Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser redirect in IE9 [Solved]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

Advertisements


#17
fierohink

fierohink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Here is the OTL.txt:

OTL logfile created on: 11/23/2011 10:32:27 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 39.99% Memory free
6.21 Gb Paging File | 3.26 Gb Available in Paging File | 52.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.77 Gb Total Space | 18.46 Gb Free Space | 8.29% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.04 Gb Free Space | 40.39% Space Free | Partition Type: NTFS

Computer Name: WORK-LAPTOP | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/22 22:00:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
PRC - [2011/11/14 18:37:56 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/03 23:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe
PRC - [2011/05/05 22:59:58 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe
PRC - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/11/14 11:21:59 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Dan\Program Files\DNA\btdna.exe
PRC - [2009/05/12 16:50:32 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2009/05/12 16:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2009/04/23 05:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 05:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/30 00:50:06 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/12/22 04:26:46 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/22 04:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
PRC - [2008/12/22 04:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/10/16 13:58:30 | 001,668,344 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/07/17 07:00:36 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/07/17 07:00:18 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/07/17 07:00:18 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/07/17 07:00:16 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/07/09 14:31:46 | 001,616,976 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/14 10:13:02 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/02/16 11:58:12 | 000,856,064 | ---- | M] (Christian Diefer) -- C:\Program Files\I8kfanGUI\I8kfanGUI.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 17:52:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 17:52:31 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/12 17:52:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/12 17:52:12 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll
MOD - [2011/10/12 17:50:41 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\0d34a2f81f5d945e604ff66c1e64fc72\System.Xml.ni.dll
MOD - [2011/10/12 17:50:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/12 17:49:54 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/12 17:48:47 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/12 17:46:41 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2009/04/28 01:49:53 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3106.38533__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/04/28 01:49:52 | 001,687,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3106.38542__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009/04/28 01:49:52 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3106.38798__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/04/28 01:49:52 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3106.38494__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/04/28 01:49:52 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3106.38558__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/04/28 01:49:52 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3106.38756__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009/04/28 01:49:52 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3106.38714__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009/04/28 01:49:52 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3106.38664__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009/04/28 01:49:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3106.38517__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009/04/28 01:49:41 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3106.38724__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009/04/28 01:49:41 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3106.38795__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2009/04/28 01:49:41 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3106.38805__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/04/28 01:49:41 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3106.38731__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/04/28 01:49:41 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3106.38510__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/04/28 01:49:41 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3106.38723__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009/04/28 01:49:41 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3106.38795__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009/04/28 01:49:40 | 000,806,912 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3106.38668__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009/04/28 01:49:40 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3106.38746__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009/04/28 01:49:40 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3106.38565__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/04/28 01:49:40 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3106.38667__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009/04/28 01:49:39 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3106.38573__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009/04/28 01:49:39 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3106.38657__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009/04/28 01:49:39 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3106.38519__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009/04/28 01:49:39 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3106.38706__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2009/04/28 01:49:39 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3106.38666__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009/04/28 01:49:39 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3106.38579__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2009/04/28 01:49:39 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3106.38689__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009/04/28 01:49:39 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3106.38665__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009/04/28 01:49:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3106.38578__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009/04/28 01:49:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3106.38667__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009/04/28 01:49:39 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3106.38687__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009/04/28 01:49:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3106.38704__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009/04/28 01:49:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/04/28 01:49:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3091.17961__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/04/28 01:49:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3091.17980__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009/04/28 01:49:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/04/28 01:49:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3091.17978__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/04/28 01:49:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/04/28 01:49:39 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009/04/28 01:49:38 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3091.17957__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/04/28 01:49:38 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/04/28 01:49:38 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3091.17992__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/04/28 01:49:38 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009/04/28 01:49:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009/04/28 01:49:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3091.18001__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/04/28 01:49:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3091.17954__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/04/28 01:49:38 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3091.17956__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/04/28 01:49:38 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3091.18035__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/04/28 01:49:38 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3091.18001__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009/04/28 01:49:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3091.17981__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009/04/28 01:49:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/04/28 01:49:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3091.17968__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/04/28 01:49:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3091.17961__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/04/28 01:49:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3091.17977__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/04/28 01:49:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3091.17980__90ba9c70f846762e\DEM.OS.dll
MOD - [2009/04/28 01:49:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009/04/28 01:49:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3091.17981__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009/04/28 01:49:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009/04/28 01:49:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3091.17967__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/04/28 01:49:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3091.17987__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/04/28 01:49:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3091.17982__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/04/28 01:49:37 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3091.17993__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009/04/28 01:49:37 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009/04/28 01:49:37 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009/04/28 01:49:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3091.17992__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009/04/28 01:49:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3091.17976__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009/04/28 01:49:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3091.17988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009/04/28 01:49:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3091.17982__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009/04/28 01:49:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3091.17979__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009/04/28 01:49:37 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3091.17991__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009/04/28 01:49:37 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009/04/28 01:49:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3091.17983__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009/04/28 01:49:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3091.17977__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009/04/28 01:49:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009/04/28 01:49:33 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3106.38526__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009/04/28 01:49:33 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3106.38785__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/04/28 01:49:33 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3106.38782__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/04/28 01:49:33 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3106.38488__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009/04/28 01:49:33 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3106.38485__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009/04/28 01:49:33 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3091.17979__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/04/28 01:49:33 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3106.38822__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/04/28 01:49:33 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3091.17961__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009/04/28 01:49:33 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3091.17965__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/04/28 01:49:33 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3091.17978__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/04/28 01:49:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3091.17977__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/04/28 01:49:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3091.17977__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/04/28 01:49:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3091.17963__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2009/04/28 01:49:33 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009/04/28 01:49:33 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009/04/28 01:49:33 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3106.38837__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2009/04/28 01:49:33 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3106.38485__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/04/28 01:49:32 | 000,995,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3106.38503__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/04/28 01:49:32 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3106.38486__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009/04/28 01:49:32 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3106.38482__90ba9c70f846762e\APM.Server.dll
MOD - [2009/04/28 01:49:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3106.38484__90ba9c70f846762e\AEM.Server.dll
MOD - [2009/04/28 01:49:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/04/28 01:49:32 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009/04/28 01:49:32 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3106.38784__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/04/28 01:49:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3091.17993__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/04/16 12:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008/12/22 05:32:38 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2008/11/24 04:16:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007/03/31 09:01:40 | 000,032,768 | ---- | M] () -- C:\Windows\System32\jamsand.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/03 23:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)
SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/05/12 16:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2009/04/28 02:09:19 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/12/22 04:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/12/22 04:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/10/16 13:58:30 | 001,668,344 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/14 14:28:02 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20111114.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 15:28:01 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/09 15:28:01 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/25 21:33:43 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20111122.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/25 21:33:43 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20111122.034\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/22 23:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20111122.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/08/21 21:53:36 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1109000.00C\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/08/21 21:53:35 | 000,173,176 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1109000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2011/08/03 23:19:30 | 000,485,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1109000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/06/29 21:44:50 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1109000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1109000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1109000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/08 09:02:58 | 000,062,496 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2010/02/17 13:02:51 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/03 20:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1109000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/03/08 16:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 06:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/12/22 05:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/22 04:26:50 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/11/24 04:16:10 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/11/24 04:16:10 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/04 18:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/10/16 16:53:28 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/07/17 07:00:14 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/07/03 03:58:26 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/03 03:58:24 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/07/03 03:58:22 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/05/29 06:03:34 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/02/16 04:05:48 | 000,014,464 | ---- | M] (Christian Diefer) [Kernel | System | Running] -- C:\Windows\System32\drivers\fanio.sys -- (fanio)
DRV - [2004/07/22 07:36:16 | 000,042,240 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2plms.sys -- (ser2plms)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-924852286-1898195720-1985149314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-924852286-1898195720-1985149314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://delicious.com...nk?setcount=100
IE - HKU\S-1-5-21-924852286-1898195720-1985149314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-924852286-1898195720-1985149314-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Dan\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009/08/04 17:11:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\ [2011/07/19 22:33:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn_2010_9_0_6 [2011/11/22 21:22:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\firefoxext [2009/08/04 17:11:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Dan\Program Files\DNA [2011/11/22 21:22:31 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/11/18 11:30:57 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DigitalPersona Fingerprint Software Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-924852286-1898195720-1985149314-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-924852286-1898195720-1985149314-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-924852286-1898195720-1985149314-1000..\Run: [BitTorrent DNA] C:\Users\Dan\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-924852286-1898195720-1985149314-1000..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
O4 - Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-924852286-1898195720-1985149314-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-924852286-1898195720-1985149314-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C7C99E6-7C11-41CA-952E-F2D3B5C60190}: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E866485-450B-4114-A1D5-301C60A3B8CB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCB9C013-E0EE-4D1B-B66C-25B949C20DB8}: DhcpNameServer = 10.1.10.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O22 - SharedTaskScheduler: {6DC0D576-492C-4F72-811E-85544FC11520} - MapullmaDat - C:\Windows\System32\mapullma.dll ( )
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3a3b9d07-6079-11de-b1ab-002219ebee6b}\Shell - "" = AutoRun
O33 - MountPoints2\{3a3b9d07-6079-11de-b1ab-002219ebee6b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/22 22:00:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2011/11/16 18:22:21 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Malwarebytes
[2011/11/16 18:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/16 18:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/16 18:22:06 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/16 18:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/16 16:38:49 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Dan\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/14 19:39:02 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Dan\Desktop\aswMBR.exe
[2011/11/09 23:48:44 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\I8kfanGUI
[2011/11/09 23:48:43 | 000,014,464 | ---- | C] (Christian Diefer) -- C:\Windows\System32\drivers\fanio.sys
[2011/11/09 23:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\I8kfanGUI
[2011/11/07 20:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I8kfanGUI
[2011/10/29 16:12:22 | 000,000,000 | ---D | C] -- C:\Users\Dan\Documents\My Kindle Content
[2011/10/29 16:11:30 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2011/10/29 16:11:17 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Amazon
[2011/10/26 23:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/26 23:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/26 23:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2007/03/31 09:01:44 | 000,319,488 | ---- | C] ( ) -- C:\Windows\System32\mapullma.dll

========== Files - Modified Within 30 Days ==========

[2011/11/23 09:24:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/23 09:24:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/23 09:24:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/22 22:00:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2011/11/22 12:55:29 | 000,000,512 | ---- | M] () -- C:\Users\Dan\Desktop\MBR.dat
[2011/11/21 01:21:09 | 000,030,208 | ---- | M] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/19 19:49:13 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/19 19:49:13 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/18 11:55:43 | 000,289,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/18 11:30:57 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/11/16 18:22:12 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/16 16:38:50 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Dan\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/14 19:39:02 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Dan\Desktop\aswMBR.exe
[2011/11/11 15:31:29 | 021,073,936 | ---- | M] () -- C:\Users\Dan\Documents\vlc-1.1.11-win32.exe
[2011/11/09 23:48:46 | 000,000,828 | ---- | M] () -- C:\Users\Dan\Desktop\I8kfanGUI.lnk
[2011/11/09 21:41:54 | 000,007,512 | ---- | M] () -- C:\Users\Dan\AppData\Local\d3d9caps.dat
[2011/10/30 09:00:46 | 000,002,010 | ---- | M] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Kindle.lnk
[2011/10/29 16:11:40 | 000,002,010 | ---- | M] () -- C:\Users\Dan\Desktop\Kindle.lnk
[2011/10/26 23:30:53 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2011/11/16 18:22:11 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/14 20:50:47 | 000,000,512 | ---- | C] () -- C:\Users\Dan\Desktop\MBR.dat
[2011/11/09 23:48:45 | 000,000,828 | ---- | C] () -- C:\Users\Dan\Desktop\I8kfanGUI.lnk
[2011/10/30 09:00:46 | 000,002,010 | ---- | C] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Kindle.lnk
[2011/10/29 16:11:37 | 000,002,010 | ---- | C] () -- C:\Users\Dan\Desktop\Kindle.lnk
[2011/10/26 23:30:52 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/01/05 20:13:12 | 000,001,940 | ---- | C] () -- C:\Users\Dan\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/26 18:19:35 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2010/10/26 18:19:35 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2009/09/04 21:42:10 | 000,000,862 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\wklnhst.dat
[2009/08/04 13:30:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/04 13:30:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/17 16:30:06 | 000,158,189 | ---- | C] () -- C:\Windows\System32\UserGcnv.exe
[2009/05/13 06:33:10 | 000,007,512 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d9caps.dat
[2009/05/10 14:34:14 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/10 14:34:13 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/05 16:56:38 | 000,030,208 | ---- | C] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/28 04:22:24 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/04/28 04:22:24 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/04/28 04:22:24 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/04/28 04:22:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009/04/28 04:17:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/28 02:01:57 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/04/28 01:50:20 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/04/28 01:50:19 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/04/28 01:50:18 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2009/04/27 20:30:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/03/31 09:01:40 | 000,032,768 | ---- | C] () -- C:\Windows\System32\jamsand.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,289,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/08/18 20:52:10 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Amazon
[2010/11/04 20:27:55 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Any Video Converter
[2011/11/23 11:04:03 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\BitTorrent
[2010/10/26 17:19:00 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Boilsoft
[2010/02/20 03:29:35 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\BoneTown
[2009/05/04 09:24:16 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DigitalPersona
[2011/11/23 10:54:14 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DNA
[2011/03/08 11:50:53 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ImgBurn
[2009/06/03 15:01:24 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\OpenOffice.org
[2009/09/04 21:41:46 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Template
[2010/07/24 18:54:40 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Tific
[2011/11/22 21:20:35 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/15 15:10:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5BD994E3-6538-49E2-AF71-29D4E32E66BA}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/04/28 04:15:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/28 04:15:33 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/28 04:15:33 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/28 04:15:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< >

< End of report >
  • 0

#18
fierohink

fierohink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Here is the Extras.txt:

OTL Extras logfile created on: 11/23/2011 10:32:27 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 39.99% Memory free
6.21 Gb Paging File | 3.26 Gb Available in Paging File | 52.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.77 Gb Total Space | 18.46 Gb Free Space | 8.29% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.04 Gb Free Space | 40.39% Space Free | Partition Type: NTFS

Computer Name: WORK-LAPTOP | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00945256-F51F-4F38-9DA8-FB1E2BBA07EA}" = lport=445 | protocol=6 | dir=in | app=system |
"{046ABFEE-0B7E-4C0C-9D57-DA055292E85A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0FF0CBEE-D2A6-45F8-82E5-BFAE170D780D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1A5AD457-E889-4291-859F-0B3ACE12ED8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2046CE3F-0856-476D-8EB0-8D0A2F3E28EA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2EE016E9-40DA-4481-AE46-D8666D120645}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B43C70E-527D-4594-A86D-E72A21651B25}" = lport=137 | protocol=17 | dir=in | app=system |
"{407C3177-BA97-4C8F-B42E-484801712C37}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{46413C07-A78F-4431-BB4C-83299DCAB821}" = lport=139 | protocol=6 | dir=in | app=system |
"{556EB969-7D38-4389-A8BE-AFB8EF9806B4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{56B7F6D3-B750-4899-9297-1553E121A931}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5DF61243-0256-40F5-BF3F-A0C5CCD92F04}" = rport=138 | protocol=17 | dir=out | app=system |
"{7A9668D3-E270-4422-845C-B7560D0C6FF5}" = rport=137 | protocol=17 | dir=out | app=system |
"{8092CB5F-BAFD-4029-9C37-6B3FC1D098E7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{85D2E033-112D-4777-8A61-66236A1AB967}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{86ED2828-875D-46DF-BCC1-48057ECF8D2F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8E4D8380-3FDC-4E76-8393-79AD8B3252AC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9008871C-9879-40AB-8872-202163F512FD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{91C50DAF-9A42-4D30-88AD-71E16B50E197}" = rport=445 | protocol=6 | dir=out | app=system |
"{9BF594EB-E9E6-45DA-A11A-6C99E7CAC5F9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ACB9481D-961F-4632-9A4F-43779A1569CF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B22824B6-D577-4D56-9696-D5F3A29113D4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3046414-760B-48B8-AAF5-BCBCBB7A605D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA15E169-00AD-4E6E-85D2-6A6925845454}" = lport=138 | protocol=17 | dir=in | app=system |
"{BB96125F-2AED-43CE-8758-C8521E9770BA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BDAA6F78-2ED0-463B-89EE-C74C38E4225B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CCBB113D-D8A1-4E58-A350-DCD6AD1A42D3}" = rport=139 | protocol=6 | dir=out | app=system |
"{D805DBF7-8D36-4CF0-BF5F-5AF7F0667F52}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EF143CD9-120E-4062-BF7C-2C1E7B5961AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F7560D-FF30-49AA-AF01-68FD0C03EBA2}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{04F10A89-1A80-4A84-BE58-7360F07096BF}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{0E716D7B-160A-4820-9B7B-A98E52ED79F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0ED9BD29-D8E8-4437-8FDD-81BB91D4F4A8}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{0F44099E-2B02-470C-AB21-66BFC5E7F32B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{17FE5D16-AF8F-4883-B23D-6CF16D189463}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{214B29DB-DAF0-4ACC-A5BC-FB546F6993A5}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe |
"{2AEF952D-AE4E-4027-8FE1-CB7BBCEAAC20}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2FD5CD45-EC27-4667-91A6-5F384A0A48FE}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{3B5A7A1B-E3E5-4167-8214-16B30C00A455}" = protocol=6 | dir=out | app=system |
"{3D12ABD9-3052-466C-B93C-EB530CCC2FC5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{416A21CC-DE30-42A6-831F-1AC34C1E6183}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4F792962-673F-4E91-930E-3C42ADC62617}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
"{54A2E532-6F7B-4DA9-884D-D63956EF0593}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{56A6F37E-FA48-4141-BDE9-E104056FF5E6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
"{5DA24310-C006-4865-B937-28059F41A1AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61CAE387-FC1F-489B-B2CE-5E75CE882B07}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{6795CEAB-C8B1-46BC-A681-11E6CD0B397C}" = protocol=1 | dir=out | [email protected],-28544 |
"{71F422FB-3ED3-45D4-93BF-D6BBF9AA48D4}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{7613695F-4729-45CD-81DE-226411082F4F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{782312E8-2A3D-43C6-B468-576026AD7943}" = protocol=1 | dir=in | [email protected],-28543 |
"{7987EF8B-0AC0-4D93-924F-F5CFDBE1437C}" = protocol=58 | dir=out | [email protected],-28546 |
"{7E8528C4-4D9A-45DF-89AE-BD144BE4B9AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8B962E04-C824-4862-9E6E-548D98DB981B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96F95CF1-3254-44C5-A60D-4801868FE7C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98D584A1-8F2B-426F-BF5C-144734C15AA0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9AB754D6-0E3A-4F3F-9C1A-0BAFB343839A}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe |
"{A13E085E-0706-4F57-82F7-E190A28578EF}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{A22CB9AA-8C0A-4349-9078-7CB062AF4189}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A638CB72-1095-4DF6-90C2-2C9CB82BC802}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{A7DABAB1-36BF-41E2-8481-EDF886F1CDAB}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{A9F7B2A1-90E4-473E-BF5C-395BCD7200CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0B6552B-E43F-409B-852D-1A1F3F781900}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{C825472E-00AC-4F4D-966C-821AE49862C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D05B3EAD-ABE0-4BF2-84E8-14DA23EB2C41}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{D8629679-F4C7-4383-9E91-BFB56BAD7EB1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F0690C81-86CF-4750-9A2F-D483861846DA}" = protocol=58 | dir=in | [email protected],-28545 |
"{F7AA1263-6061-4A5E-8A6F-2D3FD3A893C4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{FCBF72BE-A5E9-4BBD-AB52-1D066CAC238D}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"TCP Query User{9659436E-0630-4927-93AF-144A6060F0CD}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{B6502666-9D24-41DE-8ECB-053C67935036}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{BF813ECE-D066-4685-B7CB-48932AD9BAA2}C:\users\dan\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\dan\program files\dna\btdna.exe |
"TCP Query User{F7D01E70-0A3B-4856-B825-9C0F93589064}C:\users\dan\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\dan\program files\dna\btdna.exe |
"UDP Query User{56463BEA-D113-455A-9451-D8881B7AAB66}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{72413E09-B334-479A-9A53-8D36168B2078}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{F4534A35-C381-4C32-A0AF-7D472789ED69}C:\users\dan\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\dan\program files\dna\btdna.exe |
"UDP Query User{F9479DFD-C766-48A4-AE4D-94E891D2587A}C:\users\dan\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\dan\program files\dna\btdna.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0709B06B-82BC-6073-0E43-DE107DF1389C}" = Catalyst Control Center Localization Spanish
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{11D03BF4-A66F-325E-7762-4F64586C673F}" = Catalyst Control Center Graphics Full New
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15EB6A85-A28D-2ED8-C344-DEBC592F2E12}" = Catalyst Control Center Localization German
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{255909FA-8E58-4BC2-A83A-3C71EB5DD6EC}" = EarthLink Setup Files
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 29
"{28C3CD30-2DF4-FEFA-3F4E-D6C1C3257FCE}" = ccc-core-static
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars Knights of the Old Republic
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{32C2CBBB-4540-E526-206D-B7BC7932D82F}" = CCC Help Danish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8AE086-030F-4EF4-B705-63F8130B043E}" = DigitalPersona Personal 4.01
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{425819E1-D68E-8CE1-85D5-CDBA64E82DDE}" = CCC Help Japanese
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4392E2AF-1643-29DA-E873-C94D547467D7}" = Catalyst Control Center Localization Swedish
"{44FDDB51-0E97-DD4A-9FB2-8D394DBEE47F}" = CCC Help Dutch
"{48C86A94-A6C0-D2D0-1649-ECB00D2DF4DE}" = Catalyst Control Center Localization Norwegian
"{48CC1AD8-2013-82B3-284F-E0253195664F}" = Catalyst Control Center Localization French
"{496C34BF-9DE5-9628-48CC-052DD6A8453E}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4D109A-D9C4-E460-4F9A-0252F581D600}" = CCC Help Swedish
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57847CB0-95DA-D785-B170-1F00FC79B860}" = Catalyst Control Center Localization Chinese Traditional
"{5A72A2C4-9D4A-0718-DA28-95B73C2270DA}" = Catalyst Control Center Localization Danish
"{5E7C721D-B008-4269-A1C4-2CE7E9757983}" = BoneTown
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{682FED0E-738E-0048-F448-B3EE427978CC}" = Catalyst Control Center Localization Japanese
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B00208E-2844-7480-5F50-6515A5907F0B}" = CCC Help Norwegian
"{6DA93E66-5FA8-44ED-9CCA-40773444C10D}" = HP Deskjet 3050 J610 series Basic Device Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E12A66-1AEC-3816-E75A-330998F2D40C}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79FBDD2E-DD2B-141A-DCF0-B8C125B5A008}" = Catalyst Control Center Graphics Previews Vista
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C63DFEB-6176-C3F1-AA83-F997E32B44EA}" = Catalyst Control Center Localization Portuguese
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{84557D91-D8C7-D7A4-1393-3AB3A16106C7}" = CCC Help Chinese Traditional
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9266D931-C05C-86F5-B74A-B1A382249916}" = Catalyst Control Center Localization Italian
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94333A1C-DC4A-E70F-FA92-16AB6F2443D6}" = Catalyst Control Center Graphics Full Existing
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974BBAF1-048D-4230-2254-62FEA00B18E9}" = Skins
"{998D91BE-65FE-8B9D-5C6E-1D52401EAAA1}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB377EE-454D-374C-C309-D2DFA9AB535B}" = CCC Help Italian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A4874CD2-6942-E7A7-3690-277B9CB56DF5}" = Catalyst Control Center Graphics Light
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B578DD15-CB17-CBB8-611E-D1AE7D5568AC}" = Catalyst Control Center Graphics Previews Common
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BC5C42B3-CE50-8D5E-A495-6C48C0FF6336}" = CCC Help Portuguese
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEFFB92B-8238-E6B7-E9D4-494BA407E593}" = Catalyst Control Center Localization Korean
"{BFC19AEE-8C4D-65BF-3BAE-729D1252E86C}" = Catalyst Control Center InstallProxy
"{C177F7FD-C061-003B-47F6-41483424517B}" = Catalyst Control Center Localization Chinese Standard
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3171626-2269-7CF9-82AC-7BFC534A0E6A}" = ccc-utility
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D86C72D4-57DB-D59E-1FE3-9ED8819B28C4}" = Catalyst Control Center Localization Russian
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DAD207CE-44D2-0C73-198B-8DD3B4F27426}" = CCC Help Spanish
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E1497C00-2605-433E-822E-3E82649CE056}" = HP Deskjet 3050 J610 series Product Improvement Study
"{E1ED3247-902C-9B94-31AB-81572A6D77AA}" = Catalyst Control Center Localization Dutch
"{E374F278-E64E-D574-332F-AE9241580749}" = CCC Help Chinese Standard
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E60E58A1-6093-3DFC-C382-3702EFB40F0E}" = CCC Help French
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E87A027B-8051-4323-1B8D-34CB90A9EEBE}" = CCC Help German
"{EAD1C99F-6325-E477-C94C-58B2DB656959}" = Catalyst Control Center Localization Finnish
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2393654-7D1F-48B3-9E4C-4007D120ABB8}" = AuthenTec Fingerprint Software
"{F343FA04-CFC0-487C-A617-A5E8CF4D7B10}" = Image Grabber II.NET
"{F688B66F-AC95-809B-0056-154AF871D5EF}" = CCC Help Finnish
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{FC41BB0E-F005-F0B8-9040-18E935D752E7}" = CCC Help Russian
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"7-Zip" = 7-Zip 4.65
"A4680BD43717441189C52EBF2C4FD6B182EE1101" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"Any Video Converter_is1" = Any Video Converter 2.7.3
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"GoToAssist" = GoToAssist 8.0.0.514
"I8kfanGUI" = I8kfanGUI V3.1
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MediaInfo" = MediaInfo 0.7.36
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NIS" = Norton Internet Security
"Rhapsody" = Rhapsody
"Ultra Video Joiner_is1" = Ultra Video Joiner 5.2.0104
"VLC media player" = VLC media player 1.0.5
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3c
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-924852286-1898195720-1985149314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/13/2011 12:19:37 AM | Computer Name = Work-Laptop | Source = EventSystem | ID = 4621
Description =

Error - 11/13/2011 11:11:48 AM | Computer Name = Work-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 11/14/2011 7:35:24 PM | Computer Name = Work-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 11/14/2011 10:09:19 PM | Computer Name = Work-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 11/15/2011 10:43:27 AM | Computer Name = Work-Laptop | Source = EventSystem | ID = 4621
Description =

Error - 11/15/2011 10:45:36 AM | Computer Name = Work-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 11/15/2011 7:08:41 PM | Computer Name = Work-Laptop | Source = EventSystem | ID = 4621
Description =

Error - 11/15/2011 7:11:34 PM | Computer Name = Work-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 11/15/2011 7:59:13 PM | Computer Name = Work-Laptop | Source = Application Error | ID = 1000
Description = Faulting application OTL.exe, version 3.2.31.0, time stamp 0x2a425e19,
faulting module MSCTF.dll, version 6.0.6002.18005, time stamp 0x49e03793, exception
code 0xc0000005, fault offset 0x000015ca, process id 0x112c, application start time
0x01cca3eee97f62ea.

Error - 11/15/2011 9:44:40 PM | Computer Name = Work-Laptop | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11/20/2011 9:32:08 AM | Computer Name = Work-Laptop | Source = DCOM | ID = 10016
Description =

Error - 11/20/2011 12:10:35 PM | Computer Name = Work-Laptop | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =

Error - 11/20/2011 12:11:34 PM | Computer Name = Work-Laptop | Source = DCOM | ID = 10016
Description =

Error - 11/20/2011 5:59:04 PM | Computer Name = Work-Laptop | Source = DCOM | ID = 10016
Description =

Error - 11/21/2011 11:43:56 AM | Computer Name = Work-Laptop | Source = DCOM | ID = 10016
Description =

Error - 11/22/2011 11:03:54 AM | Computer Name = Work-Laptop | Source = DCOM | ID = 10016
Description =

Error - 11/22/2011 2:02:55 PM | Computer Name = Work-Laptop | Source = DCOM | ID = 10016
Description =

Error - 11/22/2011 8:35:33 PM | Computer Name = Work-Laptop | Source = DCOM | ID = 10016
Description =

Error - 11/22/2011 10:23:27 PM | Computer Name = Work-Laptop | Source = DCOM | ID = 10016
Description =

Error - 11/23/2011 10:24:18 AM | Computer Name = Work-Laptop | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.121 for the Network Card with network
address 00242C3147C5 has been denied by the DHCP server 10.1.10.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
And it is only IE that uis redirecting ?

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#20
fierohink

fierohink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
And here is the aswMBR report:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-14 19:39:38
-----------------------------
19:39:38.540 OS Version: Windows 6.0.6002 Service Pack 2
19:39:38.540 Number of processors: 2 586 0x170A
19:39:38.542 ComputerName: WORK-LAPTOP UserName: Dan
19:40:11.025 Initialize success
19:41:54.240 AVAST engine defs: 11111401
19:42:33.933 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:42:33.936 Disk 0 Vendor: WDC_WD2500BEVT-75ZCT2 11.01A11 Size: 238475MB BusType: 3
19:42:35.977 Disk 0 MBR read successfully
19:42:35.982 Disk 0 MBR scan
19:42:35.992 Disk 0 Windows VISTA default MBR code
19:42:35.999 Disk 0 scanning sectors +488394752
19:42:36.098 Disk 0 scanning C:\Windows\system32\drivers
19:42:54.847 Service scanning
19:42:56.096 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
19:42:56.666 Modules scanning
19:43:08.717 Disk 0 trace - called modules:
19:43:08.738 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x851241f8]<<
19:43:08.742 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8525b528]
19:43:09.083 3 CLASSPNP.SYS[8a3ab8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x851cd390]
19:43:09.092 \Driver\atapi[0x851cb978] -> IRP_MJ_CREATE -> 0x851241f8
19:43:10.475 AVAST engine scan C:\Windows
19:43:15.318 AVAST engine scan C:\Windows\system32
19:44:28.735 File: C:\Windows\system32\jamsand.dll **INFECTED** Win32:Adware-gen [Adw]
19:47:00.429 AVAST engine scan C:\Windows\system32\drivers
19:47:22.944 AVAST engine scan C:\Users\Dan
20:30:33.052 AVAST engine scan C:\ProgramData
20:35:35.595 Scan finished successfully
20:50:47.412 Disk 0 MBR has been saved successfully to "C:\Users\Dan\Desktop\MBR.dat"
20:50:47.420 The log file has been saved successfully to "C:\Users\Dan\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-22 11:35:06
-----------------------------
11:35:06.437 OS Version: Windows 6.0.6002 Service Pack 2
11:35:06.437 Number of processors: 2 586 0x170A
11:35:06.439 ComputerName: WORK-LAPTOP UserName: Dan
11:36:04.150 Initialize success
11:37:10.252 AVAST engine defs: 11112200
11:37:32.202 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:37:32.210 Disk 0 Vendor: WDC_WD2500BEVT-75ZCT2 11.01A11 Size: 238475MB BusType: 3
11:37:34.237 Disk 0 MBR read successfully
11:37:34.241 Disk 0 MBR scan
11:37:34.251 Disk 0 Windows VISTA default MBR code
11:37:34.258 Disk 0 scanning sectors +488394752
11:37:34.355 Disk 0 scanning C:\Windows\system32\drivers
11:37:50.979 Service scanning
11:37:51.937 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
11:37:52.517 Modules scanning
11:37:58.994 Disk 0 trace - called modules:
11:37:59.017 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x851241f8]<<
11:37:59.022 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85396858]
11:37:59.372 3 CLASSPNP.SYS[8a3a58b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8437eb98]
11:37:59.378 \Driver\atapi[0x8520db88] -> IRP_MJ_CREATE -> 0x851241f8
11:38:01.698 AVAST engine scan C:\Windows
11:38:05.565 AVAST engine scan C:\Windows\system32
11:39:09.167 File: C:\Windows\system32\jamsand.dll **INFECTED** Win32:Adware-gen [Adw]
11:41:07.544 AVAST engine scan C:\Windows\system32\drivers
11:41:23.627 AVAST engine scan C:\Users\Dan
12:44:59.838 AVAST engine scan C:\ProgramData
12:51:45.290 Scan finished successfully
12:55:29.363 Disk 0 MBR has been saved successfully to "C:\Users\Dan\Desktop\MBR.dat"
12:55:29.389 The log file has been saved successfully to "C:\Users\Dan\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-23 13:52:27
-----------------------------
13:52:27.997 OS Version: Windows 6.0.6002 Service Pack 2
13:52:28.001 Number of processors: 2 586 0x170A
13:52:28.010 ComputerName: WORK-LAPTOP UserName: Dan
13:52:35.587 Initialize success
13:52:48.831 AVAST engine defs: 11112200
13:52:54.539 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:52:54.550 Disk 0 Vendor: WDC_WD2500BEVT-75ZCT2 11.01A11 Size: 238475MB BusType: 3
13:52:56.612 Disk 0 MBR read successfully
13:52:56.618 Disk 0 MBR scan
13:52:56.633 Disk 0 Windows VISTA default MBR code
13:52:56.641 Disk 0 scanning sectors +488394752
13:52:57.228 Disk 0 scanning C:\Windows\system32\drivers
13:53:30.352 Service scanning
13:53:31.849 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
13:53:32.528 Modules scanning
13:53:39.749 Disk 0 trace - called modules:
13:53:39.787 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x851241f8]<<
13:53:39.799 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8536c620]
13:53:40.149 3 CLASSPNP.SYS[8a3a58b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8437eb98]
13:53:40.162 \Driver\atapi[0x85211c48] -> IRP_MJ_CREATE -> 0x851241f8
13:53:42.141 AVAST engine scan C:\Windows
13:53:46.856 AVAST engine scan C:\Windows\system32
13:54:59.854 File: C:\Windows\system32\jamsand.dll **INFECTED** Win32:Adware-gen [Adw]
13:57:45.037 AVAST engine scan C:\Windows\system32\drivers
13:58:17.200 AVAST engine scan C:\Users\Dan
15:03:49.209 AVAST engine scan C:\ProgramData
15:09:05.904 Scan finished successfully
15:33:54.728 Disk 0 MBR has been saved successfully to "C:\Users\Dan\Desktop\MBR.dat"
15:33:54.780 The log file has been saved successfully to "C:\Users\Dan\Desktop\aswMBR.txt"
  • 0

#21
fierohink

fierohink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I only run IE on this particular machine. I will reboot and run Combofix and provide my txt files shortly.
  • 0

#22
fierohink

fierohink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Here is the ComboFix.txt:

ComboFix 11-11-23.01 - Dan 11/23/2011 15:46:12.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3066.1888 [GMT -5:00]
Running from: c:\users\Dan\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-23 20:58 . 2011-11-23 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-23 02:22 . 2011-11-23 02:22 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E70E24A0-17B1-4E77-A898-BCA1AA3FCA93}\offreg.dll
2011-11-22 15:09 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E70E24A0-17B1-4E77-A898-BCA1AA3FCA93}\mpengine.dll
2011-11-16 23:22 . 2011-11-16 23:22 -------- d-----w- c:\users\Dan\AppData\Roaming\Malwarebytes
2011-11-16 23:22 . 2011-11-16 23:22 -------- d-----w- c:\programdata\Malwarebytes
2011-11-16 23:22 . 2011-11-16 23:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-16 23:22 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-10 04:48 . 2007-02-16 09:05 14464 ----a-w- c:\windows\system32\drivers\fanio.sys
2011-11-10 04:48 . 2011-11-10 04:48 -------- d-----w- c:\program files\I8kfanGUI
2011-11-08 19:59 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-08 19:59 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 19:58 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-10-29 21:11 . 2011-10-29 21:12 -------- d-----w- c:\users\Dan\AppData\Local\Amazon
2011-10-27 04:31 . 2011-10-27 04:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-10-27 04:31 . 2011-10-27 04:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-10-27 04:31 . 2011-10-27 04:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-10-27 04:31 . 2011-10-27 04:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-10-27 04:31 . 2011-10-27 04:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-10-27 04:31 . 2011-10-27 04:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-10-27 04:31 . 2011-10-27 04:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-10-27 04:30 . 2011-10-27 04:31 -------- d-----w- c:\program files\QuickTime
2011-10-27 04:30 . 2011-10-27 04:30 -------- d-----w- c:\programdata\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 23:37 . 2011-05-25 13:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-03 09:06 . 2010-04-16 23:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-06 13:30 . 2011-10-12 19:54 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35 . 2011-10-12 22:34 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-12 22:34 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-12 22:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\users\Dan\Program Files\DNA\btdna.exe" [2009-11-14 323392]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-02-19 438403]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-22 483420]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{6DC0D576-492C-4F72-811E-85544FC11520}"= "c:\windows\system32\mapullma.dll" [2007-03-31 319488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-04-28 07:09 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-10-16 482176]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-17 691696]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1109000.00C\SYMDS.SYS [2010-02-04 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1109000.00C\SYMEFA.SYS [2011-08-22 173176]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20111114.002\BHDrvx86.sys [2011-11-14 819320]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1109000.00C\ccHPx86.sys [2011-08-04 485512]
S1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2007-02-16 14464]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20111122.030\IDSvix86.sys [2011-08-23 368248]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1109000.00C\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1109000.00C\SYMTDIV.SYS [2011-08-22 340088]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-22 81920]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-10-16 1668344]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 106104]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-03-08 62496]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-05-29 203264]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2010-12-15 c:\windows\Tasks\User_Feed_Synchronization-{5BD994E3-6538-49E2-AF71-29D4E32E66BA}.job
- c:\windows\system32\msfeedssync.exe [2011-04-26 01:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://delicious.com/fierohink?setcount=100
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 10.1.10.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-23 15:58
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(644)
c:\windows\system32\DPPWDFLT.dll
.
- - - - - - - > 'Explorer.exe'(5388)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
c:\program files\Essentials Codec Pack\Gabset\VSFilter.dll
c:\program files\Essentials Codec Pack\Gabset\FLVSplitter.ax
c:\program files\Essentials Codec Pack\WavPack\WavPackDSSplitter.ax
c:\windows\system32\AVERM.dll
c:\program files\Essentials Codec Pack\Haali\splitter.ax
c:\program files\Essentials Codec Pack\Haali\mkzlib.dll
c:\program files\Essentials Codec Pack\Haali\mkunicode.dll
c:\windows\system32\mapullma.dll
c:\windows\system32\JamsaNd.dll
c:\program files\DigitalPersona\Bin\DpFbview.dll
.
Completion time: 2011-11-23 16:08:41
ComboFix-quarantined-files.txt 2011-11-23 21:08
.
Pre-Run: 20,924,248,064 bytes free
Post-Run: 20,946,726,912 bytes free
.
- - End Of File - - 3C16D183E49353AC4B22FE513735BF9A
  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm combofix is not even seeing it

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#24
fierohink

fierohink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Upon first use of IE after reboot post ComboFix run, Rmyeildmanager.com both redirected my page from cookingforengineers.com and added a pop-up for rmyieldmanager.com.

I think I still need to do more work.
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you use Yahoo mail ?
  • 0

Advertisements


#26
fierohink

fierohink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
No I use either hotmail, gmail, or OWA for work
  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run TDSSKiller please to double check the MBR
  • 0

#28
fierohink

fierohink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
TDDS sad it did't find anything.

Here is the log file:

17:10:39.0799 4724 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
17:10:40.0466 4724 ============================================================
17:10:40.0466 4724 Current date / time: 2011/11/23 17:10:40.0466
17:10:40.0466 4724 SystemInfo:
17:10:40.0466 4724
17:10:40.0466 4724 OS Version: 6.0.6002 ServicePack: 2.0
17:10:40.0466 4724 Product type: Workstation
17:10:40.0467 4724 ComputerName: WORK-LAPTOP
17:10:40.0467 4724 UserName: Dan
17:10:40.0467 4724 Windows directory: C:\Windows
17:10:40.0467 4724 System windows directory: C:\Windows
17:10:40.0467 4724 Processor architecture: Intel x86
17:10:40.0467 4724 Number of processors: 2
17:10:40.0467 4724 Page size: 0x1000
17:10:40.0467 4724 Boot type: Normal boot
17:10:40.0467 4724 ============================================================
17:10:42.0273 4724 Initialize success
17:11:04.0162 5920 ============================================================
17:11:04.0162 5920 Scan started
17:11:04.0162 5920 Mode: Manual; SigCheck; TDLFS;
17:11:04.0162 5920 ============================================================
17:11:05.0491 5920 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:11:05.0651 5920 ACPI - ok
17:11:05.0754 5920 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:11:05.0810 5920 adp94xx - ok
17:11:05.0857 5920 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:11:05.0886 5920 adpahci - ok
17:11:05.0909 5920 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:11:05.0934 5920 adpu160m - ok
17:11:05.0968 5920 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:11:05.0994 5920 adpu320 - ok
17:11:06.0076 5920 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:11:06.0197 5920 AFD - ok
17:11:06.0261 5920 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
17:11:06.0308 5920 agp440 - ok
17:11:06.0359 5920 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:11:06.0412 5920 aic78xx - ok
17:11:06.0442 5920 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:11:06.0468 5920 aliide - ok
17:11:06.0506 5920 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:11:06.0554 5920 amdagp - ok
17:11:06.0578 5920 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:11:06.0604 5920 amdide - ok
17:11:06.0629 5920 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:11:06.0792 5920 AmdK7 - ok
17:11:06.0872 5920 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
17:11:06.0953 5920 AmdK8 - ok
17:11:07.0019 5920 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
17:11:07.0090 5920 AmdLLD - ok
17:11:07.0126 5920 ApfiltrService (1de27858a431a5749e0f3df54ba935b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
17:11:07.0202 5920 ApfiltrService - ok
17:11:07.0283 5920 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:11:07.0327 5920 arc - ok
17:11:07.0374 5920 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:11:07.0400 5920 arcsas - ok
17:11:07.0446 5920 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:11:07.0520 5920 AsyncMac - ok
17:11:07.0565 5920 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:11:07.0589 5920 atapi - ok
17:11:07.0725 5920 atikmdag (47dcf5d78c395159d72c65c25129fc44) C:\Windows\system32\DRIVERS\atikmdag.sys
17:11:08.0402 5920 atikmdag - ok
17:11:08.0565 5920 ATSwpWDF (40e3212da94acf9e120c30acebc6ea80) C:\Windows\system32\Drivers\ATSwpWDF.sys
17:11:08.0666 5920 ATSwpWDF - ok
17:11:08.0772 5920 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
17:11:08.0820 5920 BCM42RLY - ok
17:11:08.0899 5920 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
17:11:09.0066 5920 BCM43XX - ok
17:11:09.0167 5920 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:11:09.0285 5920 Beep - ok
17:11:09.0479 5920 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20111114.002\BHDrvx86.sys
17:11:09.0565 5920 BHDrvx86 - ok
17:11:09.0686 5920 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:11:09.0752 5920 blbdrive - ok
17:11:09.0803 5920 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:11:09.0900 5920 bowser - ok
17:11:09.0986 5920 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:11:10.0142 5920 BrFiltLo - ok
17:11:10.0185 5920 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:11:10.0257 5920 BrFiltUp - ok
17:11:10.0326 5920 Bridge (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
17:11:10.0422 5920 Bridge - ok
17:11:10.0453 5920 BridgeMP (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
17:11:10.0524 5920 BridgeMP - ok
17:11:10.0621 5920 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:11:10.0888 5920 Brserid - ok
17:11:10.0981 5920 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:11:11.0125 5920 BrSerWdm - ok
17:11:11.0174 5920 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:11:11.0264 5920 BrUsbMdm - ok
17:11:11.0290 5920 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:11:11.0361 5920 BrUsbSer - ok
17:11:11.0405 5920 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:11:11.0480 5920 BTHMODEM - ok
17:11:11.0568 5920 catchme - ok
17:11:11.0707 5920 ccHP (1fa1c0e73eca849bed29a47c508f7f17) C:\Windows\system32\drivers\NIS\1109000.00C\ccHPx86.sys
17:11:11.0786 5920 ccHP - ok
17:11:11.0878 5920 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:11:11.0982 5920 cdfs - ok
17:11:12.0044 5920 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:11:12.0139 5920 cdrom - ok
17:11:12.0180 5920 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
17:11:12.0235 5920 circlass - ok
17:11:12.0282 5920 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:11:12.0313 5920 CLFS - ok
17:11:12.0372 5920 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:11:12.0438 5920 CmBatt - ok
17:11:12.0480 5920 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:11:12.0505 5920 cmdide - ok
17:11:12.0535 5920 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:11:12.0577 5920 Compbatt - ok
17:11:12.0605 5920 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:11:12.0632 5920 crcdisk - ok
17:11:12.0666 5920 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:11:12.0725 5920 Crusoe - ok
17:11:12.0787 5920 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:11:12.0854 5920 DfsC - ok
17:11:12.0932 5920 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:11:12.0989 5920 disk - ok
17:11:13.0074 5920 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:11:13.0158 5920 drmkaud - ok
17:11:13.0259 5920 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:11:13.0331 5920 DXGKrnl - ok
17:11:13.0446 5920 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
17:11:13.0528 5920 e1express - ok
17:11:13.0567 5920 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:11:13.0625 5920 E1G60 - ok
17:11:13.0705 5920 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:11:13.0755 5920 Ecache - ok
17:11:13.0841 5920 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:11:13.0888 5920 eeCtrl - ok
17:11:14.0021 5920 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:11:14.0082 5920 elxstor - ok
17:11:14.0119 5920 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:11:14.0178 5920 EraserUtilRebootDrv - ok
17:11:14.0296 5920 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
17:11:14.0361 5920 ErrDev - ok
17:11:14.0451 5920 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:11:14.0577 5920 exfat - ok
17:11:14.0669 5920 fanio (0dd24dabb0b8c4ac0d8f2ebf0492276a) C:\Windows\system32\drivers\fanio.sys
17:11:14.0734 5920 fanio ( UnsignedFile.Multi.Generic ) - warning
17:11:14.0734 5920 fanio - detected UnsignedFile.Multi.Generic (1)
17:11:14.0809 5920 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:11:14.0878 5920 fastfat - ok
17:11:14.0941 5920 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:11:15.0008 5920 fdc - ok
17:11:15.0054 5920 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:11:15.0082 5920 FileInfo - ok
17:11:15.0109 5920 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:11:15.0178 5920 Filetrace - ok
17:11:15.0221 5920 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:11:15.0292 5920 flpydisk - ok
17:11:15.0338 5920 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:11:15.0382 5920 FltMgr - ok
17:11:15.0543 5920 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:11:15.0611 5920 Fs_Rec - ok
17:11:15.0668 5920 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:11:15.0692 5920 gagp30kx - ok
17:11:15.0763 5920 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
17:11:15.0852 5920 HdAudAddService - ok
17:11:15.0925 5920 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:11:15.0996 5920 HDAudBus - ok
17:11:16.0084 5920 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:11:16.0203 5920 HidBth - ok
17:11:16.0246 5920 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
17:11:16.0277 5920 HidIr - ok
17:11:16.0335 5920 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:11:16.0422 5920 HidUsb - ok
17:11:16.0858 5920 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:11:16.0941 5920 HpCISSs - ok
17:11:17.0155 5920 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:11:17.0314 5920 HTTP - ok
17:11:17.0426 5920 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:11:17.0518 5920 i2omp - ok
17:11:17.0605 5920 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:11:17.0683 5920 i8042prt - ok
17:11:17.0738 5920 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:11:17.0781 5920 iaStorV - ok
17:11:18.0094 5920 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20111122.030\IDSvix86.sys
17:11:18.0204 5920 IDSVix86 - ok
17:11:18.0821 5920 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:11:18.0876 5920 iirsp - ok
17:11:19.0033 5920 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:11:19.0079 5920 intelide - ok
17:11:19.0175 5920 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:11:19.0264 5920 intelppm - ok
17:11:19.0351 5920 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:11:19.0442 5920 IpFilterDriver - ok
17:11:19.0455 5920 IpInIp - ok
17:11:19.0492 5920 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:11:19.0567 5920 IPMIDRV - ok
17:11:19.0783 5920 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:11:19.0881 5920 IPNAT - ok
17:11:19.0994 5920 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:11:20.0068 5920 IRENUM - ok
17:11:20.0097 5920 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:11:20.0124 5920 isapnp - ok
17:11:20.0174 5920 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:11:20.0207 5920 iScsiPrt - ok
17:11:20.0238 5920 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:11:20.0264 5920 iteatapi - ok
17:11:20.0306 5920 itecir (20425664e2e196d339ca877e0387c023) C:\Windows\system32\DRIVERS\itecir.sys
17:11:20.0351 5920 itecir - ok
17:11:20.0372 5920 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:11:20.0398 5920 iteraid - ok
17:11:20.0448 5920 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
17:11:20.0518 5920 k57nd60x - ok
17:11:20.0569 5920 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:11:20.0593 5920 kbdclass - ok
17:11:20.0664 5920 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:11:20.0750 5920 kbdhid - ok
17:11:20.0809 5920 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
17:11:20.0884 5920 KSecDD - ok
17:11:20.0951 5920 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:11:21.0028 5920 lltdio - ok
17:11:21.0215 5920 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:11:21.0306 5920 LSI_FC - ok
17:11:21.0928 5920 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:11:21.0986 5920 LSI_SAS - ok
17:11:22.0316 5920 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:11:22.0374 5920 LSI_SCSI - ok
17:11:22.0467 5920 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:11:22.0562 5920 luafv - ok
17:11:22.0646 5920 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
17:11:22.0680 5920 MBAMProtector - ok
17:11:22.0723 5920 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:11:22.0780 5920 megasas - ok
17:11:22.0947 5920 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:11:23.0002 5920 MegaSR - ok
17:11:23.0222 5920 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:11:23.0297 5920 Modem - ok
17:11:23.0416 5920 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:11:23.0495 5920 monitor - ok
17:11:23.0524 5920 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:11:23.0596 5920 mouclass - ok
17:11:23.0627 5920 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:11:23.0671 5920 mouhid - ok
17:11:23.0684 5920 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:11:23.0707 5920 MountMgr - ok
17:11:23.0762 5920 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:11:23.0787 5920 mpio - ok
17:11:23.0857 5920 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:11:23.0922 5920 mpsdrv - ok
17:11:23.0968 5920 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:11:23.0990 5920 Mraid35x - ok
17:11:24.0031 5920 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:11:24.0144 5920 MRxDAV - ok
17:11:24.0193 5920 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:11:24.0314 5920 mrxsmb - ok
17:11:24.0362 5920 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:11:24.0444 5920 mrxsmb10 - ok
17:11:24.0489 5920 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:11:24.0566 5920 mrxsmb20 - ok
17:11:24.0637 5920 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
17:11:24.0674 5920 msahci - ok
17:11:24.0715 5920 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:11:24.0753 5920 msdsm - ok
17:11:24.0786 5920 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:11:24.0857 5920 Msfs - ok
17:11:24.0889 5920 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:11:24.0922 5920 msisadrv - ok
17:11:24.0984 5920 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:11:25.0042 5920 MSKSSRV - ok
17:11:25.0073 5920 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:11:25.0108 5920 MSPCLOCK - ok
17:11:25.0134 5920 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:11:25.0170 5920 MSPQM - ok
17:11:25.0221 5920 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:11:25.0248 5920 MsRPC - ok
17:11:25.0297 5920 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:11:25.0317 5920 mssmbios - ok
17:11:25.0385 5920 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:11:25.0452 5920 MSTEE - ok
17:11:25.0487 5920 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:11:25.0535 5920 Mup - ok
17:11:25.0709 5920 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:11:25.0826 5920 NativeWifiP - ok
17:11:26.0108 5920 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20111123.003\NAVENG.SYS
17:11:26.0167 5920 NAVENG - ok
17:11:26.0293 5920 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20111123.003\NAVEX15.SYS
17:11:26.0473 5920 NAVEX15 - ok
17:11:26.0633 5920 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:11:26.0701 5920 NDIS - ok
17:11:26.0791 5920 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:11:26.0887 5920 NdisTapi - ok
17:11:26.0931 5920 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:11:26.0967 5920 Ndisuio - ok
17:11:27.0018 5920 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:11:27.0094 5920 NdisWan - ok
17:11:27.0138 5920 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:11:27.0204 5920 NDProxy - ok
17:11:27.0247 5920 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:11:27.0324 5920 NetBIOS - ok
17:11:27.0540 5920 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:11:27.0663 5920 netbt - ok
17:11:27.0972 5920 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:11:28.0030 5920 nfrd960 - ok
17:11:28.0170 5920 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:11:28.0287 5920 Npfs - ok
17:11:28.0456 5920 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:11:28.0569 5920 nsiproxy - ok
17:11:28.0837 5920 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:11:29.0013 5920 Ntfs - ok
17:11:29.0089 5920 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:11:29.0156 5920 ntrigdigi - ok
17:11:29.0169 5920 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:11:29.0212 5920 Null - ok
17:11:29.0240 5920 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:11:29.0270 5920 nvraid - ok
17:11:29.0305 5920 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:11:29.0340 5920 nvstor - ok
17:11:29.0368 5920 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:11:29.0417 5920 nv_agp - ok
17:11:29.0427 5920 NwlnkFlt - ok
17:11:29.0442 5920 NwlnkFwd - ok
17:11:29.0500 5920 OA001Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA001Ufd.sys
17:11:29.0601 5920 OA001Ufd - ok
17:11:29.0640 5920 OA001Vid (4075063d25af9da64101769854b83787) C:\Windows\system32\DRIVERS\OA001Vid.sys
17:11:29.0687 5920 OA001Vid - ok
17:11:29.0718 5920 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:11:29.0765 5920 ohci1394 - ok
17:11:29.0824 5920 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:11:29.0900 5920 Parport - ok
17:11:29.0936 5920 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:11:29.0965 5920 partmgr - ok
17:11:29.0988 5920 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:11:30.0044 5920 Parvdm - ok
17:11:30.0191 5920 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms
17:11:30.0286 5920 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok
17:11:30.0447 5920 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:11:30.0481 5920 pci - ok
17:11:30.0526 5920 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
17:11:30.0567 5920 pciide - ok
17:11:30.0595 5920 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:11:30.0621 5920 pcmcia - ok
17:11:30.0670 5920 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:11:30.0798 5920 PEAUTH - ok
17:11:30.0890 5920 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:11:30.0964 5920 PptpMiniport - ok
17:11:30.0992 5920 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
17:11:31.0042 5920 Processor - ok
17:11:31.0115 5920 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:11:31.0185 5920 PSched - ok
17:11:31.0243 5920 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
17:11:31.0275 5920 PxHelp20 - ok
17:11:31.0351 5920 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:11:31.0454 5920 ql2300 - ok
17:11:31.0503 5920 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:11:31.0527 5920 ql40xx - ok
17:11:31.0551 5920 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:11:31.0655 5920 QWAVEdrv - ok
17:11:31.0796 5920 R300 (47dcf5d78c395159d72c65c25129fc44) C:\Windows\system32\DRIVERS\atikmdag.sys
17:11:31.0952 5920 R300 - ok
17:11:32.0027 5920 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:11:32.0122 5920 RasAcd - ok
17:11:32.0150 5920 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:11:32.0188 5920 Rasl2tp - ok
17:11:32.0247 5920 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:11:32.0312 5920 RasPppoe - ok
17:11:32.0344 5920 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:11:32.0371 5920 RasSstp - ok
17:11:32.0417 5920 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:11:32.0523 5920 rdbss - ok
17:11:32.0571 5920 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:11:32.0628 5920 RDPCDD - ok
17:11:32.0683 5920 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
17:11:32.0733 5920 rdpdr - ok
17:11:32.0760 5920 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:11:32.0817 5920 RDPENCDD - ok
17:11:32.0864 5920 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
17:11:32.0916 5920 RDPWD - ok
17:11:32.0961 5920 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
17:11:33.0033 5920 rimmptsk - ok
17:11:33.0066 5920 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
17:11:33.0135 5920 rimsptsk - ok
17:11:33.0147 5920 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
17:11:33.0218 5920 rismxdp - ok
17:11:33.0262 5920 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:11:33.0310 5920 rspndr - ok
17:11:33.0346 5920 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:11:33.0382 5920 sbp2port - ok
17:11:33.0432 5920 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
17:11:33.0501 5920 sdbus - ok
17:11:33.0556 5920 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:11:33.0633 5920 secdrv - ok
17:11:33.0685 5920 ser2plms (227df2e68510d25462ee80136722374e) C:\Windows\system32\DRIVERS\ser2plms.sys
17:11:33.0739 5920 ser2plms - ok
17:11:33.0757 5920 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:11:33.0830 5920 Serenum - ok
17:11:33.0860 5920 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:11:33.0941 5920 Serial - ok
17:11:33.0966 5920 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:11:34.0037 5920 sermouse - ok
17:11:34.0108 5920 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
17:11:34.0139 5920 sffdisk - ok
17:11:34.0163 5920 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:11:34.0199 5920 sffp_mmc - ok
17:11:34.0235 5920 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:11:34.0265 5920 sffp_sd - ok
17:11:34.0287 5920 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:11:34.0359 5920 sfloppy - ok
17:11:34.0407 5920 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
17:11:34.0430 5920 sisagp - ok
17:11:34.0447 5920 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:11:34.0470 5920 SiSRaid2 - ok
17:11:34.0492 5920 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:11:34.0516 5920 SiSRaid4 - ok
17:11:34.0559 5920 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:11:34.0615 5920 Smb - ok
17:11:34.0661 5920 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:11:34.0703 5920 spldr - ok
17:11:34.0780 5920 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
17:11:34.0780 5920 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
17:11:34.0782 5920 sptd ( LockedFile.Multi.Generic ) - warning
17:11:34.0783 5920 sptd - detected LockedFile.Multi.Generic (1)
17:11:34.0853 5920 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\NIS\1109000.00C\SRTSP.SYS
17:11:34.0915 5920 SRTSP - ok
17:11:34.0947 5920 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\NIS\1109000.00C\SRTSPX.SYS
17:11:34.0973 5920 SRTSPX - ok
17:11:35.0018 5920 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:11:35.0098 5920 srv - ok
17:11:35.0140 5920 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:11:35.0215 5920 srv2 - ok
17:11:35.0237 5920 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:11:35.0304 5920 srvnet - ok
17:11:35.0400 5920 STHDA (14a9ad287fda70a06463e09c4328c1f2) C:\Windows\system32\DRIVERS\stwrt.sys
17:11:35.0505 5920 STHDA - ok
17:11:35.0550 5920 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:11:35.0577 5920 swenum - ok
17:11:35.0610 5920 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:11:35.0636 5920 Symc8xx - ok
17:11:35.0720 5920 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\NIS\1109000.00C\SYMDS.SYS
17:11:35.0875 5920 SymDS - ok
17:11:35.0946 5920 SymEFA (10ba64273feff4df0a7ccb0ff3b9b26b) C:\Windows\system32\drivers\NIS\1109000.00C\SYMEFA.SYS
17:11:35.0985 5920 SymEFA - ok
17:11:36.0047 5920 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
17:11:36.0113 5920 SymEvent - ok
17:11:36.0150 5920 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\NIS\1109000.00C\Ironx86.SYS
17:11:36.0192 5920 SymIRON - ok
17:11:36.0224 5920 SYMTDIv (b501d61792d8355eae7eb4f7449a9d99) C:\Windows\System32\Drivers\NIS\1109000.00C\SYMTDIV.SYS
17:11:36.0269 5920 SYMTDIv - ok
17:11:36.0310 5920 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:11:36.0343 5920 Sym_hi - ok
17:11:36.0368 5920 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:11:36.0390 5920 Sym_u3 - ok
17:11:36.0455 5920 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
17:11:36.0610 5920 Tcpip - ok
17:11:36.0638 5920 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
17:11:36.0741 5920 Tcpip6 - ok
17:11:36.0817 5920 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:11:36.0876 5920 tcpipreg - ok
17:11:36.0898 5920 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:11:36.0944 5920 TDPIPE - ok
17:11:36.0986 5920 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:11:37.0031 5920 TDTCP - ok
17:11:37.0103 5920 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:11:37.0168 5920 tdx - ok
17:11:37.0208 5920 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:11:37.0237 5920 TermDD - ok
17:11:37.0287 5920 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:11:37.0324 5920 tssecsrv - ok
17:11:37.0361 5920 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:11:37.0422 5920 tunmp - ok
17:11:37.0458 5920 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:11:37.0512 5920 tunnel - ok
17:11:37.0540 5920 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
17:11:37.0563 5920 uagp35 - ok
17:11:37.0609 5920 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:11:37.0645 5920 udfs - ok
17:11:37.0672 5920 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:11:37.0695 5920 uliagpkx - ok
17:11:37.0710 5920 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:11:37.0756 5920 uliahci - ok
17:11:37.0780 5920 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:11:37.0804 5920 UlSata - ok
17:11:37.0830 5920 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:11:37.0855 5920 ulsata2 - ok
17:11:37.0878 5920 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:11:37.0938 5920 umbus - ok
17:11:37.0983 5920 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:11:38.0033 5920 usbccgp - ok
17:11:38.0089 5920 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:11:38.0166 5920 usbcir - ok
17:11:38.0224 5920 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:11:38.0313 5920 usbehci - ok
17:11:38.0362 5920 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:11:38.0428 5920 usbhub - ok
17:11:38.0475 5920 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:11:38.0571 5920 usbohci - ok
17:11:38.0612 5920 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:11:38.0693 5920 usbprint - ok
17:11:38.0724 5920 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:11:38.0780 5920 USBSTOR - ok
17:11:38.0819 5920 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:11:38.0870 5920 usbuhci - ok
17:11:38.0904 5920 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:11:38.0978 5920 vga - ok
17:11:39.0017 5920 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:11:39.0093 5920 VgaSave - ok
17:11:39.0126 5920 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:11:39.0150 5920 viaagp - ok
17:11:39.0172 5920 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:11:39.0221 5920 ViaC7 - ok
17:11:39.0249 5920 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:11:39.0271 5920 viaide - ok
17:11:39.0300 5920 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:11:39.0333 5920 volmgr - ok
17:11:39.0371 5920 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:11:39.0403 5920 volmgrx - ok
17:11:39.0455 5920 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:11:39.0482 5920 volsnap - ok
17:11:39.0514 5920 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:11:39.0539 5920 vsmraid - ok
17:11:39.0582 5920 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:11:39.0636 5920 WacomPen - ok
17:11:39.0679 5920 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:11:39.0725 5920 Wanarp - ok
17:11:39.0730 5920 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:11:39.0761 5920 Wanarpv6 - ok
17:11:39.0797 5920 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:11:39.0819 5920 Wd - ok
17:11:39.0860 5920 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:11:39.0899 5920 Wdf01000 - ok
17:11:39.0993 5920 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:11:40.0057 5920 WmiAcpi - ok
17:11:40.0113 5920 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:11:40.0167 5920 WpdUsb - ok
17:11:40.0202 5920 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:11:40.0256 5920 ws2ifsl - ok
17:11:40.0320 5920 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
17:11:40.0375 5920 WSDPrintDevice - ok
17:11:40.0442 5920 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:11:40.0507 5920 WUDFRd - ok
17:11:40.0557 5920 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:11:40.0700 5920 \Device\Harddisk0\DR0 - ok
17:11:40.0735 5920 Boot (0x1200) (e78b43891bad8bac3ff40f3cb42f9e7b) \Device\Harddisk0\DR0\Partition0
17:11:40.0736 5920 \Device\Harddisk0\DR0\Partition0 - ok
17:11:40.0744 5920 Boot (0x1200) (c9b73b6b566435f1b81823839b30beca) \Device\Harddisk0\DR0\Partition1
17:11:40.0746 5920 \Device\Harddisk0\DR0\Partition1 - ok
17:11:40.0746 5920 ============================================================
17:11:40.0747 5920 Scan finished
17:11:40.0747 5920 ============================================================
17:11:40.0765 2088 Detected object count: 2
17:11:40.0765 2088 Actual detected object count: 2
19:25:14.0699 2088 fanio ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:14.0699 2088 fanio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:14.0703 2088 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:25:14.0703 2088 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:26:54.0382 2548 Deinitialize success
  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets take that file out one more time using a very strong tool that will also do a bit of analysis for me

1. Please download The Avenger by Swandog46 to your Desktop.

  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Begin copying here:
Files to delete:
C:\Windows\System32\mapullma.dll 
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Posted Image
  • Accept the disclaimer
    Posted Image
  • Right click on the window under Input script here:, and select Paste.

    Posted Image
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.
  • 0

#30
fierohink

fierohink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Here is the avenger report:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Windows\System32\mapullma.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP