ID 1064
User SYSTEM
Domain NT AUTHORITY
Path \??\C:\WINDOWS\system32\winlogon.exe
Memory Usage 6.15 MB
Peak Memory Usage 15 MB
wmiprvse.exe
Process ID 3604
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\wbem\wmiprvse.exe
Memory Usage 5.47 MB
Peak Memory Usage 5.57 MB
wmiprvse.exe
Process ID 2408
Memory Usage 92 KB
Peak Memory Usage 92 KB
yahooauservice.exe
Process ID 3812
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
Memory Usage 7.81 MB
Peak Memory Usage 7.83 MB
ymsgr_tray.exe
Process ID 660
User Owner
Domain YOUR-AD5B808096
Path C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
Memory Usage 6.36 MB
Peak Memory Usage 6.38 MB
TimeZone
TimeZone GMT -6 Hours
Language English
Country United States
Currency $
Date Format M/d/yyyy
Time Format h:mm:ss tt
Power Profile
Active power scheme Portable/Laptop
Hibernation Enabled
Scheduler
10/30/2011 3:25 PM;Every 1 hour(s) from 2:25 PM for 24 hour(s) every day, starting 10/21/2011 GoogleUpdateTaskMachineUA
10/31/2011 2:25 PM;Run at user logon GoogleUpdateTaskMachineCore
Hotfixes
10/26/2011 Security Update for Windows XP (KB2592799)
10/26/2011 Security Update for Windows XP (KB2509553)
10/11/2011 Security Update for Windows XP (KB2564958)
10/11/2011 Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2572073)
10/11/2011 Windows Malicious Software Removal Tool - October 2011 (KB890830)
10/11/2011 Security Update for Windows XP (KB2567053)
10/11/2011 Security Update for Windows XP (KB2592799)
10/11/2011 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2586448)
10/11/2011 Security Update for Microsoft .NET Framework 1.0 SP3 on Windows XP Tablet PC and Media Center (KB2572066)
10/11/2011 Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2572067)
9/27/2011 Windows Malicious Software Removal Tool - September 2011 (KB890830)
9/14/2011 Update for Windows XP (KB2616676)
9/14/2011 Windows Malicious Software Removal Tool - September 2011 (KB890830)
9/14/2011 Security Update for Windows XP (KB2570947)
9/7/2011 Update for Windows XP (KB2607712)
8/24/2011 Update for Windows XP (KB2570791)
8/10/2011 Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2539631)
8/10/2011 Security Update for Windows XP (KB2567680)
8/10/2011 Security Update for Windows XP (KB2536276)
8/10/2011 Security Update for Windows XP (KB2570222)
8/10/2011 Windows Malicious Software Removal Tool - August 2011 (KB890830)
8/10/2011 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2559049)
8/10/2011 Security Update for Windows XP (KB2566454)
8/10/2011 Update Rollup for ActiveX Killbits for Windows XP (KB2562937)
7/17/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2518864)
7/17/2011 Update for Windows XP (KB961118)
7/17/2011 Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 x86 (KB2416473)
7/17/2011 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524)
7/17/2011 Update to .NET Framework 3.5 Service Pack 1 for the .NET Framework Assistant 1.0 x86 (KB963707)
7/17/2011 Security Update for Microsoft .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241)
7/17/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2446704)
7/17/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2478658)
7/17/2011 Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168)
7/17/2011 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
7/16/2011 Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86
7/13/2011 Security Update for Windows XP (KB2507938)
7/13/2011 Windows Malicious Software Removal Tool - July 2011 (KB890830)
7/13/2011 Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430)
7/13/2011 Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688)
7/13/2011 Security Update for Windows XP (KB2555917)
7/11/2011 Security Update for Windows XP (KB2387149)
7/11/2011 Security Update for Windows XP (KB2478971)
7/11/2011 Update for Windows XP (KB2345886)
7/11/2011 Update for Windows XP (KB970430)
7/11/2011 Security Update for Windows XP (KB2296011)
7/11/2011 Security Update for Windows XP (KB2115168)
7/11/2011 Security Update for Windows XP (KB975558)
7/11/2011 Security Update for Windows XP (KB2378111)
7/11/2011 Update for Windows XP (KB951978)
7/11/2011 Security Update for Windows XP (KB2443105)
7/11/2011 Security Update for Windows XP (KB2481109)
7/11/2011 Security Update for Windows XP (KB2485663)
7/11/2011 Security Update for Windows XP (KB2440591)
7/11/2011 Security Update for Windows XP (KB982132)
7/11/2011 Security Update for Windows XP (KB956744)
7/11/2011 Security Update for Windows XP (KB2476490)
7/11/2011 Security Update for Windows XP (KB2506223)
7/11/2011 Security Update for Windows XP (KB2503665)
7/11/2011 Security Update for Windows XP (KB2347290)
7/11/2011 Security Update for Windows XP (KB2483185)
7/11/2011 Update for Windows XP (KB2443685)
7/11/2011 Security Update for Windows XP (KB2079403)
7/11/2011 Update for Windows XP (KB2524375)
7/11/2011 Security Update for Windows XP (KB979687)
7/11/2011 Security Update for Windows XP (KB2121546)
7/11/2011 Security Update for Windows XP (KB2535512)
7/11/2011 Security Update for Windows XP (KB2412687)
7/11/2011 Cumulative Security Update for ActiveX Killbits for Windows XP (KB2508272)
7/11/2011 Security Update for Windows XP (KB980436)
7/11/2011 Security Update for Windows XP (KB2536276)
7/11/2011 Security Update for Windows XP (KB981322)
7/11/2011 Security Update for Windows XP (KB2507618)
7/11/2011 Security Update for Windows XP (KB2476687)
7/11/2011 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2530548)
7/11/2011 Security Update for Windows XP (KB2419632)
7/11/2011 Security Update for Windows XP (KB2508429)
7/11/2011 Update for Windows XP (KB971029)
7/11/2011 Security Update for Windows XP (KB2506212)
7/11/2011 Update for Windows XP (KB971737)
7/11/2011 Security Update for Windows XP (KB981997)
7/11/2011 Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447)
7/11/2011 Security Update for Windows XP (KB2544893)
7/11/2011 Security Update for Windows XP (KB2509553)
7/11/2011 Security Update for Windows XP (KB2510531)
7/11/2011 Security Update for Windows XP (KB982665)
7/11/2011 Update for Windows XP (KB2541763)
7/11/2011 Security Update for Internet Explorer 8 for Windows XP (KB2544521)
7/11/2011 Security Update for Windows XP (KB2478960)
7/11/2011 Security Update for Windows XP (KB2393802)
7/11/2011 Security Update for Windows XP (KB2423089)
7/11/2011 Security Update for Windows XP (KB2360937)
7/11/2011 Windows XP Service Pack 3 (KB936929)
7/11/2011 Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295)
7/11/2011 Security Update for Windows XP (KB955069)
7/11/2011 Security Update for Windows XP (KB971032)
7/11/2011 Microsoft .NET Framework 1.1 Service Pack 1
7/11/2011 Security Update for Windows XP (KB960803)
7/11/2011 Security Update for Windows XP (KB978706)
7/11/2011 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP2 (KB978695)
7/11/2011 Security Update for Windows XP (KB970238)
7/11/2011 Security Update for Windows XP (KB973768)
7/11/2011 Security Update for Windows XP (KB951748)
7/11/2011 Security Update for Windows XP (KB974392)
7/11/2011 Security Update for Windows XP (KB973904)
7/11/2011 Security Update for Windows XP (KB979559)
7/11/2011 Update for Windows XP (KB981793)
7/11/2011 Update for Windows XP (KB973687)
7/11/2011 Security Update for Windows XP with Windows Media Format Runtime 9.5 and 11 (KB941569)
7/11/2011 Security Update for Windows XP (KB975560)
7/11/2011 Security Update for Windows XP (KB952004)
7/11/2011 Security Update for Windows XP (KB975025)
7/11/2011 Security Update for Windows XP Service Pack 2 (KB952069)
7/11/2011 Security Update for Windows XP (KB961501)
7/11/2011 Security Update for Windows XP (KB956572)
7/11/2011 Security Update for Windows XP (KB960225)
7/11/2011 Security Update for Windows XP (KB971657)
7/11/2011 Security Update for Windows XP (KB978037)
7/11/2011 Internet Explorer 8 for Windows XP
7/11/2011 Security Update for Windows XP (KB969059)
7/11/2011 Update for Windows XP (KB955759)
7/11/2011 Security Update for Windows XP (KB980232)
7/11/2011 Microsoft .NET Framework 1.0 SP3 Security Update for Windows XP Tablet PC and Media Center (KB979904)
7/11/2011 Windows Malicious Software Removal Tool - June 2011 (KB890830)
7/11/2011 Security Update for Windows XP (KB979683)
7/11/2011 Security Update for Windows XP (KB960859)
7/11/2011 Security Update for Windows XP (KB946648)
7/11/2011 Security Update for Windows XP (KB952954)
7/11/2011 Security Update for Windows XP (KB980218)
7/11/2011 Security Update for Windows XP (KB923561)
7/11/2011 Windows Malicious Software Removal Tool - June 2011 (KB890830)
7/11/2011 Security Update for Windows XP (KB2229593)
7/11/2011 Cumulative Security Update for Internet Explorer 6 for Windows XP (KB982381)
7/11/2011 Security Update for Windows XP (KB979559)
7/11/2011 Microsoft .NET Framework 1.0 SP3 Security Update for Windows XP Tablet PC and Media Center (KB979904)
7/11/2011 Security Update for Windows XP (KB975562)
7/11/2011 Security Update for Windows XP (KB979482)
7/11/2011 Cumulative Security Update for ActiveX Killbits for Windows XP (KB980195)
7/11/2011 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP2 (KB978695)
7/11/2011 Security Update for Windows XP (KB980218)
7/11/2011 Update for Windows XP (KB981793)
7/11/2011 Security Update for Windows XP (KB978542)
7/11/2011 Security Update for Windows XP (KB978601)
7/11/2011 Security Update for Windows XP (KB979683)
7/11/2011 Security Update for Windows XP (KB978338)
7/11/2011 Security Update for Windows XP (KB979309)
7/11/2011 Security Update for Windows XP (KB981350)
7/11/2011 Security Update for Windows XP (KB977816)
7/11/2011 Security Update for Windows XP (KB980232)
7/11/2011 Security Update for Windows XP (KB975561)
7/11/2011 Security Update for Windows XP (KB978706)
7/11/2011 Security Update for Windows XP (KB971468)
7/11/2011 Security Update for Windows XP (KB977914)
7/11/2011 Security Update for Windows XP (KB975560)
7/11/2011 Security Update for Windows XP (KB978037)
7/11/2011 Security Update for Windows XP (KB975713)
7/11/2011 Security Update for Windows XP (KB972270)
7/11/2011 Security Update for Windows XP (KB973904)
7/11/2011 Update for Windows XP (KB955759)
7/11/2011 Security Update for Windows XP (KB974392)
7/11/2011 Security Update for Windows XP (KB974318)
7/11/2011 Security Update for Windows XP Service Pack 2 (KB952069)
7/11/2011 Update for Windows XP (KB973687)
7/11/2011 Update for Windows XP (KB968389)
7/11/2011 Security Update for Windows XP (KB969059)
7/11/2011 Security Update for Windows XP (KB958869)
7/11/2011 Security Update for Windows XP (KB974112)
7/11/2011 Security Update for Windows XP (KB974571)
7/11/2011 Security Update for Windows XP (KB975025)
7/11/2011 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 2 (KB954155)
7/11/2011 Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295)
7/11/2011 Security Update for Jscript 5.6 for Windows XP (KB971961)
7/11/2011 Security Update for Windows XP (KB956844)
7/11/2011 Security Update for Windows XP (KB973768)
7/11/2011 Internet Explorer 8 for Windows XP
7/11/2011 Security Update for Windows XP (KB971657)
7/11/2011 Security Update for Windows XP (KB973815)
7/11/2011 Security Update for Windows XP (KB960859)
7/11/2011 Security Update for Windows XP (KB973507)
7/11/2011 Security Update for Windows XP (KB958470)
7/11/2011 Security Update for Windows XP (KB973869)
7/11/2011 Security Update for Windows XP Service Pack 2 (KB973540)
7/11/2011 Security Update for Windows XP (KB971032)
7/11/2011 Security Update for Windows XP (KB970238)
7/11/2011 Security Update for Windows XP (KB961501)
7/11/2011 Microsoft .NET Framework 1.1 Service Pack 1
7/11/2011 Security Update for Windows XP (KB959426)
7/11/2011 Security Update for Windows XP (KB960803)
7/11/2011 Security Update for Windows XP (KB952004)
7/11/2011 Security Update for Windows XP (KB956572)
7/11/2011 Security Update for Windows XP (KB923561)
7/11/2011 Update for Windows XP (KB967715)
7/11/2011 Security Update for Windows XP (KB960225)
7/11/2011 Security Update for Windows XP (KB956803)
7/11/2011 Security Update for Windows XP (KB956802)
7/11/2011 Security Update for Windows XP (KB955069)
7/11/2011 Security Update for Windows XP (KB958644)
7/11/2011 Update for Windows XP (KB952287)
7/11/2011 Security Update for Windows XP (KB950974)
7/11/2011 Security Update for Windows XP (KB952954)
7/11/2011 Security Update for Windows XP (KB946648)
7/11/2011 Security Update for Windows XP (KB944338)
7/11/2011 Security Update for Windows XP (KB951748)
7/11/2011 Security Update for Windows XP (KB951376)
7/11/2011 Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB936181)
7/11/2011 Security Update for Windows XP (KB950762)
7/11/2011 Security Update for Windows XP with Windows Media Format Runtime 9.5 and 11 (KB941569)
7/11/2011 Update for Windows XP (KB898461)
7/11/2011 Windows Genuine Advantage Validation Tool (KB892130)
7/11/2011 Microsoft Windows Installer 3.1
Battery
AC line Online
Battery full time Unknown
Battery Charge % 100 %
Battery State High
Amount of time remaining (sec) Unknown
Device Tree
ACPI Uniprocessor PC
Microsoft ACPI-Compliant System
Intel® Pentium® M processor 1.86GHz
ACPI Thermal Zone
ACPI Power Button
ACPI Sleep Button
Microsoft AC Adapter
Microsoft ACPI-Compliant Control Method Battery
ACPI Lid
ACPI Fixed Feature Button
PCI bus
Mobile Intel® 915GM/PM/GMS/910GML Express Processor to DRAM Controller - 2590
Conexant AC-Link Audio
SoftV92 Data Fax Modem with SmartCP
Intel® 82801FB/FBM SMBus Controller - 266A
Motherboard resources
Mobile Intel® 915GM/PM Express PCI Express Root Port - 2591
ATI MOBILITY RADEON X700
Default Monitor
Plug and Play Monitor
Default Monitor
Intel® 82801FB/FBM USB Universal Host Controller - 2658
USB Root Hub
Intel® 82801FB/FBM USB Universal Host Controller - 2659
USB Root Hub
Intel® 82801FB/FBM USB Universal Host Controller - 265A
USB Root Hub
Intel® 82801FB/FBM USB Universal Host Controller - 265B
USB Root Hub
Intel® 82801FB/FBM USB2 Enhanced Host Controller - 265C
USB Root Hub
Intel® 82801 PCI Bridge - 2448
Broadcom NetXtreme Gigabit Ethernet
Intel® PRO/Wireless 2200BG Network Connection
Texas Instruments PCIxx21/x515 Cardbus Controller
Texas Instruments PCIxx21 Integrated FlashMedia Controller
SDA Standard Compliant SD Host Controller
Texas Instruments OHCI Compliant IEEE 1394 Host Controller
1394 Net Adapter
Intel® 82801FBM LPC Interface Controller - 2641
ISAPNP Read Data Port
Direct memory access controller
Programmable interrupt controller
Numeric data processor
Motherboard resources
System CMOS/real time clock
System timer
Microsoft ACPI-Compliant Embedded Controller
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Synaptics PS/2 Port TouchPad
Intel® 82801FB/FBM Ultra ATA Storage Controllers - 266F
Primary IDE Channel
HTS541010G9AT00
QSI DVD+-RW SDW-082
Services
Running AOL TopSpeed Monitor
Running Application Layer Gateway Service
Running Ati HotKey Poller
Running Automatic Updates
Running Background Intelligent Transfer Service
Running BitDefender Desktop Update Service
Running BitDefender Virus Shield
Running COM+ Event System
Running COM+ System Application
Running Computer Browser
Running CryptSvc
Running DCOM Server Process Launcher
Running DHCP Client
Running Distributed Link Tracking Client
Running DNS Client
Running Error Reporting Service
Running Event Log
Running Fast User Switching Compatibility
Running Help and Support
Running HTTP SSL
Running IPSEC Services
Running Java Quick Starter
Running Logical Disk Manager
Running Media Center Receiver Service
Running Media Center Scheduler Service
Running Network Connections
Running Network Location Awareness (NLA)
Running Plug and Play
Running Print Spooler
Running PrismXL
Running Protected Storage
Running Remote Access Connection Manager
Running Remote Procedure Call (RPC)
Running Remote Registry
Running Secondary Logon
Running Security Accounts Manager
Running Security Center
Running Server
Running Shell Hardware Detection
Running SSDP Discovery Service
Running System Event Notification
Running System Restore Service
Running Task Scheduler
Running TCP/IP NetBIOS Helper
Running Telephony
Running Terminal Services
Running Themes
Running WebClient
Running Windows Audio
Running Windows Firewall/Internet Connection Sharing (ICS)
Running Windows Management Instrumentation
Running Windows Time
Running Wireless Zero Configuration
Running Workstation
Running Yahoo! Updater
Stopped .NET Runtime Optimization Service v2.0.50727_X86
Stopped Alerter
Stopped Application Management
Stopped ASP.NET State Service
Stopped BitDefender Update Server v2
Stopped ClipBook
Stopped Distributed Transaction Coordinator
Stopped Extensible Authentication Protocol Service
Stopped Google Software Updater
Stopped Google Update Service (gupdate)
Stopped Google Update Service (gupdatem)
Stopped Health Key and Certificate Management Service
Stopped Human Interface Device Access
Stopped IMAPI CD-Burning COM Service
Stopped Indexing Service
Stopped Logical Disk Manager Administrative Service
Stopped Messenger
Stopped MHN
Stopped MS Software Shadow Copy Provider
Stopped Net Logon
Stopped Net.Tcp Port Sharing Service
Stopped NetMeeting Remote Desktop Sharing
Stopped Network Access Protection Agent
Stopped Network DDE
Stopped Network DDE DSDM
Stopped Network Provisioning Service
Stopped NT LM Security Support Provider
Stopped Office Source Engine
Stopped Performance Logs and Alerts
Stopped Portable Media Serial Number Service
Stopped QoS RSVP
Stopped Remote Access Auto Connection Manager
Stopped Remote Desktop Help Session Manager
Stopped Remote Procedure Call (RPC) Locator
Stopped Removable Storage
Stopped Routing and Remote Access
Stopped Smart Card
Stopped Telnet
Stopped Uninterruptible Power Supply
Stopped Universal Plug and Play Device Host
Stopped Volume Shadow Copy
Stopped Windows CardSpace
Stopped Windows Image Acquisition (WIA)
Stopped Windows Installer
Stopped Windows Management Instrumentation Driver Extensions
Stopped Windows Presentation Foundation Font Cache 3.0.0.0
Stopped Windows User Mode Driver Framework
Stopped Wired AutoConfig
Stopped WMI Performance Adapter
CPU
Intel Pentium M 750
Cores 1
Threads 1
Name Intel Pentium M 750
Code Name Dothan
Package Socket 479 mPGA
Technology 90nm
Specification Intel® Pentium® M processor 1.86GHz
Family 6
Extended Family 6
Model D
Extended Model D
Stepping 8
Revision C0
Instructions MMX, SSE, SSE2
Virtualization Unsupported
Hyperthreading Not supported
Bus Speed 133.0 MHz
Rated Bus Speed 532.0 MHz
Stock Core Speed 1866 MHz
Stock Bus Speed 133 MHz
Caches
L1 Data Cache Size 32 KBytes
L1 Instructions Cache Size 32 KBytes
L2 Unified Cache Size 2048 KBytes
Core 0
Core Speed 1862.1 MHz
Multiplier x 6.0
Bus Speed 133.0 MHz
Rated Bus Speed 532.0 MHz
Thread 1
APIC ID 0
RAM
Memory slots
Total memory slots 2
Used memory slots 2
Free memory slots 0
Memory
Type DDR2
Size 1024 MBytes
Channels # Dual
DRAM Frequency 266.0 MHz
CAS# Latency (CL) 4 clocks
RAS# to CAS# Delay (tRCD) 4 clocks
RAS# Precharge (tRP) 4 clocks
Cycle Time (tRAS) 11 clocks
Physical Memory
Memory Usage 57 %
Total Physical MB
Available Physical 439 MB
Total Virtual 2.40 GB
Available Virtual 1.81 GB
SPD
Number Of SPD Modules 2
Slot #1
Type DDR2
Size 512 MBytes
Manufacturer Samsung
Max Bandwidth PC2-4300 (266 MHz)
Part Number M4 70T6554CZ3-CD5
Serial Number 50075CE0
Week/year 33 / 05
SPD Ext. EPP
JEDEC #3
Frequency 266.7 MHz
CAS# Latency 5.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 11
tRC 15
Voltage 1.800 V
JEDEC #2
Frequency 266.7 MHz
CAS# Latency 4.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 11
tRC 15
Voltage 1.800 V
JEDEC #1
Frequency 200.0 MHz
CAS# Latency 3.0
RAS# To CAS# 3
RAS# Precharge 3
tRAS 8
tRC 11
Voltage 1.800 V
Slot #2
Type DDR2
Size 512 MBytes
Manufacturer Samsung
Max Bandwidth PC2-4300 (266 MHz)
Part Number M4 70T6554CZ3-CD5
Serial Number 50045CDD
Week/year 33 / 05
SPD Ext. EPP
JEDEC #3
Frequency 266.7 MHz
CAS# Latency 5.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 11
tRC 15
Voltage 1.800 V
JEDEC #2
Frequency 266.7 MHz
CAS# Latency 4.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 11
tRC 15
Voltage 1.800 V
JEDEC #1
Frequency 200.0 MHz
CAS# Latency 3.0
RAS# To CAS# 3
RAS# Precharge 3
tRAS 8
tRC 11
Voltage 1.800 V
Motherboard
Manufacturer Gateway
Version 3400466
Chipset Vendor Intel
Chipset Model i915PM/GM
Chipset Revision 03
Southbridge Vendor Intel
Southbridge Model 82801FBM (ICH6-M)
Southbridge Revision 03
System Temperature 49 °C
BIOS
Brand Gateway
Version 59.05
Date 09/03/2005992
PCI Data
Slot PCI
Slot Type PCI
Slot Usage Available
Bus Width 32 bit
Slot Designation MiniPCI Slot J20
Slot Number 0
Slot UNKNOWN
Slot Type UNKNOWN
Slot Usage Unknown
Bus Width 32 bit
Slot Designation PCMCIA socket 0
Slot Number 1
Graphics
Monitor
Name Default Monitor on ATI MOBILITY RADEON X700
Current Resolution 1440x900 pixels
Work Resolution 1440x870 pixels
State enabled, primary, output devices support
Monitor Width 1440
Monitor Height 900
Monitor BPP 32 bits per pixel
Monitor Frequency 60 Hz
Device \\.\DISPLAY1\Monitor0
ATI MOBILITY RADEON X700
GPU M26
Device ID 1002-5653
Subvendor Gateway 2000 (107B)
Current Performance Level Level 1
Technology 110 nm
Release Date 2005
DirectX Support 9.0b
DirectX Shader Model 2.0
OpenGL Support 2.0
Bios Core Clock 351.00
Bios Mem Clock 330.00
Driver ati2mtag.sys
Driver version 6.14.10.6512
BIOS Version Unknown Video BIOS
ROPs 8
Shaders Vertex 8/Pixel 8
Memory Type GDDR3
Memory 64 MB
Bus Width 128 Bit
Count of performance levels : 1
Level 0
Hard Drives
HTS541010G9AT00
Manufacturer Hitachi
Product Family Travelstar
Series Prefix Standard
Model Capacity For This Specific Drive 100GB
Heads 16
Cylinders 16383
Device type Fixed
ATA Standard ATA/ATAPI-6
LBA Size 48-bit LBA
Power On Count 8641 times
Power On Time 1024 Days 4 Hours
Features S.M.A.R.T., APM, AAM
Transfer Mode Ultra DMA/100
Interface PATA
Capacity 98GB
Real size 100,030,242,816 bytes
RAID Type None
S.M.A.R.T
01 Read Error Rate 100 (100 worst) Data 0000000000
02 Throughput Performance 100 (100) Data 0000000000
03 Spin-Up Time 201 (201) Data 0000000000
04 Start/Stop Count 095 (095) Data 0000002288
05 Reallocated Sectors Count 097 (097) Data 0000000000
07 Seek Error Rate 100 (100) Data 0000000000
08 Seek Time Performance 100 (100) Data 0000000000
09 Power-On Hours (POH) 044 (044) Data 0000006004
0A Spin Retry Count 100 (100) Data 0000000000
0C Device Power Cycle Count 095 (095) Data 00000021C1
BF G-sense error rate 100 (100) Data 0000000000
C0 Power-off Retract Count 100 (100) Data 0000000067
C1 Load/Unload Cycle Count 035 (035) Data 00000A0AB7
C2 Temperature 166 (166) Data 0000070021
C4 Reallocation Event Count 095 (095) Data 000000020A
C5 Current Pending Sector Count 100 (100) Data 0000000000
C6 Uncorrectable Sector Count 100 (100) Data 0000000000
C7 UltraDMA CRC Error Count 200 (200) Data 0000000000
Temperature 33 °C
Temperature Range ok (less than 50 °C)
Status Good
Partition 0
Partition ID Disk #0, Partition #0
Disk Letter C:
File System NTFS
Volume Serial Number A8A963F1
Size 86GB
Used Space 13.4GB (16%)
Free Space 73GB (84%)
Partition 1
Partition ID Disk #0, Partition #1
Disk Letter D:
File System FAT32
Volume Serial Number 2DB269A0
Size 6.70GB
Used Space 2.74GB (41%)
Free Space 3.97GB (59%)
Optical Drives
QSI DVD+-RW SDW-082
Media Type CD-ROM
Name QSI DVD+-RW SDW-082
Availability Running/Full Power
Capabilities Random Access, Supports Removable Media
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive E:
Media Loaded FALSE
SCSI Bus 0
SCSI Logical Unit 0
SCSI Port 0
SCSI Target Id 1
Status OK
Audio
Sound Card
Conexant AC-Link Audio
Playback Device
Conexant AMC Audio
Recording Device
Conexant AMC Audio
Peripherals
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device Kind Keyboard
Device Name Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Location plugged into keyboard port
Driver
Date 7-1-2001
Version 5.1.2535.0
File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Synaptics PS/2 Port TouchPad
Device Kind Mouse
Device Name Synaptics PS/2 Port TouchPad
Location plugged into PS/2 mouse port
Driver
Date 10-8-2004
Version 7.12.3.0
File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
File C:\WINDOWS\system32\DRIVERS\mouclass.sys
File C:\WINDOWS\system32\DRIVERS\SynTP.sys
File C:\WINDOWS\system32\SynTPAPI.dll
File C:\WINDOWS\system32\SynTPFcs.dll
File C:\WINDOWS\system32\SynCOM.dll
File C:\WINDOWS\system32\SynCtrl.dll
File C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
File C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
File C:\Program Files\Synaptics\SynTP\SynCntxt.rtf
File C:\Program Files\Synaptics\SynTP\SynZMetr.exe
File C:\Program Files\Synaptics\SynTP\SynMood.exe
File C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
File C:\Program Files\Synaptics\SynTP\SynTPEnh.ini
File C:\Program Files\Synaptics\SynTP\SynTPCOM.dll
File C:\Program Files\Synaptics\SynTP\Tutorial.exe
File C:\Program Files\Synaptics\SynTP\InstNT.exe
File C:\Program Files\Synaptics\SynTP\SynISDLL.dll
File C:\Program Files\Synaptics\SynTP\SynUnst.ini
File C:\WINDOWS\system32\SynTPCo2.dll
Network
You are connected to the internet
Connected through Intel® PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
IP Address 192.168.1.101
Subnet mask 255.255.255.0
Gateway server 192.168.1.1
Preferred DNS server 68.105.28.11
Alternate DNS server 68.105.29.11
Alternate DNS server 68.105.28.12
DHCP Enabled
DHCP server 192.168.1.1
External IP Address 68.13.185.27
Adapter Type Ethernet
NetBIOS over TCP/IP Enabled via DHCP
NETBIOS Node Type Unknown node type
Link Speed 0 kbps
Computer Name
NetBIOS Name YOUR-AD5B808096
DNS Name YOUR-AD5B808096
Domain Name YOUR-AD5B808096
Remote Desktop
Console
State Active
Domain YOUR-AD5B808096
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Using native Wi-Fi API version 1
Available access points count 1
Wi-Fi (trigger)
SSID trigger
Name No name
Signal Strength/Quality 100
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags Currently Connected to this network
Cipher Algorithm to be used when joining this network WEP cipher algorithm with a cipher key of any length
Default Auth used to join this network for the first time IEEE 802.11 Open System authentication algorithm
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout 60000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout 30000
IEProxy Auto Detect No
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Adapters List
Intel® PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
IP Address 192.168.1.101
Subnet mask 255.255.255.0
Gateway server 192.168.1.1
Network Shares
No network shares
Current TCP Connections
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe (3068)
Local 0.0.0.0:48752 LISTEN
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe (1276)
Local 0.0.0.0:3939 LISTEN
Local 0.0.0.0:24961 LISTEN
Local 0.0.0.0:27827 LISTEN
Local 0.0.0.0:38928 LISTEN
Local 0.0.0.0:57322 LISTEN
Local 0.0.0.0:65046 LISTEN
Local 192.168.1.101:3882 ESTABLISHED Remote 66.40.145.204:80 (Querying... ) (HTTP)
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (2200)
Local 127.0.0.1:11500 LISTEN
C:\Program Files\Internet Explorer\iexplore.exe (1416)
Local 192.168.1.101:3885 ESTABLISHED Remote 209.62.107.107:80 (Querying... ) (HTTP)
Local 192.168.1.101:3886 ESTABLISHED Remote 209.62.107.107:80 (Querying... ) (HTTP)
Local 192.168.1.101:3888 ESTABLISHED Remote 74.125.227.44:80 (Querying... ) (HTTP)
Local 192.168.1.101:3889 ESTABLISHED Remote 74.125.227.17:80 (Querying... ) (HTTP)
Local 192.168.1.101:3891 ESTABLISHED Remote 209.62.107.107:80 (Querying... ) (HTTP)
Local 192.168.1.101:3892 ESTABLISHED Remote 209.62.107.107:80 (Querying... ) (HTTP)
Local 192.168.1.101:3893 ESTABLISHED Remote 209.62.107.107:80 (Querying... ) (HTTP)
Local 192.168.1.101:3894 ESTABLISHED Remote 209.62.107.107:80 (Querying... ) (HTTP)
Local 192.168.1.101:3895 ESTABLISHED Remote 74.125.47.95:80 (Querying... ) (HTTP)
Local 192.168.1.101:3896 ESTABLISHED Remote 72.247.23.139:80 (Querying... ) (HTTP)
C:\Program Files\Internet Explorer\iexplore.exe (2524)
Local 192.168.1.101:3878 ESTABLISHED Remote 174.133.98.146:80 (Querying... ) (HTTP)
C:\Program Files\Java\jre6\bin\jqs.exe (2612)
Local 127.0.0.1:5152 LISTEN
C:\WINDOWS\System32\alg.exe (3512)
Local 127.0.0.1:1041 LISTEN
C:\WINDOWS\system32\svchost.exe (1716)
Local 192.168.1.101:3884 CLOSE-WAIT Remote 192.168.1.1:2869 (Querying... )
System Process
Local 192.168.1.101:3834 TIME-WAIT Remote 216.137.43.109:80 (Querying... ) (HTTP)
Local 192.168.1.101:3839 TIME-WAIT Remote 216.137.43.109:80 (Querying... ) (HTTP)
Local 192.168.1.101:3843 TIME-WAIT Remote 216.137.43.109:80 (Querying... ) (HTTP)
Local 192.168.1.101:3847 TIME-WAIT Remote 216.137.43.109:80 (Querying... ) (HTTP)
System Process
Local 0.0.0.0:445 (Windows shares) LISTEN
Local 192.168.1.101:139 (NetBIOS session service) LISTEN
svchost.exe (1444)
Local 0.0.0.0:135 (DCE) LISTEN


OTL logfile created on: 10/30/2011 2:43:10 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 498.96 Mb Available Physical Memory | 48.80% Memory free
2.40 Gb Paging File | 1.89 Gb Available in Paging File | 78.90% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.44 Gb Total Space | 73.05 Gb Free Space | 84.51% Space Free | Partition Type: NTFS
Drive D: | 6.71 Gb Total Space | 3.97 Gb Free Space | 59.19% Space Free | Partition Type: FAT32

Computer Name: YOUR-AD5B808096 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/26 17:00:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\OTL.exe
PRC - [2011/10/24 18:49:58 | 001,148,584 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
PRC - [2011/10/24 18:47:24 | 001,538,984 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
PRC - [2011/10/21 18:54:10 | 000,093,912 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\pchooklaunch32.exe
PRC - [2011/10/20 18:11:42 | 000,050,128 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
PRC - [2011/07/11 17:06:48 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/11/05 09:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/11/03 16:03:00 | 000,125,528 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1310422344\EE\AOLHostManager.exe
PRC - [2004/11/03 16:03:00 | 000,110,680 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1310422344\EE\AOLServiceHost.exe
PRC - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/24 18:46:02 | 000,135,088 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\popup.dll
MOD - [2011/10/21 14:04:28 | 001,910,272 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpfr.mdl
MOD - [2011/10/21 14:04:28 | 001,909,760 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpph.mdl
MOD - [2011/10/21 14:04:28 | 001,858,560 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimf.mdl
MOD - [2011/10/21 14:04:28 | 000,952,832 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttprbl.mdl
MOD - [2011/10/21 14:04:28 | 000,632,832 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpbr.mdl
MOD - [2011/10/21 14:04:28 | 000,444,416 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimdsp.mdl
MOD - [2011/10/21 14:04:26 | 002,054,144 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpf.mdl
MOD - [2011/10/21 14:04:26 | 000,509,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpdsp.mdl
MOD - [2011/10/21 14:04:26 | 000,389,632 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimbr.mdl
MOD - [2011/10/20 18:14:46 | 000,035,208 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\procinfo.dll
MOD - [2011/10/20 18:03:26 | 000,154,152 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll
MOD - [2011/10/20 18:03:18 | 000,249,424 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\avc3al.dll
MOD - [2011/10/20 18:02:48 | 000,109,856 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll
MOD - [2011/10/20 18:02:06 | 000,061,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\excludemgr.dll
MOD - [2011/10/17 09:43:02 | 000,107,008 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\popup.ui
MOD - [2011/10/17 09:43:02 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\imsecurityal.ui
MOD - [2011/10/17 09:43:00 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\accessl.ui
MOD - [2011/10/15 00:07:58 | 000,059,392 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmltusrsrv.dll
MOD - [2011/10/15 00:05:48 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll
MOD - [2011/10/15 00:05:32 | 000,035,720 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\strdecoder.dll
MOD - [2011/10/14 23:57:34 | 000,337,992 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
MOD - [2011/10/07 16:26:02 | 000,574,904 | ---- | M] () -- C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\bdsmartdb.dll
MOD - [2011/08/09 12:16:10 | 000,112,952 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Bitdefender 2012\bdnimbus.dll
MOD - [2011/07/29 11:29:08 | 001,236,176 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Bitdefender 2012\wslib.dll
MOD - [2011/07/14 17:59:24 | 000,074,336 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll
MOD - [2011/06/16 07:55:10 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/05/19 19:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\Antivirus_06501_021\avxdisk.dll
MOD - [2011/03/01 17:46:16 | 000,132,176 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdfwcore.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/11/03 16:03:00 | 000,143,360 | ---- | M] () -- C:\Program Files\Common Files\AOL\1310422344\EE\libexpat.dll
MOD - [2004/09/28 03:54:48 | 000,269,824 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll


========== Win32 Services (All) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/10/24 18:47:24 | 001,538,984 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV - [2011/10/20 18:11:42 | 000,050,128 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV - [2011/10/14 23:57:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2011/10/03 05:06:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/07/16 17:06:31 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2011/07/15 19:04:36 | 000,136,176 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdatem) Google Update Service (gupdatem)
SRV - [2011/07/15 19:04:36 | 000,136,176 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2011/07/11 17:06:48 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/29 21:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 11:16:40 | 000,034,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/07 15:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) Network Location Awareness (NLA)
SRV - [2008/04/13 19:12:40 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 19:12:38 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008/04/13 19:12:38 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2008/04/13 19:12:35 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2008/04/13 19:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008/04/13 19:12:33 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 19:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 19:12:27 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2008/04/13 19:12:25 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008/04/13 19:12:24 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2008/04/13 19:12:14 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/13 19:12:14 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2008/04/13 19:12:08 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2008/04/13 19:12:08 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2008/04/13 19:12:08 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 19:12:07 | 000,090,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks)
SRV - [2008/04/13 19:12:07 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 19:12:05 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 19:12:04 | 000,059,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/13 19:12:03 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qagentrt.dll -- (napagent)
SRV - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 19:12:02 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/04/13 19:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 19:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 19:11:56 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\kmsvc.dll -- (hkmsvc)
SRV - [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - [2008/04/13 19:11:53 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 19:11:50 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 19:11:49 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\appmgmts.dll -- (AppMgmt)
SRV - [2008/04/13 19:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2005/02/02 00:36:56 | 000,344,064 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/09/28 03:33:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\ehome\ehRecvr.exe -- (ehRecvr)
SRV - [2004/08/11 03:45:04 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2004/08/10 14:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)
SRV - [2004/08/10 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2004/08/10 13:11:50 | 000,085,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mhn.dll -- (MHN)
SRV - [2004/08/10 13:04:42 | 000,102,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2011/10/26 22:11:37 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2011/10/26 22:08:21 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2011/10/26 22:04:39 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2011/10/14 23:57:34 | 000,311,248 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2011/09/29 16:09:50 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox)
DRV - [2011/09/01 11:15:08 | 000,454,960 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2011/09/01 11:12:42 | 000,596,600 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avc3.sys -- (avc3)
DRV - [2011/07/19 16:20:36 | 000,127,056 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys -- (bdselfpr)
DRV - [2011/07/15 16:11:46 | 000,240,184 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2011/07/15 08:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2011/07/11 17:13:18 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2011/07/08 09:02:00 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2011/06/24 09:10:36 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2011/04/21 08:37:43 | 000,105,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2011/03/24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV - [2011/03/01 17:45:34 | 000,113,232 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys -- (Bdfndisf)
DRV - [2011/03/01 17:45:32 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2011/02/17 08:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2010/11/02 10:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2010/01/19 19:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/10/20 11:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/07/14 10:35:16 | 000,444,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000)
DRV - [2009/06/24 06:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 19:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 19:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 19:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 14:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 14:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 14:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 14:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 14:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 14:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 14:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 14:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 14:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 14:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 14:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 13:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 13:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 13:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 13:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 13:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 13:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 13:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 13:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 13:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 13:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 13:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 13:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 13:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 13:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/13 13:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2008/04/13 13:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 13:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 13:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 13:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 13:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 13:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 13:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 13:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 13:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 13:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 13:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 13:41:22 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\i2omp.sys -- (i2omp)
DRV - [2008/04/13 13:41:22 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt)
DRV - [2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 13:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 13:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 13:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk)
DRV - [2008/04/13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 13:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaide.sys -- (ViaIde)
DRV - [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/13 13:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde)
DRV - [2008/04/13 13:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 13:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 13:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 13:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 13:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 13:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 13:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 13:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 13:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 13:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 13:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 13:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 13:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 13:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/13 13:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 13:36:44 | 000,079,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus)
DRV - [2008/04/13 13:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI)
DRV - [2008/04/13 13:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 13:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2008/04/13 13:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp.sys -- (viaagp)
DRV - [2008/04/13 13:36:39 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\agpCPQ.sys -- (agpCPQ)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 13:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\alim1541.sys -- (alim1541)
DRV - [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\agp440.sys -- (agp440)
DRV - [2008/04/13 13:36:37 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmbatt.sys -- (CmBatt)
DRV - [2008/04/13 13:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\compbatt.sys -- (Compbatt)
DRV - [2008/04/13 13:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2008/04/13 13:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 13:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 13:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 13:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 13:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 13:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 13:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 13:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 13:31:31 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\p3.sys -- (P3)
DRV - [2008/04/13 11:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/04/13 11:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2005/02/11 03:52:00 | 000,157,056 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/02/02 00:39:20 | 000,970,240 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/17 08:27:00 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/11/05 09:47:00 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/08/30 00:39:00 | 000,190,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/10 14:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/10 14:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/10 14:00:00 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\adpu160m.sys -- (adpu160m)
DRV - [2004/08/10 14:00:00 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aic78xx.sys -- (aic78xx)
DRV - [2004/08/10 14:00:00 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aic78u2.sys -- (aic78u2)
DRV - [2004/08/10 14:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/10 14:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/10 14:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1240.sys -- (ql1240)
DRV - [2004/08/10 14:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/10 14:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/10 14:00:00 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql10wnt.sys -- (Ql10wnt)
DRV - [2004/08/10 14:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/10 14:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/10 14:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/10 14:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/10 14:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/10 14:00:00 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\perc2.sys -- (perc2)
DRV - [2004/08/10 14:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/10 14:00:00 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpn.sys -- (hpn)
DRV - [2004/08/10 14:00:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS -- (abp480n5)
DRV - [2004/08/10 14:00:00 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3350p.sys -- (asc3350p)
DRV - [2004/08/10 14:00:00 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys -- (dpti2o)
DRV - [2004/08/10 14:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/10 14:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/10 14:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/10 14:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/10 14:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/10 14:00:00 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ini910u.sys -- (ini910u)
DRV - [2004/08/10 14:00:00 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cpqarray.sys -- (Cpqarray)
DRV - [2004/08/10 14:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/10 14:00:00 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac960nt.sys -- (dac960nt)
DRV - [2004/08/10 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/10 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cbidf2k.sys -- (cbidf)
DRV - [2004/08/10 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aha154x.sys -- (Aha154x)
DRV - [2004/08/10 14:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/10 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amsint.sys -- (amsint)
DRV - [2004/08/10 14:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPIEC.sys -- (ACPIEC)
DRV - [2004/08/10 14:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/10 14:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys -- (cd20xrnt)
DRV - [2004/08/10 14:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/10 14:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/10 14:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/10 14:00:00 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\perc2hib.sys -- (perc2hib)
DRV - [2004/08/10 14:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/10 14:00:00 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\toside.sys -- (TosIde)
DRV - [2004/08/10 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/10 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/10 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2004/08/10 14:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2004/08/10 12:45:04 | 000,011,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mhndrv.sys -- (MHNDRV)
DRV - [2004/08/10 12:39:56 | 000,019,840 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/03 17:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/28 02:03:42 | 000,276,480 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/06/28 02:02:34 | 000,034,048 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/06/17 02:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 02:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 02:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/16 23:04:14 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 15:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde)
DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 08:52:30 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2001/08/17 08:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Owner.YOUR-AD5B808096\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/07/17 11:58:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/08/19 10:12:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2011/10/27 15:14:59 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/10/27 22:16:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1310422344\EE\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE (New Boundary Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC2BACB1-098B-4475-82DD-4E44BFC8B79F}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/27 20:20:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/30 14:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
[2011/10/30 14:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/10/30 14:36:23 | 004,307,416 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\spsetup113.exe
[2011/10/30 14:31:20 | 004,845,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\procexp.exe
[2011/10/30 14:23:44 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\VEW.exe
[2011/10/29 01:30:39 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\tdsskiller.exe
[2011/10/29 01:23:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/27 15:15:34 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2011/10/27 15:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 2012
[2011/10/27 15:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Application Data\Bitdefender
[2011/10/27 15:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2011/10/27 15:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/27 15:02:21 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/27 15:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/27 13:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/27 13:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2011/10/27 13:34:58 | 000,311,248 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2011/10/27 13:34:57 | 000,353,096 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2011/10/27 13:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2011/10/27 13:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Application Data\QuickScan
[2011/10/26 22:30:35 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/10/26 20:44:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/26 20:41:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/26 20:41:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/26 20:41:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/26 20:41:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/26 20:41:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/26 20:41:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/26 20:40:19 | 004,274,254 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\ComboFix.exe
[2011/10/26 16:59:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\OTL.exe
[2011/10/26 16:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Application Data\Malwarebytes
[2011/10/26 16:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/25 23:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/10/25 23:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/10/25 22:58:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/10/24 10:00:47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/24 10:00:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/24 10:00:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/30 14:41:03 | 000,000,303 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
[2011/10/30 14:37:16 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/10/30 14:36:39 | 004,307,416 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\spsetup113.exe
[2011/10/30 14:31:30 | 004,845,856 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\procexp.exe
[2011/10/30 14:25:23 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{58EA9D84-8565-464C-9DCF-59B43ACA0438}.job
[2011/10/30 14:25:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/30 14:25:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/30 14:23:53 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\VEW.exe
[2011/10/30 00:39:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/30 00:39:38 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/29 01:30:58 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\tdsskiller.exe
[2011/10/27 22:16:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/27 21:57:49 | 004,274,254 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\ComboFix.exe
[2011/10/27 21:16:27 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2011/10/27 15:17:10 | 000,246,169 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319746070.bdinstall.bin
[2011/10/27 15:15:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/10/27 15:15:48 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/10/27 15:15:04 | 000,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Internet Security 2012.lnk
[2011/10/27 15:02:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/27 13:38:21 | 000,051,539 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.2396.bin
[2011/10/27 13:38:21 | 000,040,061 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.2964.bin
[2011/10/27 13:38:21 | 000,032,384 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.3556.bin
[2011/10/27 13:38:21 | 000,007,497 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.3588.bin
[2011/10/27 13:37:30 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.4008.bin
[2011/10/27 13:35:32 | 000,004,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.836.bin
[2011/10/27 13:35:22 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.3592.bin
[2011/10/27 13:35:00 | 000,009,369 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.3384.bin
[2011/10/26 20:44:25 | 000,000,312 | RHS- | M] () -- C:\boot.ini
[2011/10/26 17:00:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\OTL.exe
[2011/10/14 23:57:34 | 000,311,248 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2011/10/11 19:09:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/11 19:07:50 | 000,208,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/11 18:55:33 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/11 18:54:50 | 000,442,114 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/11 18:54:50 | 000,071,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/03 05:06:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/03 05:06:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/03 05:06:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/10/03 05:06:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/10/03 03:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/10/03 02:37:52 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/30 14:37:16 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/10/30 00:42:05 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{58EA9D84-8565-464C-9DCF-59B43ACA0438}.job
[2011/10/27 21:16:27 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2011/10/27 15:31:46 | 000,000,303 | ---- | C] () -- C:\WINDOWS\System32\checkdnsid.xml
[2011/10/27 15:17:10 | 000,246,169 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1319746070.bdinstall.bin
[2011/10/27 15:15:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/10/27 15:15:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/10/27 15:15:04 | 000,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Internet Security 2012.lnk
[2011/10/27 15:02:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/27 13:35:22 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1319740493.4008.bin
[2011/10/27 13:35:19 | 000,032,384 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1319740493.3556.bin
[2011/10/27 13:35:19 | 000,004,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1319740493.836.bin
[2011/10/27 13:34:59 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1319740493.3592.bin
[2011/10/27 13:34:56 | 000,009,369 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1319740493.3384.bin
[2011/10/27 13:34:53 | 000,051,539 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1319740493.2396.bin
[2011/10/27 13:34:53 | 000,040,061 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1319740493.2964.bin
[2011/10/27 13:34:53 | 000,007,497 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1319740493.3588.bin
[2011/10/26 20:44:25 | 000,000,197 | ---- | C] () -- C:\Boot.bak
[2011/10/26 20:44:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/26 20:41:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/26 20:41:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/26 20:41:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/26 20:41:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/26 20:41:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/24 16:35:28 | 000,233,444 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010005.JPG
[2011/10/24 16:35:17 | 000,234,556 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010004.JPG
[2011/10/24 16:35:06 | 000,233,016 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010003.JPG
[2011/10/24 16:34:51 | 000,262,623 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010002.JPG
[2011/10/24 16:34:42 | 000,232,214 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010001.JPG
[2011/08/19 10:35:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/07/17 13:20:22 | 000,612,216 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/11 17:12:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/11 17:11:27 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2011/07/11 17:06:49 | 000,471,298 | ---- | C] () -- C:\WINDOWS\wallpg.exe
[2011/07/11 16:50:37 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2011/07/11 16:30:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/07/11 16:29:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011/07/11 16:29:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011/07/11 16:29:03 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/07/11 16:29:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011/07/11 16:28:52 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011/07/11 16:28:44 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011/07/11 16:23:57 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/07/11 16:15:44 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/07/11 16:15:35 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/07/11 16:15:23 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/07/11 16:03:15 | 000,073,845 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/10/28 12:47:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/27 21:43:40 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/10/27 20:24:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/27 20:14:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/27 19:53:07 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/27 19:53:07 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/10/27 19:52:06 | 000,442,114 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/27 19:52:06 | 000,071,884 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/27 13:07:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/27 13:06:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\WINDOWS\tasks\User_Feed_Synchronization-{58EA9D84-8565-464C-9DCF-59B43ACA0438}.job:BDU
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\VEW.exe:BDU
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\tdsskiller.exe:BDU
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\spsetup113.exe:BDU
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\procexp.exe:BDU

< End of report >

OTL Extras logfile created on: 10/30/2011 2:43:10 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 498.96 Mb Available Physical Memory | 48.80% Memory free
2.40 Gb Paging File | 1.89 Gb Available in Paging File | 78.90% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.44 Gb Total Space | 73.05 Gb Free Space | 84.51% Space Free | Partition Type: NTFS
Drive D: | 6.71 Gb Total Space | 3.97 Gb Free Space | 59.19% Space Free | Partition Type: FAT32

Computer Name: YOUR-AD5B808096 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\1310422344\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1310422344\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Common Files\Java\Java Update\jusched.exe" = C:\Program Files\Common Files\Java\Java Update\jusched.exe:*:Disabled:Java™ Update Scheduler -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\dwwin.exe" = C:\WINDOWS\system32\dwwin.exe:*:Enabled:Microsoft Application Error Reporting -- (Microsoft Corporation)
"C:\Program Files\Google\Update\GoogleUpdate.exe" = C:\Program Files\Google\Update\GoogleUpdate.exe:*:Disabled:Google Installer -- (Google Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 29
"{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Internet Security 2012
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = TIxx21
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"America Online us" = America Online (Choose which version to remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"ATI Display Driver" = ATI Display Driver
"Bitdefender" = Bitdefender Internet Security 2012
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_0460107B" = SoftV92 Data Fax Modem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"ESET Online Scanner" = ESET Online Scanner v3
"ie8" = Windows Internet Explorer 8
"InstallShield_{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = Texas Instruments PCIxx21/x515 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money 2005
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Port Magic" = Pure Networks Port Magic
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 10/30/2011 1:41:05 AM | Computer Name = YOUR-AD5B808096 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058


< End of report >

Edited by clarissagraff, 30 October 2011 - 01:55 PM.

  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Can you submit one of these files to
http://virustotal.com and see what they say?

If it doesn't come back 0/43 or so please copy and paste the report.

Ron
  • 0

#14
clarissagraff

clarissagraff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Which file?
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Sorry. One of these:

[2011/10/27 13:38:21 | 000,051,539 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.2396.bin
[2011/10/27 13:38:21 | 000,040,061 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.2964.bin
[2011/10/27 13:38:21 | 000,032,384 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.3556.bin
[2011/10/27 13:38:21 | 000,007,497 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.3588.bin
[2011/10/27 13:37:30 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.4008.bin
[2011/10/27 13:35:32 | 000,004,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.836.bin
[2011/10/27 13:35:22 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.3592.bin
[2011/10/27 13:35:00 | 000,009,369 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.3384.bin

I don't trust random named files.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP