Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Strange "Visa Advanced Verification" Pop-up [Solved]

Started by Rav , Nov 21 2011 03:39 PM

  • This topic is locked This topic is locked

#1
Rav
Posted 21 November 2011 - 03:39 PM

Rav

    Member

  • Member
  • PipPip
  • 37 posts
Dear Geeks-to-Go

I have a Dell Latitude E5500 laptop with the specs as given in my profile. It is 2.5 years old and runs Win XP Pro SP3 and has about 4GB RAM. For security, I run Avast Anti-Virus Free Version V6.0.1289 and Comodo Firewall V3.5.57173.439. I also run occasional scans with an updated Malwarebytes' Anti-Malware V1.51.2.1300. I use Mozilla Firefox as my internet browser.

Last Monday, 14 November, I was browsing the internet and I must have hit upon a dubious website, as my Avast Antivirus Software put up a message that my computer was being attacked by trojans, and then, suddenly, multiple tabs opened up in rapid succession within my open Firefox browser and the computer then automatically crashed and shut down, and, I believe, re-booted.

On re-booting, I noticed the re-boot seemed to take a bit longer and the icon in the system tray for my wireless connection seemed to take longer to re-appear, such that the following message was put up: “This action cannot be completed because the other program is busy. Choose “Switch To” to activate the busy program and correct the problem.” Once my wireless connection icon appears in the system tray, this message tends to disappear. Also, on this re-boot Avast posted a message that it had found some trojans, I believe, in my Temporary Files folder. After this, I ran a full scan using Malwarebytes Anti-Malware and a boot scan using Avast Anti-Virus, and I thought at the time that both scans came up clean with no infection reported. However, see below:

UPDATE: I have NOW noticed looking back at the log for the Avast Anti-Virus boot scan carried out on 14 Nov that the following virus was reported:

File name: Disk 0 Master Boot Record
Severity: High
Status: Threat: Win32MBRoot-J [Trj]

The other problem I noticed was that when accessing Google’s webpage, when typing within the search field box, there would be an irritating lag between my typing and the words appearing in the box. The letters would appear in fits-and-starts. Switching Google Instant off helped to increase the “speed” of appearance of typed letters in the box noticeably. But I do like Google Instant! This lag in typed words / letters appearing is NOT noticed, so far, in the use of other programs such as MS Word, Excel, etc. It should be noted that some graphics-rich websites, such as those for newspapers, were taking longer to load and longer to scroll down on as well. In other words, Firefox seemed to have slowed up.

Some time later, maybe days later, I was prompted by Firefox to update to Version 8.0, which I did thinking that this might have been the root of the problem. As it happens, immediately after doing this the problem with Google seemed to be fixed and the speed of Firefox improved. But then these problems seemed to return later. I used CCleaner to empty my caches and to delete my temporary files, but this did not help things. However, I was not too worried as the problems, at this point, were more of an irritation than a major cause for concern. I thought that maybe there was a problem with an add-on in Firefox that I could eventually isolate and fix myself.

Then the major cause for concern occurred. I was on the customer portal for my ISP, Zen Internet, using my Firefox browser, and was purchasing some more data download allowance as I had hit my monthly limit. I was entering my credit card details and after clicking to send the payment through a pop-up box came up with a message headed “Visa Advance Verification” strangely asking for the same credit card information I had just inputted into the more familiar portal box. This time, though, the strange pop-up box was asking for my PIN number. I stupidly completed the box fields as it looked so official and clicked “Continue”, but the next box, again a strange one, asked for more account details. I realised this was fishy and I cancelled the whole process. I went onto another PC in my house, which is on the same internet connection, and pulled up the same portal, but this time I was able to complete the transaction without the strange pop-up box claiming to be from Visa. At this point, I suspected that a very insidious virus, spyware or some form of malware had made it onto my computer. I ran another quick scan using Malwarebytes’ Anti-Malware, and again the results were clean: no infection reported. You should note that at this point I was not aware of the report by the Avast boot scan carried out on 14 Nov.

Guys, I would be very grateful if you could help me scan my computer for malware and spyware, and help me rid my computer of that scary pop-up window claiming to be from Visa. It should be noted that at times, especially off-peak browsing times, Google and Firefox seem to be OK, but I am sure that I have a nasty infection of some sort. Many thanks in advance for your help.

------------------------------------------------------

My OTL log is pasted below:

OTL logfile created on: 21/11/2011 19:24:23 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ravi Ramlakhan\My Documents\My Received Files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.46 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 71.32% Memory free
5.29 Gb Paging File | 4.39 Gb Available in Paging File | 82.87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 171.18 Gb Free Space | 73.54% Space Free | Partition Type: NTFS

Computer Name: RAMLAKHAN3 | User Name: Ravi Ramlakhan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/21 19:20:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ravi Ramlakhan\My Documents\My Received Files\OTL.exe
PRC - [2011/11/15 23:23:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/15 09:13:04 | 000,618,232 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/09/15 09:12:58 | 001,797,880 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/09/06 20:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/06 20:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/15 14:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2009/11/21 10:57:43 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/15 11:06:52 | 000,053,064 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\TscHelp.exe
PRC - [2009/10/15 11:06:50 | 000,066,888 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
PRC - [2009/10/15 11:06:46 | 007,168,328 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe
PRC - [2009/10/15 11:06:46 | 006,287,176 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
PRC - [2009/04/09 13:02:50 | 000,447,264 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2009/03/19 17:25:06 | 000,667,648 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/03/17 01:57:38 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/17 01:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R213367\stacsv.exe
PRC - [2009/03/17 01:57:14 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009/02/22 21:51:40 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/02/22 21:51:24 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/02/22 21:51:22 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/02/22 21:51:22 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/02/04 20:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/16 15:41:02 | 000,656,696 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2009/01/16 14:46:22 | 000,015,360 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2009/01/14 09:23:50 | 000,991,232 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2008/12/29 10:07:28 | 000,320,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2008/12/22 11:15:44 | 000,145,408 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2008/11/11 16:39:40 | 001,463,296 | ---- | M] (T-Mobile) -- C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
PRC - [2008/11/04 10:39:20 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008/08/15 07:51:34 | 001,448,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/08/15 07:51:34 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/07/10 19:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/07/10 19:32:38 | 000,352,256 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2008/07/10 19:30:46 | 001,351,680 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/07/10 19:23:22 | 000,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/07/10 19:13:50 | 001,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/07/10 19:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/07/01 17:57:10 | 000,110,592 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
PRC - [2008/06/27 12:47:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/06/15 05:12:20 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/15 05:12:18 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/30 15:52:36 | 000,200,704 | ---- | M] (OptionNV) -- C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 22:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2006/12/05 23:38:58 | 000,707,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2006/02/10 06:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2004/04/13 16:03:26 | 000,274,432 | ---- | M] (Palm, Inc.) -- C:\Program Files\palmOne\AlarmApp.exe
PRC - [2004/04/13 16:03:10 | 000,299,008 | ---- | M] (Palm, Inc.) -- C:\Program Files\palmOne\HOTSYNC.EXE


========== Modules (No Company Name) ==========

MOD - [2011/11/21 08:47:44 | 001,618,432 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112100\algo.dll
MOD - [2011/11/16 08:45:03 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/15 23:23:01 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/15 11:59:54 | 000,241,528 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112100\aswRep.dll
MOD - [2011/10/13 09:44:16 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011/10/13 09:34:03 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/13 09:29:09 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 09:28:30 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/12 23:38:32 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/12 23:38:26 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/12 23:38:19 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/12 23:38:02 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/12 23:37:00 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2011/10/12 23:32:09 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_9c261a2e\mscorlib.dll
MOD - [2011/10/12 23:32:04 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_a39ee613\system.drawing.dll
MOD - [2011/10/12 23:31:56 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_49ef5538\system.xml.dll
MOD - [2011/10/12 23:31:49 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_60148b1c\system.windows.forms.dll
MOD - [2011/10/12 23:31:36 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_661d0866\system.dll
MOD - [2011/10/12 23:31:25 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/09/15 09:13:09 | 000,283,896 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\Themes\cfp.theme
MOD - [2011/09/15 09:13:09 | 000,147,192 | ---- | M] () -- C:\WINDOWS\system32\guard32.dll
MOD - [2011/09/15 09:13:04 | 000,618,232 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
MOD - [2011/09/15 09:13:04 | 000,196,344 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\framework.dll
MOD - [2011/09/15 09:12:58 | 001,797,880 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
MOD - [2010/10/08 21:59:19 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2010/10/08 21:59:12 | 001,163,264 | ---- | M] () -- c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2010/10/08 21:59:11 | 000,790,528 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2010/10/08 21:59:08 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2010/10/08 21:59:04 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2010/10/08 21:59:04 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2010/10/08 21:59:04 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2010/10/08 21:59:03 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2010/10/08 21:59:03 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2010/10/08 21:59:03 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2010/10/08 21:59:03 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll
MOD - [2010/10/08 21:59:03 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2010/10/08 21:59:03 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2010/10/08 21:59:03 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2010/10/08 21:59:03 | 000,014,848 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2010/10/08 21:59:02 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2010/10/08 21:59:02 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2010/10/08 21:59:01 | 000,516,096 | ---- | M] () -- c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2010/10/08 21:59:01 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2010/10/08 21:59:01 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2010/10/08 21:59:01 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2010/10/08 21:59:01 | 000,061,440 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2010/10/08 21:59:01 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2010/10/08 21:59:00 | 000,385,024 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2010/10/08 21:59:00 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2010/10/08 21:59:00 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2010/10/08 21:59:00 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2010/10/08 21:59:00 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2010/10/08 21:59:00 | 000,020,480 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2010/10/08 21:58:56 | 000,593,920 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2010/10/08 21:58:56 | 000,425,984 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2009/10/15 11:06:44 | 004,715,848 | R--- | M] () -- C:\Program Files\TechSmith\Snagit 9\PDFNetC.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/04/28 14:17:02 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Status Lib\1.6.206.39627__f25c74fcad379103\Status Lib.dll
MOD - [2009/04/28 14:17:02 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\StatusInterfaces\1.6.206.39627__4ca2a925deedf37d\StatusInterfaces.dll
MOD - [2009/04/28 14:17:01 | 000,013,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SecurityDeviceInfoSetReg\1.6.206.39641__3a60a70419922317\SecurityDeviceInfoSetReg.dll
MOD - [2008/12/22 11:13:54 | 000,249,856 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2008/11/11 16:39:40 | 000,222,208 | ---- | M] () -- C:\Program Files\T-Mobile\web'n'walk Manager\Optimizer.dll
MOD - [2008/08/15 07:46:30 | 002,854,912 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008/08/15 07:43:46 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2008/07/10 19:25:20 | 000,057,344 | ---- | M] () -- C:\Program Files\Common Files\Intel\WirelessCommon\CustomUIResource.dll
MOD - [2008/07/10 19:15:30 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
MOD - [2008/04/25 21:35:57 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2008/04/25 21:35:56 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2008/04/25 21:35:55 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2008/04/25 21:34:28 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2008/04/14 12:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 12:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/07/23 14:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2005/10/20 09:36:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2005/10/20 09:36:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/15 09:13:04 | 000,618,232 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/09/06 20:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/15 14:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2011/03/15 14:17:46 | 001,475,848 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2009/05/05 08:11:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/04/09 13:02:50 | 000,447,264 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/03/17 01:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R213367\stacsv.exe -- (STacSV)
SRV - [2009/03/03 13:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2009/01/14 09:23:50 | 000,991,232 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2008/12/29 10:07:28 | 000,320,800 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/12/12 08:54:00 | 000,638,976 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/11/12 12:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/11/04 10:39:20 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/07/10 19:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/07/10 19:32:38 | 000,352,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2008/07/10 19:23:22 | 000,901,120 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/07/10 19:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/07/01 17:57:10 | 000,110,592 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV - [2008/06/27 12:47:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/06/15 05:12:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/04/30 15:52:36 | 000,200,704 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007/01/04 22:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip)
DRV - [2011/09/15 09:13:09 | 000,101,776 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2011/09/15 09:13:09 | 000,079,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/09/15 09:13:09 | 000,031,504 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/09/06 20:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 20:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 20:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 20:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 20:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 20:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 20:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/22 10:33:08 | 000,135,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2009/03/17 01:57:30 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/03/17 01:57:12 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/02/26 21:08:52 | 000,109,568 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2009/02/22 21:51:20 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/01/16 15:41:06 | 000,208,824 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/01/14 10:51:50 | 000,230,952 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2008/12/08 16:21:20 | 000,110,080 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008/12/08 16:21:20 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/12/08 16:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/12/08 16:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/12/08 16:21:20 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/11/07 11:03:18 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsser.sys -- (GTUHSSER)
DRV - [2008/11/07 11:01:48 | 000,020,352 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsoms.sys -- (GTUHSOMS)
DRV - [2008/11/07 10:58:56 | 000,105,984 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
DRV - [2008/11/07 10:57:38 | 000,062,592 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV - [2008/09/10 22:18:18 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/08/18 16:01:26 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2008/08/18 16:01:20 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/08/18 16:01:18 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/08/18 16:01:14 | 000,991,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/18 16:01:12 | 000,534,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/08/18 15:37:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/07/12 12:58:08 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BASFND.sys -- (BASFND)
DRV - [2008/07/01 22:42:28 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/06/26 05:15:34 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/06/06 08:15:40 | 000,098,816 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2008/06/04 12:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/04/18 14:48:50 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/02/08 14:39:06 | 000,004,864 | ---- | M] (Option N.V.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GtTdiFltr.sys -- (GtTdiFltr)
DRV - [2007/08/06 12:30:18 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2007/07/23 14:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 14:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 14:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 14:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 14:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 14:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 14:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 14:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 13:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 13:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/12/05 23:39:13 | 001,964,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2006/09/24 13:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/05/02 21:15:50 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®
DRV - [1996/04/03 19:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.uk.msn.com/USREL/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.uk.msn.com/USREL/2

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USREL/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...BDF&PC=MDDR&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://home.bt.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}:5.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://www.bing.com/...BDF&PC=MDDR&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/15 23:23:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/15 23:23:06 | 000,000,000 | ---D | M]

[2009/06/15 10:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Mozilla\Extensions
[2011/11/15 13:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Mozilla\Firefox\Profiles\eplj93mx.default\extensions
[2010/04/27 15:54:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Mozilla\Firefox\Profiles\eplj93mx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/08 12:31:34 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Mozilla\Firefox\Profiles\eplj93mx.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/09/30 00:23:15 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Mozilla\Firefox\Profiles\eplj93mx.default\searchplugins\bing.xml
[2011/11/15 23:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/18 21:28:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/15 23:23:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/15 23:22:59 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/11/15 23:22:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/15 23:22:59 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/11/15 23:22:59 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/11/15 23:22:59 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/10/09 22:30:40 | 000,000,765 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: HP001CC44D519C HP001CC44D519C
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ()
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Alarm Manager.LNK = C:\Program Files\palmOne\AlarmApp.exe (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\web'n'walk Manager.lnk = C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (T-Mobile)
O4 - Startup: C:\Documents and Settings\Ravi Ramlakhan\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()
O4 - Startup: C:\Documents and Settings\Ravi Ramlakhan\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6373EB90-0867-4EE0-B656-F759CF755552}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) -C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 21:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{76aaf660-3ed7-11de-a69f-00242bfa6af7}\Shell - "" = AutoRun
O33 - MountPoints2\{76aaf660-3ed7-11de-a69f-00242bfa6af7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76aaf660-3ed7-11de-a69f-00242bfa6af7}\Shell\AutoRun\command - "" = E:\setup.exe AUTORUN=1
O33 - MountPoints2\{fbf3638b-4446-11de-a6b6-00242bfa6af7}\Shell - "" = AutoRun
O33 - MountPoints2\{fbf3638b-4446-11de-a6b6-00242bfa6af7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fbf3638b-4446-11de-a6b6-00242bfa6af7}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 15:49:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ravi Ramlakhan\Recent

========== Files - Modified Within 30 Days ==========

[2011/11/21 18:36:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/21 17:13:15 | 000,465,194 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/21 17:13:15 | 000,080,112 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/21 17:10:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/21 17:06:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ravi Ramlakhan\Local Settings\Application Data\WavXMapDrive.bat
[2011/11/21 17:06:16 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/21 17:05:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/21 17:05:47 | 3711,082,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/21 16:18:42 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\Microsoft Outlook.lnk
[2011/11/15 10:52:49 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\Microsoft Word.lnk
[2011/11/14 15:11:52 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/14 13:12:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/24 10:28:12 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2011/11/15 23:23:15 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/09 22:21:20 | 000,000,690 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/10/09 19:45:53 | 000,116,843 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2011/10/09 19:45:52 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2011/09/15 09:13:20 | 000,147,192 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2011/08/01 14:24:49 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2011/08/01 14:16:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2011/04/30 16:39:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/07 16:58:24 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\$_hpcst$.hpc
[2010/10/08 21:51:47 | 000,116,843 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/01/20 13:13:59 | 000,021,892 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/21 11:03:28 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/06/04 09:18:05 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Ravi Ramlakhan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/29 10:12:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/04 18:57:56 | 000,000,042 | ---- | C] () -- C:\WINDOWS\ib.ini
[2009/05/04 18:57:54 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll
[2009/05/03 21:37:29 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Ravi Ramlakhan\Local Settings\Application Data\fusioncache.dat
[2009/05/03 21:25:27 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/05/03 21:24:53 | 000,000,171 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/05/03 18:47:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/02 21:31:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/02 19:32:24 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.5.57173.439_XP_Vista_x32.INI
[2009/05/02 19:25:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ravi Ramlakhan\Local Settings\Application Data\WavXMapDrive.bat
[2009/04/28 22:36:31 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/04/28 22:36:31 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/04/28 22:36:21 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/04/28 22:35:29 | 000,001,204 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/04/28 14:31:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/28 14:25:39 | 000,000,232 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/28 14:24:31 | 000,230,952 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/04/28 14:03:59 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/12/30 18:13:14 | 000,137,196 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008/12/22 11:13:54 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2008/12/19 17:59:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll
[2008/12/19 17:59:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll
[2008/12/19 17:59:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll
[2008/12/19 17:59:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll
[2008/12/19 17:59:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll
[2008/12/19 17:59:12 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll
[2008/12/19 17:59:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll
[2008/12/19 17:59:10 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll
[2008/12/19 17:59:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll
[2008/12/19 17:59:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2008/12/19 17:59:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2008/12/19 17:59:04 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
[2008/12/19 17:59:04 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2008/12/19 17:59:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2008/12/19 17:59:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
[2008/12/19 17:59:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
[2008/12/19 17:58:58 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
[2008/12/19 17:58:56 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2008/12/19 17:58:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2008/12/19 17:58:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2008/12/19 17:58:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2008/12/19 17:58:52 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2008/12/19 17:58:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2008/12/19 17:58:48 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
[2008/12/11 14:51:36 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
[2008/12/11 11:59:48 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2008/12/11 11:59:46 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2008/12/11 11:59:46 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2008/12/11 11:59:46 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2008/12/11 11:59:44 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2008/12/11 11:59:44 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2008/12/11 11:59:42 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2008/12/11 11:59:42 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2008/12/11 11:59:40 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll
[2008/12/11 11:59:40 | 000,479,232 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2008/12/11 11:59:40 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2008/12/11 11:59:38 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll
[2008/12/11 11:59:38 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll
[2008/12/11 11:59:36 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll
[2008/12/11 11:59:36 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll
[2008/12/11 11:59:36 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ar.dll
[2008/12/11 11:59:34 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_el.dll
[2008/12/11 11:59:34 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_cs.dll
[2008/12/11 11:59:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fi.dll
[2008/12/11 11:59:34 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_he.dll
[2008/12/11 11:59:32 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-PT.dll
[2008/12/11 11:59:32 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_hu.dll
[2008/12/11 11:59:30 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ro.dll
[2008/12/11 11:59:30 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_tr.dll
[2008/12/11 11:56:30 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2008/10/06 17:36:56 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2008/08/20 14:45:46 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2008/08/15 07:46:30 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 21:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 21:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 21:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 16:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 16:16:22 | 000,465,194 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 16:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 16:16:22 | 000,080,112 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 16:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 16:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 16:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 16:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 16:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 16:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 16:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 16:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 09:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 09:21:52 | 000,126,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/25 08:46:00 | 000,077,536 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/20 00:28:30 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/06/30 11:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 11:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/06/12 07:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2004/09/10 12:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 12:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/03/15 15:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/05/05 08:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/04/28 14:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2009/12/09 18:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/11/15 23:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/19 10:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2009/04/28 14:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/04/19 20:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/30 14:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/10 14:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/28 14:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Broadcom
[2011/06/30 08:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Feweqo
[2011/06/30 08:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Uhely
[2009/05/19 10:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Vodafone
[2009/04/28 14:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Wave Systems Corp
[2009/04/28 13:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Windows Desktop Search
[2009/05/02 21:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Windows Search

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Edited by Rav, 21 November 2011 - 04:08 PM.

  • 0

Advertisements

#2
Essexboy
Posted 26 November 2011 - 07:22 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay, could you update me on the current problems please

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

AND FINALLY

Please download GetPartitions from the link bellow. You must right click on the link and choose Save as.... Save it as GetPartitions.bat on your desktop

getpartitions.bat

Double click it to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator").
It will produce C:\DiskReport.txt log please post results from that log here to me.
  • 0

#3
Rav
Posted 26 November 2011 - 09:16 AM

Rav

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi there

Not at all, Essexboy. Glad to have you on board!

My initial problems were slower boot-up and slower internet, with delayed and stilted typing in the search field box on the Google website, and, most worryingly, a strange, non-official "Visa Advanced Verification" pop-up window when making an online purchase using my credit card. An Avast Anti-virus boot scan revealed the following:

Threat: Win32:Sinowal-IK [Trj]
Threat: Win32:MBRoot-J [Trj]

A subsequent Avast boot scan, with the instruction "Move to Chest", then wierdly identified "no virus found". However, I still encountered the problem with the strange Visa window pop-up, so I feel that there is a Trojan infection remaining. Plus the problem with the slow Google typing remains.

------------------------------------

My OTL.Txt log is given below (PLEASE NOTE THAT THE OTL SCAN DID NOT PRODUCE AN EXTRAS.TXT LOG)


OTL logfile created on: 26/11/2011 14:15:00 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ravi Ramlakhan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.46 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 69.57% Memory free
5.29 Gb Paging File | 4.23 Gb Available in Paging File | 79.98% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 170.91 Gb Free Space | 73.42% Space Free | Partition Type: NTFS

Computer Name: RAMLAKHAN3 | User Name: Ravi Ramlakhan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/26 14:11:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\OTL.exe
PRC - [2011/09/15 09:13:04 | 000,618,232 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/09/15 09:12:58 | 001,797,880 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/09/06 20:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/06 20:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/15 14:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2009/11/21 10:57:43 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/15 11:06:52 | 000,053,064 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\TscHelp.exe
PRC - [2009/10/15 11:06:50 | 000,066,888 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
PRC - [2009/10/15 11:06:46 | 007,168,328 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe
PRC - [2009/10/15 11:06:46 | 006,287,176 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
PRC - [2009/04/09 13:05:38 | 001,106,720 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
PRC - [2009/04/09 13:02:50 | 000,447,264 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2009/03/19 17:25:06 | 000,667,648 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/03/17 01:57:38 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/17 01:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R213367\stacsv.exe
PRC - [2009/03/17 01:57:14 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009/02/22 21:51:40 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/02/22 21:51:24 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/02/22 21:51:22 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/02/22 21:51:22 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/02/04 20:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/16 15:41:02 | 000,656,696 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2009/01/16 14:46:22 | 000,015,360 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2009/01/14 09:23:50 | 000,991,232 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2008/12/29 10:07:28 | 000,320,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2008/12/22 11:15:44 | 000,145,408 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2008/11/11 16:39:40 | 001,463,296 | ---- | M] (T-Mobile) -- C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
PRC - [2008/11/04 10:40:24 | 002,087,424 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2008/11/04 10:39:20 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008/08/15 07:51:34 | 001,448,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/08/15 07:51:34 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/07/10 19:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/07/10 19:32:38 | 000,352,256 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2008/07/10 19:30:46 | 001,351,680 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/07/10 19:23:22 | 000,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/07/10 19:13:50 | 001,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/07/10 19:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/07/01 17:57:10 | 000,110,592 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
PRC - [2008/06/27 12:47:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/06/15 05:12:20 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/15 05:12:18 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/30 15:52:36 | 000,200,704 | ---- | M] (OptionNV) -- C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 22:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2006/12/05 23:38:58 | 000,707,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2006/02/10 06:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2004/04/13 16:03:26 | 000,274,432 | ---- | M] (Palm, Inc.) -- C:\Program Files\palmOne\AlarmApp.exe
PRC - [2004/04/13 16:03:10 | 000,299,008 | ---- | M] (Palm, Inc.) -- C:\Program Files\palmOne\HOTSYNC.EXE


========== Modules (No Company Name) ==========

MOD - [2011/11/26 08:43:24 | 001,619,456 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112600\algo.dll
MOD - [2011/11/25 17:12:36 | 000,241,528 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112600\aswRep.dll
MOD - [2011/11/25 09:37:41 | 001,618,944 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112500\algo.dll
MOD - [2011/11/21 19:46:14 | 000,241,528 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112500\aswRep.dll
MOD - [2011/10/13 09:44:16 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011/10/13 09:34:03 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/13 09:33:19 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 09:33:03 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
MOD - [2011/10/13 09:32:59 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MOD - [2011/10/13 09:29:09 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 09:28:30 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/12 23:38:45 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
MOD - [2011/10/12 23:38:32 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/12 23:38:26 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/12 23:38:19 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/12 23:38:02 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/12 23:37:14 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/10/12 23:37:00 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2011/10/12 23:36:58 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/10/12 23:32:09 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_9c261a2e\mscorlib.dll
MOD - [2011/10/12 23:32:04 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_a39ee613\system.drawing.dll
MOD - [2011/10/12 23:31:56 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_49ef5538\system.xml.dll
MOD - [2011/10/12 23:31:49 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_60148b1c\system.windows.forms.dll
MOD - [2011/10/12 23:31:36 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_661d0866\system.dll
MOD - [2011/10/12 23:31:25 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/09/15 09:13:09 | 000,283,896 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\Themes\cfp.theme
MOD - [2011/09/15 09:13:09 | 000,147,192 | ---- | M] () -- C:\WINDOWS\system32\guard32.dll
MOD - [2011/09/15 09:13:04 | 000,618,232 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
MOD - [2011/09/15 09:13:04 | 000,196,344 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\framework.dll
MOD - [2011/09/15 09:12:58 | 001,797,880 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
MOD - [2010/10/08 21:59:19 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2010/10/08 21:59:12 | 001,163,264 | ---- | M] () -- c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2010/10/08 21:59:11 | 000,790,528 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2010/10/08 21:59:08 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2010/10/08 21:59:04 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2010/10/08 21:59:04 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2010/10/08 21:59:04 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2010/10/08 21:59:03 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2010/10/08 21:59:03 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2010/10/08 21:59:03 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2010/10/08 21:59:03 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll
MOD - [2010/10/08 21:59:03 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2010/10/08 21:59:03 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2010/10/08 21:59:03 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2010/10/08 21:59:03 | 000,014,848 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2010/10/08 21:59:02 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2010/10/08 21:59:02 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2010/10/08 21:59:01 | 000,516,096 | ---- | M] () -- c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2010/10/08 21:59:01 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2010/10/08 21:59:01 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2010/10/08 21:59:01 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2010/10/08 21:59:01 | 000,061,440 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2010/10/08 21:59:01 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2010/10/08 21:59:00 | 000,385,024 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2010/10/08 21:59:00 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2010/10/08 21:59:00 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2010/10/08 21:59:00 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2010/10/08 21:59:00 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2010/10/08 21:59:00 | 000,020,480 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2010/10/08 21:58:56 | 000,593,920 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2010/10/08 21:58:56 | 000,425,984 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2009/10/15 11:06:44 | 004,715,848 | R--- | M] () -- C:\Program Files\TechSmith\Snagit 9\PDFNetC.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/04/28 14:17:02 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Status Lib\1.6.206.39627__f25c74fcad379103\Status Lib.dll
MOD - [2009/04/28 14:17:02 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\StatusInterfaces\1.6.206.39627__4ca2a925deedf37d\StatusInterfaces.dll
MOD - [2009/04/28 14:17:01 | 000,013,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SecurityDeviceInfoSetReg\1.6.206.39641__3a60a70419922317\SecurityDeviceInfoSetReg.dll
MOD - [2008/12/22 11:13:54 | 000,249,856 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2008/12/11 14:51:36 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\Wavx_ESC_Logging.dll
MOD - [2008/11/12 12:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
MOD - [2008/11/11 16:39:40 | 000,222,208 | ---- | M] () -- C:\Program Files\T-Mobile\web'n'walk Manager\Optimizer.dll
MOD - [2008/08/15 07:46:30 | 002,854,912 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008/08/15 07:43:46 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2008/07/10 19:25:20 | 000,057,344 | ---- | M] () -- C:\Program Files\Common Files\Intel\WirelessCommon\CustomUIResource.dll
MOD - [2008/07/10 19:15:30 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
MOD - [2008/04/25 21:35:57 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2008/04/25 21:35:56 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2008/04/25 21:35:55 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2008/04/25 21:34:28 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2008/04/14 12:00:00 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2008/04/14 12:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 12:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/07/23 14:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2005/10/20 09:36:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2005/10/20 09:36:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/15 09:13:04 | 000,618,232 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/09/06 20:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/15 14:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2011/03/15 14:17:46 | 001,475,848 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2009/05/05 08:11:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/04/09 13:02:50 | 000,447,264 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/03/17 01:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R213367\stacsv.exe -- (STacSV)
SRV - [2009/03/03 13:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2009/01/14 09:23:50 | 000,991,232 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2008/12/29 10:07:28 | 000,320,800 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/12/12 08:54:00 | 000,638,976 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/11/12 12:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/11/04 10:39:20 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/07/10 19:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/07/10 19:32:38 | 000,352,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2008/07/10 19:23:22 | 000,901,120 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/07/10 19:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/07/01 17:57:10 | 000,110,592 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV - [2008/06/27 12:47:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/06/15 05:12:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/04/30 15:52:36 | 000,200,704 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007/01/04 22:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip)
DRV - [2011/09/15 09:13:09 | 000,101,776 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2011/09/15 09:13:09 | 000,079,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/09/15 09:13:09 | 000,031,504 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/09/06 20:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 20:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 20:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 20:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 20:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 20:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 20:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/22 10:33:08 | 000,135,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2009/03/17 01:57:30 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/03/17 01:57:12 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/02/26 21:08:52 | 000,109,568 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2009/02/22 21:51:20 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/01/16 15:41:06 | 000,208,824 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/01/14 10:51:50 | 000,230,952 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2008/12/08 16:21:20 | 000,110,080 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008/12/08 16:21:20 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/12/08 16:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/12/08 16:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/12/08 16:21:20 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/11/07 11:03:18 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsser.sys -- (GTUHSSER)
DRV - [2008/11/07 11:01:48 | 000,020,352 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsoms.sys -- (GTUHSOMS)
DRV - [2008/11/07 10:58:56 | 000,105,984 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
DRV - [2008/11/07 10:57:38 | 000,062,592 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV - [2008/09/10 22:18:18 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/08/18 16:01:26 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2008/08/18 16:01:20 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/08/18 16:01:18 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/08/18 16:01:14 | 000,991,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/18 16:01:12 | 000,534,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/08/18 15:37:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/07/12 12:58:08 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BASFND.sys -- (BASFND)
DRV - [2008/07/01 22:42:28 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/06/26 05:15:34 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/06/06 08:15:40 | 000,098,816 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2008/06/04 12:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/04/18 14:48:50 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/02/08 14:39:06 | 000,004,864 | ---- | M] (Option N.V.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GtTdiFltr.sys -- (GtTdiFltr)
DRV - [2007/08/06 12:30:18 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2007/07/23 14:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 14:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 14:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 14:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 14:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 14:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 14:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 14:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 13:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 13:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/12/05 23:39:13 | 001,964,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2006/09/24 13:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/05/02 21:15:50 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®
DRV - [1996/04/03 19:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.uk.msn.com/USREL/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.uk.msn.com/USREL/2


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USREL/2
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USREL/2
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USREL/2
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USREL/2
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1263625616-3485408036-2450324022-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USREL/2
IE - HKU\S-1-5-21-1263625616-3485408036-2450324022-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKU\S-1-5-21-1263625616-3485408036-2450324022-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKU\S-1-5-21-1263625616-3485408036-2450324022-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
IE - HKU\S-1-5-21-1263625616-3485408036-2450324022-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1263625616-3485408036-2450324022-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...BDF&PC=MDDR&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://home.bt.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}:5.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://www.bing.com/...BDF&PC=MDDR&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/15 23:23:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/15 23:23:06 | 000,000,000 | ---D | M]

[2009/06/15 10:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Mozilla\Extensions
[2011/11/15 13:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Mozilla\Firefox\Profiles\eplj93mx.default\extensions
[2010/04/27 15:54:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Mozilla\Firefox\Profiles\eplj93mx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/08 12:31:34 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Mozilla\Firefox\Profiles\eplj93mx.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/09/30 00:23:15 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Mozilla\Firefox\Profiles\eplj93mx.default\searchplugins\bing.xml
[2011/11/15 23:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/18 21:28:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/15 23:23:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/15 23:22:59 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/11/15 23:22:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/15 23:22:59 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/11/15 23:22:59 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/11/15 23:22:59 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/10/09 22:30:40 | 000,000,765 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: HP001CC44D519C HP001CC44D519C
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-1263625616-3485408036-2450324022-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1263625616-3485408036-2450324022-1005\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ()
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\S-1-5-21-1263625616-3485408036-2450324022-1005..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Alarm Manager.LNK = C:\Program Files\palmOne\AlarmApp.exe (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\web'n'walk Manager.lnk = C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (T-Mobile)
O4 - Startup: C:\Documents and Settings\Ravi Ramlakhan\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()
O4 - Startup: C:\Documents and Settings\Ravi Ramlakhan\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1263625616-3485408036-2450324022-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6373EB90-0867-4EE0-B656-F759CF755552}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) -C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 21:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{76aaf660-3ed7-11de-a69f-00242bfa6af7}\Shell - "" = AutoRun
O33 - MountPoints2\{76aaf660-3ed7-11de-a69f-00242bfa6af7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76aaf660-3ed7-11de-a69f-00242bfa6af7}\Shell\AutoRun\command - "" = E:\setup.exe AUTORUN=1
O33 - MountPoints2\{fbf3638b-4446-11de-a6b6-00242bfa6af7}\Shell - "" = AutoRun
O33 - MountPoints2\{fbf3638b-4446-11de-a6b6-00242bfa6af7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fbf3638b-4446-11de-a6b6-00242bfa6af7}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/26 14:12:09 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\aswMBR.exe
[2011/11/26 14:11:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\OTL.exe
[2011/11/22 14:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/22 11:00:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ravi Ramlakhan\Recent

========== Files - Modified Within 30 Days ==========

[2011/11/26 14:12:51 | 000,000,131 | ---- | M] () -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\getpartitions.bat
[2011/11/26 14:12:17 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\aswMBR.exe
[2011/11/26 14:11:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\OTL.exe
[2011/11/26 13:36:11 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/26 09:56:29 | 000,465,194 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/26 09:56:29 | 000,080,112 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/26 09:54:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/26 09:50:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ravi Ramlakhan\Local Settings\Application Data\WavXMapDrive.bat
[2011/11/26 09:50:42 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/26 09:48:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/26 09:48:47 | 3711,082,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/22 14:45:24 | 000,001,917 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/21 20:47:00 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\Microsoft Word.lnk
[2011/11/21 16:18:42 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\Microsoft Outlook.lnk
[2011/11/14 15:11:52 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/14 13:12:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2011/11/26 14:12:51 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\getpartitions.bat
[2011/11/22 14:45:24 | 000,001,917 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/15 23:23:15 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/09 22:21:20 | 000,000,690 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/10/09 19:45:53 | 000,116,843 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2011/10/09 19:45:52 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2011/09/15 09:13:20 | 000,147,192 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2011/08/01 14:24:49 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2011/08/01 14:16:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2011/04/30 16:39:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/07 16:58:24 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\$_hpcst$.hpc
[2010/10/08 21:51:47 | 000,116,843 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/01/20 13:13:59 | 000,021,892 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/21 11:03:28 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/06/04 09:18:05 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Ravi Ramlakhan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/29 10:12:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/04 18:57:56 | 000,000,042 | ---- | C] () -- C:\WINDOWS\ib.ini
[2009/05/04 18:57:54 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll
[2009/05/03 21:37:29 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Ravi Ramlakhan\Local Settings\Application Data\fusioncache.dat
[2009/05/03 21:25:27 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/05/03 21:24:53 | 000,000,171 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/05/03 18:47:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/02 21:31:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/02 19:32:24 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.5.57173.439_XP_Vista_x32.INI
[2009/05/02 19:25:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ravi Ramlakhan\Local Settings\Application Data\WavXMapDrive.bat
[2009/04/28 22:36:31 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/04/28 22:36:31 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/04/28 22:36:21 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/04/28 22:35:29 | 000,001,204 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/04/28 14:31:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/28 14:25:39 | 000,000,232 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/28 14:24:31 | 000,230,952 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/04/28 14:03:59 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/12/30 18:13:14 | 000,137,196 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008/12/22 11:13:54 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2008/12/19 17:59:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll
[2008/12/19 17:59:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll
[2008/12/19 17:59:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll
[2008/12/19 17:59:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll
[2008/12/19 17:59:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll
[2008/12/19 17:59:12 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll
[2008/12/19 17:59:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll
[2008/12/19 17:59:10 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll
[2008/12/19 17:59:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll
[2008/12/19 17:59:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2008/12/19 17:59:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2008/12/19 17:59:04 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
[2008/12/19 17:59:04 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2008/12/19 17:59:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2008/12/19 17:59:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
[2008/12/19 17:59:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
[2008/12/19 17:58:58 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
[2008/12/19 17:58:56 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2008/12/19 17:58:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2008/12/19 17:58:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2008/12/19 17:58:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2008/12/19 17:58:52 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2008/12/19 17:58:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2008/12/19 17:58:48 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
[2008/12/11 14:51:36 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
[2008/12/11 11:59:48 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2008/12/11 11:59:46 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2008/12/11 11:59:46 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2008/12/11 11:59:46 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2008/12/11 11:59:44 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2008/12/11 11:59:44 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2008/12/11 11:59:42 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2008/12/11 11:59:42 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2008/12/11 11:59:40 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll
[2008/12/11 11:59:40 | 000,479,232 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2008/12/11 11:59:40 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2008/12/11 11:59:38 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll
[2008/12/11 11:59:38 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll
[2008/12/11 11:59:36 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll
[2008/12/11 11:59:36 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll
[2008/12/11 11:59:36 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ar.dll
[2008/12/11 11:59:34 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_el.dll
[2008/12/11 11:59:34 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_cs.dll
[2008/12/11 11:59:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fi.dll
[2008/12/11 11:59:34 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_he.dll
[2008/12/11 11:59:32 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-PT.dll
[2008/12/11 11:59:32 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_hu.dll
[2008/12/11 11:59:30 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ro.dll
[2008/12/11 11:59:30 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_tr.dll
[2008/12/11 11:56:30 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2008/10/06 17:36:56 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2008/08/20 14:45:46 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2008/08/15 07:46:30 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 21:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 21:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 21:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 16:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 16:16:22 | 000,465,194 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 16:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 16:16:22 | 000,080,112 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 16:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 16:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 16:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 16:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 16:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 16:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 16:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 16:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 09:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 09:21:52 | 000,126,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/25 08:46:00 | 000,077,536 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/20 00:28:30 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/06/30 11:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 11:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/06/12 07:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2004/09/10 12:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 12:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/04/28 14:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Broadcom
[2009/04/28 14:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp
[2009/04/28 13:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/03/15 15:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/05/05 08:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/04/28 14:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2009/12/09 18:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/11/15 23:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/19 10:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2009/04/28 14:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/04/19 20:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/30 14:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/10 14:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/28 14:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Broadcom
[2009/04/28 14:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Wave Systems Corp
[2009/04/28 13:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search
[2009/05/19 10:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone
[2009/04/28 14:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Broadcom
[2011/06/30 08:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Feweqo
[2011/06/30 08:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Uhely
[2009/05/19 10:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Vodafone
[2009/04/28 14:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Wave Systems Corp
[2009/04/28 13:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Windows Desktop Search
[2009/05/02 21:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 12:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 12:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/14 12:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{527A1883-FF40-45A0-88C8-7DD861A272B7}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{5E32FE02-C7A6-4095-BF2B-A251FA34C930}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{6373EB90-0867-4EE0-B656-F759CF755552}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{64DC389E-8DC9-4E47-B8DF-8567014426A6}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{79D1093D-BD5C-4F3F-BD61-1D38C3FC7C47}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{9A4F2218-0567-43C9-93CF-11C758826C69}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{AAAAD65A-6796-4F6A-B94C-7F3B64811919}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{DF7219D9-A4CA-412D-8AE0-4B511ABE2148}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{E73E3251-C720-4328-B27E-7A348946056D}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{F1F62F74-6B8A-4C53-8893-210A88FC1FA0}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/14 12:00:00 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 09 01 04 01 08 01 07 01 06 01 05 01 03 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 9
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2008/04/14 12:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

------------------------------------------------

My aswMBR.exe log is given below

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-26 14:35:40
-----------------------------
14:35:40.046 OS Version: Windows 5.1.2600 Service Pack 3
14:35:40.046 Number of processors: 2 586 0x170A
14:35:40.046 ComputerName: RAMLAKHAN3 UserName:
14:36:08.562 Initialize success
14:36:08.734 AVAST engine defs: 11112600
14:36:12.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:36:12.671 Disk 0 Vendor: ST925032 DE06 Size: 238475MB BusType: 3
14:36:14.671 Disk 0 MBR read successfully
14:36:14.671 Disk 0 MBR scan
14:36:14.671 Disk 0 Windows VISTA default MBR code
14:36:14.671 Disk 0 scanning sectors +488392065
14:36:14.796 Disk 0 scanning C:\WINDOWS\system32\drivers
14:36:25.093 Service scanning
14:36:26.453 Modules scanning
14:36:31.328 Disk 0 trace - called modules:
14:36:31.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8b120000]<<
14:36:31.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b11b868]
14:36:31.343 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8b11c028]
14:36:32.453 AVAST engine scan C:\WINDOWS
14:36:36.812 AVAST engine scan C:\WINDOWS\system32
14:37:51.671 AVAST engine scan C:\WINDOWS\system32\drivers
14:38:07.671 AVAST engine scan C:\Documents and Settings\Ravi Ramlakhan
14:51:22.468 AVAST engine scan C:\Documents and Settings\All Users
14:52:19.000 Scan finished successfully
14:55:52.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ravi Ramlakhan\Desktop\MBR.dat"
14:55:52.156 The log file has been saved successfully to "C:\Documents and Settings\Ravi Ramlakhan\Desktop\aswMBR.txt"

---------------------------------------

My C:\DiskReport.txt log is given below:


Microsoft DiskPart version 5.1.3565

Copyright © 1999-2003 Microsoft Corporation.
On computer: RAMLAKHAN3

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B
Volume 1 C OS NTFS Partition 233 GB Healthy System

-------------------------------------

I await your further instructions!
  • 0

#4
Essexboy
Posted 26 November 2011 - 11:41 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK aswMBR is showing an unknown which will always merit some deeper investigation

“Visa Advance Verification” there is a function that comes under this name but, it will only ask for the password, not a pin or any further data

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec)
    DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip)
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}:5.0.15
    O3 - HKU\S-1-5-21-1263625616-3485408036-2450324022-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-1263625616-3485408036-2450324022-1005\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
    O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    [2011/11/26 14:12:51 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\getpartitions.bat

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks, also allow the recovery console to be installed

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
Rav
Posted 26 November 2011 - 02:03 PM

Rav

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi there

I have run the OTL fix and scan and Combofix as you asked. The boot up of the computer is a bit perkier or quicker. But typing in Google's search field is still clunky and there is still this delay in the typed words appearing. More worryingly, that irregular Visa pop-up still comes up when using that portal to get more download allowance from my ISP. Incidentally, that pop-up comes up when I use both Firefox and IE browsers. However, if I switch to a completely different computer in the house I do not experience that pop-up. I have attached a screen capture of the pop-up. And so, I think some sort of infection still remains.

-----------------------------------
OTL Log:

OTL logfile created on: 26/11/2011 18:42:40 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ravi Ramlakhan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.46 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 75.40% Memory free
5.29 Gb Paging File | 4.50 Gb Available in Paging File | 85.10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 171.23 Gb Free Space | 73.56% Space Free | Partition Type: NTFS

Computer Name: RAMLAKHAN3 | User Name: Ravi Ramlakhan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/26 14:11:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\OTL.exe
PRC - [2011/09/15 09:13:04 | 000,618,232 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/09/15 09:12:58 | 001,797,880 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/09/06 20:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/06 20:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/15 14:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2009/11/21 10:57:43 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/15 11:06:52 | 000,053,064 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\TscHelp.exe
PRC - [2009/10/15 11:06:50 | 000,066,888 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
PRC - [2009/10/15 11:06:46 | 007,168,328 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe
PRC - [2009/10/15 11:06:46 | 006,287,176 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
PRC - [2009/04/09 13:02:50 | 000,447,264 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2009/03/19 17:25:06 | 000,667,648 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/03/17 01:57:38 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/17 01:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R213367\stacsv.exe
PRC - [2009/03/17 01:57:14 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009/02/22 21:51:40 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/02/22 21:51:24 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/02/22 21:51:22 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/02/22 21:51:22 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/02/04 20:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/16 15:41:02 | 000,656,696 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2009/01/16 14:46:22 | 000,015,360 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2009/01/14 09:23:50 | 000,991,232 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2008/12/29 10:07:28 | 000,320,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2008/12/22 11:15:44 | 000,145,408 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2008/11/11 16:39:40 | 001,463,296 | ---- | M] (T-Mobile) -- C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
PRC - [2008/11/04 10:40:24 | 002,087,424 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2008/11/04 10:39:20 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008/08/15 07:51:34 | 001,448,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/08/15 07:51:34 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/07/10 19:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/07/10 19:32:38 | 000,352,256 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2008/07/10 19:30:46 | 001,351,680 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/07/10 19:23:22 | 000,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/07/10 19:13:50 | 001,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/07/10 19:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/07/01 17:57:10 | 000,110,592 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
PRC - [2008/06/27 12:47:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/06/15 05:12:20 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/15 05:12:18 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/30 15:52:36 | 000,200,704 | ---- | M] (OptionNV) -- C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 22:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2006/12/05 23:38:58 | 000,707,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2006/02/10 06:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2004/04/13 16:03:26 | 000,274,432 | ---- | M] (Palm, Inc.) -- C:\Program Files\palmOne\AlarmApp.exe
PRC - [2004/04/13 16:03:10 | 000,299,008 | ---- | M] (Palm, Inc.) -- C:\Program Files\palmOne\HOTSYNC.EXE


========== Modules (No Company Name) ==========

MOD - [2011/11/26 17:54:52 | 001,619,456 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112601\algo.dll
MOD - [2011/11/25 17:12:36 | 000,241,528 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112601\aswRep.dll
MOD - [2011/10/13 09:44:16 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011/10/13 09:34:03 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/13 09:33:19 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 09:33:03 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
MOD - [2011/10/13 09:32:59 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MOD - [2011/10/13 09:29:09 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 09:28:30 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/12 23:38:45 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
MOD - [2011/10/12 23:38:32 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/12 23:38:26 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/12 23:38:19 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/12 23:38:02 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/12 23:37:14 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/10/12 23:37:00 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2011/10/12 23:36:58 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/10/12 23:32:09 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_9c261a2e\mscorlib.dll
MOD - [2011/10/12 23:32:04 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_a39ee613\system.drawing.dll
MOD - [2011/10/12 23:31:56 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_49ef5538\system.xml.dll
MOD - [2011/10/12 23:31:49 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_60148b1c\system.windows.forms.dll
MOD - [2011/10/12 23:31:36 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_661d0866\system.dll
MOD - [2011/10/12 23:31:25 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/09/15 09:13:09 | 000,283,896 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\Themes\cfp.theme
MOD - [2011/09/15 09:13:09 | 000,147,192 | ---- | M] () -- C:\WINDOWS\system32\guard32.dll
MOD - [2011/09/15 09:13:04 | 000,618,232 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
MOD - [2011/09/15 09:13:04 | 000,196,344 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\framework.dll
MOD - [2011/09/15 09:12:58 | 001,797,880 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
MOD - [2010/10/08 21:59:19 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2010/10/08 21:59:12 | 001,163,264 | ---- | M] () -- c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2010/10/08 21:59:11 | 000,790,528 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2010/10/08 21:59:08 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2010/10/08 21:59:04 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2010/10/08 21:59:04 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2010/10/08 21:59:04 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2010/10/08 21:59:03 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2010/10/08 21:59:03 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2010/10/08 21:59:03 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2010/10/08 21:59:03 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll
MOD - [2010/10/08 21:59:03 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2010/10/08 21:59:03 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2010/10/08 21:59:03 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2010/10/08 21:59:03 | 000,014,848 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2010/10/08 21:59:02 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2010/10/08 21:59:02 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2010/10/08 21:59:01 | 000,516,096 | ---- | M] () -- c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2010/10/08 21:59:01 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2010/10/08 21:59:01 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2010/10/08 21:59:01 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2010/10/08 21:59:01 | 000,061,440 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2010/10/08 21:59:01 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2010/10/08 21:59:00 | 000,385,024 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2010/10/08 21:59:00 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2010/10/08 21:59:00 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2010/10/08 21:59:00 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2010/10/08 21:59:00 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2010/10/08 21:59:00 | 000,020,480 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2010/10/08 21:58:56 | 000,593,920 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2010/10/08 21:58:56 | 000,425,984 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2009/10/15 11:06:44 | 004,715,848 | R--- | M] () -- C:\Program Files\TechSmith\Snagit 9\PDFNetC.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/04/28 14:17:02 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Status Lib\1.6.206.39627__f25c74fcad379103\Status Lib.dll
MOD - [2009/04/28 14:17:02 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\StatusInterfaces\1.6.206.39627__4ca2a925deedf37d\StatusInterfaces.dll
MOD - [2009/04/28 14:17:01 | 000,013,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SecurityDeviceInfoSetReg\1.6.206.39641__3a60a70419922317\SecurityDeviceInfoSetReg.dll
MOD - [2008/12/22 11:13:54 | 000,249,856 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2008/12/11 14:51:36 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\Wavx_ESC_Logging.dll
MOD - [2008/11/12 12:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
MOD - [2008/11/11 16:39:40 | 000,222,208 | ---- | M] () -- C:\Program Files\T-Mobile\web'n'walk Manager\Optimizer.dll
MOD - [2008/08/15 07:46:30 | 002,854,912 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008/08/15 07:43:46 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2008/07/10 19:25:20 | 000,057,344 | ---- | M] () -- C:\Program Files\Common Files\Intel\WirelessCommon\CustomUIResource.dll
MOD - [2008/07/10 19:15:30 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
MOD - [2008/04/25 21:35:57 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2008/04/25 21:35:56 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2008/04/25 21:35:55 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2008/04/25 21:34:28 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2008/04/14 12:00:00 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2008/04/14 12:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 12:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005/10/20 09:36:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2005/10/20 09:36:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/15 09:13:04 | 000,618,232 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/09/06 20:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/15 14:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2011/03/15 14:17:46 | 001,475,848 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2009/05/05 08:11:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/04/09 13:02:50 | 000,447,264 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/03/17 01:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R213367\stacsv.exe -- (STacSV)
SRV - [2009/03/03 13:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2009/01/14 09:23:50 | 000,991,232 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2008/12/29 10:07:28 | 000,320,800 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/12/12 08:54:00 | 000,638,976 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/11/12 12:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/11/04 10:39:20 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/07/10 19:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/07/10 19:32:38 | 000,352,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2008/07/10 19:23:22 | 000,901,120 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/07/10 19:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/07/01 17:57:10 | 000,110,592 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV - [2008/06/27 12:47:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/06/15 05:12:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/04/30 15:52:36 | 000,200,704 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007/01/04 22:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/09/15 09:13:09 | 000,101,776 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2011/09/15 09:13:09 | 000,079,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/09/15 09:13:09 | 000,031,504 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/09/06 20:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 20:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 20:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 20:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 20:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 20:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 20:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/22 10:33:08 | 000,135,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2009/03/17 01:57:30 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/03/17 01:57:12 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/02/26 21:08:52 | 000,109,568 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2009/02/22 21:51:20 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/01/16 15:41:06 | 000,208,824 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/01/14 10:51:50 | 000,230,952 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2008/12/08 16:21:20 | 000,110,080 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008/12/08 16:21:20 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/12/08 16:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/12/08 16:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/12/08 16:21:20 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/11/07 11:03:18 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsser.sys -- (GTUHSSER)
DRV - [2008/11/07 11:01:48 | 000,020,352 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsoms.sys -- (GTUHSOMS)
DRV - [2008/11/07 10:58:56 | 000,105,984 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
DRV - [2008/11/07 10:57:38 | 000,062,592 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV - [2008/09/10 22:18:18 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/08/18 16:01:26 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2008/08/18 16:01:20 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/08/18 16:01:18 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/08/18 16:01:14 | 000,991,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/18 16:01:12 | 000,534,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/08/18 15:37:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/07/12 12:58:08 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BASFND.sys -- (BASFND)
DRV - [2008/07/01 22:42:28 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/06/26 05:15:34 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/06/06 08:15:40 | 000,098,816 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2008/06/04 12:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/04/18 14:48:50 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/02/08 14:39:06 | 000,004,864 | ---- | M] (Option N.V.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GtTdiFltr.sys -- (GtTdiFltr)
DRV - [2007/08/06 12:30:18 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2007/07/23 14:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 14:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 14:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 14:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 14:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 14:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 14:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 14:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 13:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 13:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/12/05 23:39:13 | 001,964,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2006/09/24 13:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/05/02 21:15:50 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®
DRV - [1996/04/03 19:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.uk.msn.com/USREL/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.uk.msn.com/USREL/2


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USREL/2
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USREL/2
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USREL/2
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USREL/2
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1263625616-3485408036-2450324022-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USREL/2
IE - HKU\S-1-5-21-1263625616-3485408036-2450324022-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKU\S-1-5-21-1263625616-3485408036-2450324022-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKU\S-1-5-21-1263625616-3485408036-2450324022-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
IE - HKU\S-1-5-21-1263625616-3485408036-2450324022-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1263625616-3485408036-2450324022-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...BDF&PC=MDDR&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://home.bt.yahoo.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/15 23:23:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/15 23:23:06 | 000,000,000 | ---D | M]

[2009/06/15 10:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Mozilla\Extensions
[2011/11/15 13:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Mozilla\Firefox\Profiles\eplj93mx.default\extensions
[2010/04/27 15:54:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Mozilla\Firefox\Profiles\eplj93mx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/08 12:31:34 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Mozilla\Firefox\Profiles\eplj93mx.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/09/30 00:23:15 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Mozilla\Firefox\Profiles\eplj93mx.default\searchplugins\bing.xml
[2011/11/15 23:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/18 21:28:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/15 23:23:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/15 23:22:59 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/11/15 23:22:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/15 23:22:59 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/11/15 23:22:59 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/11/15 23:22:59 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/11/26 18:23:32 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ()
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\S-1-5-21-1263625616-3485408036-2450324022-1005..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Alarm Manager.LNK = C:\Program Files\palmOne\AlarmApp.exe (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\web'n'walk Manager.lnk = C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (T-Mobile)
O4 - Startup: C:\Documents and Settings\Ravi Ramlakhan\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()
O4 - Startup: C:\Documents and Settings\Ravi Ramlakhan\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1263625616-3485408036-2450324022-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6373EB90-0867-4EE0-B656-F759CF755552}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) -C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 21:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{76aaf660-3ed7-11de-a69f-00242bfa6af7}\Shell - "" = AutoRun
O33 - MountPoints2\{76aaf660-3ed7-11de-a69f-00242bfa6af7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76aaf660-3ed7-11de-a69f-00242bfa6af7}\Shell\AutoRun\command - "" = E:\setup.exe AUTORUN=1
O33 - MountPoints2\{fbf3638b-4446-11de-a6b6-00242bfa6af7}\Shell - "" = AutoRun
O33 - MountPoints2\{fbf3638b-4446-11de-a6b6-00242bfa6af7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fbf3638b-4446-11de-a6b6-00242bfa6af7}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/26 18:41:56 | 004,309,325 | ---- | C] (Swearware) -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\ComboFix.exe
[2011/11/26 18:21:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/26 14:12:09 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\aswMBR.exe
[2011/11/26 14:11:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\OTL.exe
[2011/11/22 14:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/22 11:00:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ravi Ramlakhan\Recent

========== Files - Modified Within 30 Days ==========

[2011/11/26 18:42:07 | 004,309,325 | ---- | M] (Swearware) -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\ComboFix.exe
[2011/11/26 18:40:26 | 000,465,194 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/26 18:40:26 | 000,080,112 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/26 18:37:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/26 18:36:01 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/26 18:34:12 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ravi Ramlakhan\Local Settings\Application Data\WavXMapDrive.bat
[2011/11/26 18:33:04 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/26 18:32:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/26 18:32:30 | 3711,082,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/26 18:23:32 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/11/26 14:55:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\MBR.dat
[2011/11/26 14:12:17 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\aswMBR.exe
[2011/11/26 14:11:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\OTL.exe
[2011/11/22 14:45:24 | 000,001,917 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/21 20:47:00 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\Microsoft Word.lnk
[2011/11/21 16:18:42 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\Microsoft Outlook.lnk
[2011/11/14 15:11:52 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/14 13:12:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2011/11/26 14:55:52 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Ravi Ramlakhan\Desktop\MBR.dat
[2011/11/22 14:45:24 | 000,001,917 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/15 23:23:15 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/09 22:21:20 | 000,000,690 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/10/09 19:45:53 | 000,116,843 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2011/10/09 19:45:52 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2011/09/15 09:13:20 | 000,147,192 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2011/08/01 14:24:49 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2011/08/01 14:16:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2011/04/30 16:39:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/07 16:58:24 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\$_hpcst$.hpc
[2010/10/08 21:51:47 | 000,116,843 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/01/20 13:13:59 | 000,021,892 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/21 11:03:28 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/06/04 09:18:05 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Ravi Ramlakhan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/29 10:12:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/04 18:57:56 | 000,000,042 | ---- | C] () -- C:\WINDOWS\ib.ini
[2009/05/04 18:57:54 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll
[2009/05/03 21:37:29 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Ravi Ramlakhan\Local Settings\Application Data\fusioncache.dat
[2009/05/03 21:25:27 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/05/03 21:24:53 | 000,000,171 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/05/03 18:47:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/02 21:31:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/02 19:32:24 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.5.57173.439_XP_Vista_x32.INI
[2009/05/02 19:25:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ravi Ramlakhan\Local Settings\Application Data\WavXMapDrive.bat
[2009/04/28 22:36:31 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/04/28 22:36:31 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/04/28 22:36:21 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/04/28 22:35:29 | 000,001,204 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/04/28 14:31:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/28 14:25:39 | 000,000,232 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/28 14:24:31 | 000,230,952 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/04/28 14:03:59 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/12/30 18:13:14 | 000,137,196 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008/12/22 11:13:54 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2008/12/19 17:59:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll
[2008/12/19 17:59:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll
[2008/12/19 17:59:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll
[2008/12/19 17:59:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll
[2008/12/19 17:59:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll
[2008/12/19 17:59:12 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll
[2008/12/19 17:59:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll
[2008/12/19 17:59:10 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll
[2008/12/19 17:59:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll
[2008/12/19 17:59:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2008/12/19 17:59:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2008/12/19 17:59:04 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
[2008/12/19 17:59:04 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2008/12/19 17:59:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2008/12/19 17:59:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
[2008/12/19 17:59:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
[2008/12/19 17:58:58 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
[2008/12/19 17:58:56 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2008/12/19 17:58:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2008/12/19 17:58:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2008/12/19 17:58:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2008/12/19 17:58:52 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2008/12/19 17:58:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2008/12/19 17:58:48 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
[2008/12/11 14:51:36 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
[2008/12/11 11:59:48 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2008/12/11 11:59:46 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2008/12/11 11:59:46 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2008/12/11 11:59:46 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2008/12/11 11:59:44 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2008/12/11 11:59:44 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2008/12/11 11:59:42 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2008/12/11 11:59:42 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2008/12/11 11:59:40 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll
[2008/12/11 11:59:40 | 000,479,232 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2008/12/11 11:59:40 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2008/12/11 11:59:38 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll
[2008/12/11 11:59:38 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll
[2008/12/11 11:59:36 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll
[2008/12/11 11:59:36 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll
[2008/12/11 11:59:36 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ar.dll
[2008/12/11 11:59:34 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_el.dll
[2008/12/11 11:59:34 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_cs.dll
[2008/12/11 11:59:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fi.dll
[2008/12/11 11:59:34 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_he.dll
[2008/12/11 11:59:32 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-PT.dll
[2008/12/11 11:59:32 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_hu.dll
[2008/12/11 11:59:30 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ro.dll
[2008/12/11 11:59:30 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_tr.dll
[2008/12/11 11:56:30 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2008/10/06 17:36:56 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2008/08/20 14:45:46 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2008/08/15 07:46:30 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 21:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 21:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 21:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 16:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 16:16:22 | 000,465,194 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 16:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 16:16:22 | 000,080,112 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 16:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 16:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 16:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 16:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 16:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 16:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 16:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 16:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 09:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 09:21:52 | 000,126,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/25 08:46:00 | 000,077,536 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/20 00:28:30 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/06/30 11:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 11:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/06/12 07:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2004/09/10 12:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 12:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/04/28 14:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Broadcom
[2009/04/28 14:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp
[2009/04/28 13:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/03/15 15:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/05/05 08:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/04/28 14:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2009/12/09 18:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/11/15 23:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/19 10:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2009/04/28 14:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/04/19 20:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/30 14:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/10 14:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/28 14:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Broadcom
[2009/04/28 14:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Wave Systems Corp
[2009/04/28 13:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search
[2009/05/19 10:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone
[2009/04/28 14:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Broadcom
[2011/06/30 08:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Feweqo
[2011/06/30 08:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Uhely
[2009/05/19 10:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Vodafone
[2009/04/28 14:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Wave Systems Corp
[2009/04/28 13:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Windows Desktop Search
[2009/05/02 21:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ravi Ramlakhan\Application Data\Windows Search

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

---------------------------------
Combofix Log:

ComboFix 11-11-26.04 - Ravi Ramlakhan 26/11/2011 19:09:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3539.2694 [GMT 0:00]
Running from: c:\documents and settings\Ravi Ramlakhan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Ravi Ramlakhan\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-26 18:21 . 2011-11-26 18:21 -------- d-----w- C:\_OTL
2011-11-15 23:23 . 2011-11-15 23:23 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-11-15 23:23 . 2011-11-15 23:23 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-15 23:23 . 2011-11-15 23:23 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-11-15 23:23 . 2011-11-15 23:23 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-11-15 23:23 . 2011-11-15 23:23 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-15 23:23 . 2011-11-15 23:23 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-15 23:23 . 2011-11-15 23:23 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-11-15 23:23 . 2011-11-15 23:23 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-26 18:34 . 2009-05-02 19:25 0 ----a-w- c:\documents and settings\Ravi Ramlakhan\Local Settings\Application Data\WavXMapDrive.bat
2011-11-16 08:45 . 2011-05-18 05:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 04:06 . 2010-04-24 13:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2010-04-24 13:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2008-04-25 16:16 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2008-04-25 16:16 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-15 09:13 . 2011-09-15 09:13 79504 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-09-15 09:13 . 2011-09-15 09:13 31504 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-09-15 09:13 . 2011-09-15 09:13 147192 ----a-w- c:\windows\system32\guard32.dll
2011-09-15 09:13 . 2011-09-15 09:13 101776 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2011-09-06 20:45 . 2010-07-01 18:03 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2009-05-02 19:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-09-28 08:35 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2009-05-02 19:43 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2009-05-02 19:43 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2009-05-02 19:43 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2009-05-02 19:43 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2009-05-02 19:43 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2009-05-02 19:43 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2009-05-02 19:43 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 13:25 . 2008-04-25 16:16 1867904 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 17:00 . 2010-07-31 16:27 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 23:23 . 2011-11-15 23:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-01-14 09:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-01-14 09:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 134656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-12-19 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-01-16 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-01-16 95544]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-03-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-01-16 15360]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-11-04 2087424]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-10 1351680]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-10 1191936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-21 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 275800]
"VX3000"="c:\windows\vVX3000.exe" [2006-12-05 707360]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-09-15 1797880]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Ravi Ramlakhan\Start Menu\Programs\Startup\
Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe [2009-5-4 194775]
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-13 299008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Alarm Manager.LNK - c:\program files\palmOne\AlarmApp.exe [2004-4-13 274432]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-4-9 1106720]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-10-15 6287176]
web'n'walk Manager.lnk - c:\program files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe [2008-11-11 1463296]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-05 08:11 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/09/2011 08:35 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [02/05/2009 19:43 320856]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [15/09/2011 09:13 101776]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [15/09/2011 09:13 31504]
R1 GtTdiFltr;GtTdiFltr;c:\windows\system32\drivers\GtTdiFltr.sys [08/02/2008 14:39 4864]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02/05/2009 19:43 20568]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [27/06/2008 12:47 1664248]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15/06/2011 16:33 249648]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [01/07/2008 17:57 110592]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [29/12/2008 10:07 320800]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [09/04/2009 13:02 447264]
R2 GtDetectSc;GtDetectSc;c:\program files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [30/04/2008 15:52 200704]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [04/11/2008 10:39 14336]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [28/04/2009 22:36 112512]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [28/04/2009 22:36 109568]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [28/04/2009 14:24 230952]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2010 22:42 135664]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [07/07/2011 18:31 195336]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [07/11/2008 10:57 62592]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [07/11/2008 10:58 105984]
S3 GTUHSOMS;GT UHS OMS;c:\windows\system32\drivers\gtuhsoms.sys [07/11/2008 11:01 20352]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [07/11/2008 11:03 8064]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2010 22:42 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [19/05/2009 10:55 7680]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [19/05/2009 10:56 110080]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - xcpip
*Deregistered* - xpsec
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 22:42]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 22:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.bt.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Ravi Ramlakhan\Application Data\Mozilla\Firefox\Profiles\eplj93mx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DLRBDF&PC=MDDR&q=
FF - prefs.js: browser.startup.homepage - hxxp://home.bt.yahoo.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-26 19:21
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1036)
c:\windows\system32\guard32.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
- - - - - - - > 'lsass.exe'(1092)
c:\windows\system32\guard32.dll
c:\windows\system32\wvauth.dll
.
Completion time: 2011-11-26 19:28:07
ComboFix-quarantined-files.txt 2011-11-26 19:27
.
Pre-Run: 183,751,880,704 bytes free
Post-Run: 183,696,785,408 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - ACFB45763B62216A3F3B3A30CD447776

-------------------------------------

Thank you. Awaiting your further instructions.
  • 0

#6
Essexboy
Posted 26 November 2011 - 02:18 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you attach the screen shot please. Also how do you connect to the site ? Do you type the address in or use a password manager

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"=-
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-


Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#7
Rav
Posted 26 November 2011 - 02:50 PM

Rav

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I will attempt attaching the screenshot again. I am not sure why it did not work the first time.

To access the ISP's site I usually click on the site address in my Bookmarks, then on the site itself I click on "Customer Portal" and this takes me to a sign-in page where I am required to enter my email address and password. I do not use a password manager as such, I just enter the details from memory.

I will carry out the additional ComboFix work and get back to you ASAP. ;)

Attached Thumbnails

  • Strange Visa Pop-up.png

  • 0

#8
Essexboy
Posted 26 November 2011 - 02:56 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That does not look legitimate

Could you do the following :

Delete the bookmark
Download and install Roboform
Go to the site by typing the address in the address bar
Commence your login
Roboform will popup and ask if you want to save this
Answer yes
Do you still get the authentication popup ?
  • 0

#9
Rav
Posted 26 November 2011 - 03:37 PM

Rav

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Latest ComboFix log:

ComboFix 11-11-26.04 - Ravi Ramlakhan 26/11/2011 21:01:05.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3539.2545 [GMT 0:00]
Running from: c:\documents and settings\Ravi Ramlakhan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ravi Ramlakhan\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-26 18:21 . 2011-11-26 18:21 -------- d-----w- C:\_OTL
2011-11-15 23:23 . 2011-11-15 23:23 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-11-15 23:23 . 2011-11-15 23:23 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-15 23:23 . 2011-11-15 23:23 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-11-15 23:23 . 2011-11-15 23:23 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-11-15 23:23 . 2011-11-15 23:23 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-15 23:23 . 2011-11-15 23:23 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-15 23:23 . 2011-11-15 23:23 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-11-15 23:23 . 2011-11-15 23:23 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-26 19:42 . 2009-05-02 19:25 0 ----a-w- c:\documents and settings\Ravi Ramlakhan\Local Settings\Application Data\WavXMapDrive.bat
2011-11-16 08:45 . 2011-05-18 05:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 04:06 . 2010-04-24 13:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2010-04-24 13:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2008-04-25 16:16 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2008-04-25 16:16 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-15 09:13 . 2011-09-15 09:13 79504 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-09-15 09:13 . 2011-09-15 09:13 31504 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-09-15 09:13 . 2011-09-15 09:13 147192 ----a-w- c:\windows\system32\guard32.dll
2011-09-15 09:13 . 2011-09-15 09:13 101776 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2011-09-06 20:45 . 2010-07-01 18:03 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2009-05-02 19:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-09-28 08:35 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2009-05-02 19:43 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2009-05-02 19:43 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2009-05-02 19:43 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2009-05-02 19:43 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2009-05-02 19:43 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2009-05-02 19:43 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2009-05-02 19:43 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 13:25 . 2008-04-25 16:16 1867904 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 17:00 . 2010-07-31 16:27 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 23:23 . 2011-11-15 23:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-01-14 09:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-01-14 09:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 134656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-12-19 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-01-16 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-01-16 95544]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-03-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-01-16 15360]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-11-04 2087424]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-10 1351680]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-10 1191936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-21 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 275800]
"VX3000"="c:\windows\vVX3000.exe" [2006-12-05 707360]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-09-15 1797880]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Ravi Ramlakhan\Start Menu\Programs\Startup\
Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe [2009-5-4 194775]
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-13 299008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Alarm Manager.LNK - c:\program files\palmOne\AlarmApp.exe [2004-4-13 274432]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-4-9 1106720]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-10-15 6287176]
web'n'walk Manager.lnk - c:\program files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe [2008-11-11 1463296]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-05 08:11 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/09/2011 08:35 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [02/05/2009 19:43 320856]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [15/09/2011 09:13 101776]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [15/09/2011 09:13 31504]
R1 GtTdiFltr;GtTdiFltr;c:\windows\system32\drivers\GtTdiFltr.sys [08/02/2008 14:39 4864]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02/05/2009 19:43 20568]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [27/06/2008 12:47 1664248]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15/06/2011 16:33 249648]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [01/07/2008 17:57 110592]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [29/12/2008 10:07 320800]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [09/04/2009 13:02 447264]
R2 GtDetectSc;GtDetectSc;c:\program files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [30/04/2008 15:52 200704]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [04/11/2008 10:39 14336]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [28/04/2009 22:36 112512]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [28/04/2009 22:36 109568]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [28/04/2009 14:24 230952]
R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2010 22:42 135664]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [07/07/2011 18:31 195336]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [07/11/2008 10:57 62592]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [07/11/2008 10:58 105984]
S3 GTUHSOMS;GT UHS OMS;c:\windows\system32\drivers\gtuhsoms.sys [07/11/2008 11:01 20352]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [07/11/2008 11:03 8064]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2010 22:42 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [19/05/2009 10:55 7680]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [19/05/2009 10:56 110080]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 22:42]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 22:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.bt.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Ravi Ramlakhan\Application Data\Mozilla\Firefox\Profiles\eplj93mx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DLRBDF&PC=MDDR&q=
FF - prefs.js: browser.startup.homepage - hxxp://home.bt.yahoo.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-26 21:12
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1040)
c:\windows\system32\guard32.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
- - - - - - - > 'lsass.exe'(1100)
c:\windows\system32\guard32.dll
c:\windows\system32\wvauth.dll
.
- - - - - - - > 'explorer.exe'(7196)
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdo.dll
c:\windows\system32\msi.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\system32\btmmhook.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2011-11-26 21:16:01
ComboFix-quarantined-files.txt 2011-11-26 21:15
ComboFix2.txt 2011-11-26 19:28
.
Pre-Run: 183,694,921,728 bytes free
Post-Run: 183,671,480,320 bytes free
.
- - End Of File - - 4E022510B66754871751C1ADAF51CDC3

----------------------------------------------

I installed what I presume was a trial version of Roboform and it seems to have installed OK. I deleted the bookmark, and went onto the site by typing in the address. However, when logging onto the customer portal Roboform did not seem to ask to save this, only the usual Firefox window came up asking me whether I wanted to save the password, which I always decline anyway. In any case, that irregular Visa pop-up is still coming up. :(
  • 0

#10
Essexboy
Posted 26 November 2011 - 03:46 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Going deeper

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
Megaupload
  • 0

Advertisements

#11
Rav
Posted 27 November 2011 - 05:04 AM

Rav

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi Essexboy

Well, I ran Kaspersky as you recommended. At about 11% completion and ~100,000-odd objects scanned deep into the scan it found a threat which it was able to successfully delete having requested the action from me. I am not sure how dangerous the threat was as I think it was in one of my Geeks-To-Go folders, so maybe it was a quarantined item from the past?

However, at ~30-odd% completion and about 300,000 objects scanned deep Kaspersky reported a threat which required disinfection. I believe the object was in the System Memory (tried to do a screen capture of the Kaspersky box but Snag It screen capture did not work for some reason). I wrote down the threat as described by Kaspersky:

MEM: Backdoor.Win32.Sinowal.cx

Kaspersky asked whether I wanted to disinfect the threat, and I clicked "yes", and then it reported that the disinfection could not be done, and I was forced to select "skip". At this point, the main scan was frozen and a subsidiary scan was carried out, at the end of which the computer re-booted and Kaspersky re-started. After the re-boot, Kaspersky asked if I wanted to resume the previous scan from the point left off at, to which I clicked "yes", but then Kaspersky found the same Sinowal threat and the loop began again (with the threat not being disinfected and a subsidiary scan being carried out and a re-boot conducted). It was apparent that Kaspersky would keep getting caught in this loop.

It was at this point that I decided to communicate this with you before attempting to proceed further.

I hope these descriptions help. :blush:

Many thanks.

Edited by Rav, 27 November 2011 - 05:05 AM.

  • 0

#12
Essexboy
Posted 27 November 2011 - 06:28 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that has given me some good information to work with.. Two programmes for you to run

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#13
Rav
Posted 27 November 2011 - 09:13 AM

Rav

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
MBRCheck did find an infection and the report is as follows:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 174):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xB9F4A000 pcmcia.sys
0xBA0B8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xB9F05000 dmio.sys
0xBA328000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA670000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA0C8000 VolSnap.sys
0xB9E35000 ZR`G\A@J@
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E15000 fltMgr.sys
0xB9E03000 sr.sys
0xBA5AC000 DLACDBHM.SYS
0xB9DEC000 DRVMCDB.SYS
0xBA0F8000 PxHelp20.sys
0xB9DD5000 KSecDD.sys
0xB9D48000 Ntfs.sys
0xB9D36000 inspect.sys
0xB9D09000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xBA330000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xBA5AE000 speedfan.sys
0xBA108000 PBADRV.sys
0xBA118000 ohci1394.sys
0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9CEF000 Mup.sys
0xBA671000 giveio.sys
0xB97CD000 22488497.sys
0xBA148000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB8E1C000 \SystemRoot\system32\DRIVERS\SMBios.sys
0xB76A5000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB7691000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA450000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB766D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA458000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB7645000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB72CE000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0xB729F000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xB728B000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB8DFC000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xB8DEC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB725E000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xB8DDC000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB71E3000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xBA460000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA468000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8DCC000 \SystemRoot\system32\DRIVERS\serial.sys
0xB97A9000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8DBC000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8DAC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB71C0000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA470000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB97A1000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB979D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB70CF000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xBA606000 \SystemRoot\system32\DRIVERS\serscan.sys
0xB7097000 \SystemRoot\system32\drivers\srs_PremiumSound_i386.sys
0xBA6CB000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9799000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB7080000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB706F000 \SystemRoot\system32\DRIVERS\psched.sys
0xB7D43000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA478000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA480000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB703F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB7D33000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA608000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6FE1000 \SystemRoot\system32\DRIVERS\update.sys
0xB9785000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\btport.sys
0xBA268000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA278000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA632000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA353C000 \SystemRoot\system32\drivers\sthda.sys
0xA3518000 \SystemRoot\system32\drivers\portcls.sys
0xBA288000 \SystemRoot\system32\drivers\drmk.sys
0xA34FC000 \SystemRoot\system32\drivers\AESTAud.sys
0xA34DC000 \SystemRoot\system32\drivers\IntcHdmi.sys
0xA36BF000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA0E6A000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xBA64C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA23A6000 \SystemRoot\System32\Drivers\Null.SYS
0xBA64E000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3E8000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xBA3F0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3F8000 \SystemRoot\System32\drivers\vga.sys
0xBA650000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA652000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA400000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA408000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA36AB000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA0E0F000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA0DB6000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA410000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xBA418000 \SystemRoot\System32\Drivers\tcpipBM.SYS
0xA0D40000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA3967000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA0D18000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA654000 \SystemRoot\system32\drivers\GtTdiFltr.sys
0xBA420000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA0CF6000 \SystemRoot\System32\drivers\afd.sys
0xA3957000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA0CCB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA0C5B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA3947000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA428000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA3937000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA0BE6000 \SystemRoot\System32\Drivers\aswSP.SYS
0xA0B76000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xA228A000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA0C4F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9FCDF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA4EB0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA0ED4000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9A800000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x9B57D000 \SystemRoot\System32\drivers\Dxapi.sys
0xA0779000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA741000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF058000 \SystemRoot\System32\igxpdv32.DLL
0xBF2E8000 \SystemRoot\System32\igxpdx32.DLL
0xBF691000 \SystemRoot\System32\ATMFD.DLL
0x99EE7000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys
0xB7E37000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xBA158000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x9E7A5000 \SystemRoot\System32\Drivers\DLADResM.SYS
0x99ECE000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
0x9EC00000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
0xA0E9C000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
0x99EA9000 \SystemRoot\System32\Drivers\DefragFS.SYS
0x9EBF0000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
0xBA488000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
0x99E93000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
0x99E7C000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
0x9BEEC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9BEE4000 \SystemRoot\system32\DRIVERS\s24trans.sys
0x99E13000 \SystemRoot\System32\Drivers\aswMon2.SYS
0x99DD8000 \SystemRoot\system32\drivers\xpsec.sys
0x99D07000 \SystemRoot\system32\drivers\xcpip.sys
0x99A22000 \SystemRoot\system32\drivers\wdmaud.sys
0x9EB7C000 \SystemRoot\system32\drivers\sysaudio.sys
0x996F9000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA658000 \??\C:\Program Files\Broadcom\MgmtAgent\BASFND.sys
0x99509000 \SystemRoot\system32\DRIVERS\srv.sys
0xA2272000 \SystemRoot\System32\Drivers\TDTCP.SYS
0x98615000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x97A91000 \SystemRoot\System32\Drivers\HTTP.sys
0x96C1E000 \SystemRoot\system32\DRIVERS\8170973drv.sys
0x97BAA000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9694F000 \SystemRoot\System32\Drivers\btwusb.sys
0x962EC000 \SystemRoot\system32\DRIVERS\btwdndis.sys
0xBA380000 \SystemRoot\system32\DRIVERS\btwmodem.sys
0xA0D8E000 \SystemRoot\System32\Drivers\Modem.SYS
0x9626B000 \SystemRoot\system32\drivers\btaudio.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 93):
0 System Idle Process
4 System
952 C:\WINDOWS\system32\smss.exe
1016 csrss.exe
1040 C:\WINDOWS\system32\winlogon.exe
1084 C:\WINDOWS\system32\services.exe
1096 C:\WINDOWS\system32\lsass.exe
1296 C:\Program Files\Fingerprint Sensor\AtService.exe
1316 C:\WINDOWS\system32\svchost.exe
1384 svchost.exe
1424 C:\WINDOWS\system32\svchost.exe
1536 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
1580 svchost.exe
1672 svchost.exe
1992 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1140 C:\WINDOWS\explorer.exe
2452 C:\WINDOWS\system32\spoolsv.exe
2560 C:\drivers\audio\R213367\stacsv.exe
2872 svchost.exe
2908 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2920 C:\Program Files\Microsoft\BingBar\SeaPort.EXE
2956 C:\Program Files\Bonjour\mDNSResponder.exe
3108 C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
3116 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
3172 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
3220 C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
3300 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3400 C:\Program Files\Java\jre6\bin\jqs.exe
3448 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
3560 C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
3624 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
3668 C:\WINDOWS\system32\svchost.exe
3744 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
4064 C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
1756 C:\WINDOWS\system32\searchindexer.exe
2400 C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
2884 wmiprvse.exe
3328 wmiprvse.exe
3856 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
3936 igfxext.exe
4084 igfxsrvc.exe
436 C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
2120 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
992 C:\Program Files\DellTPad\Apoint.exe
160 C:\Program Files\IDT\WDM\sttray.exe
4100 C:\WINDOWS\system32\AESTFltr.exe
4360 C:\WINDOWS\system32\hkcmd.exe
4388 C:\WINDOWS\system32\igfxsrvc.exe
4408 C:\Program Files\DellTPad\ApMsgFwd.exe
4440 C:\WINDOWS\system32\igfxpers.exe
4476 alg.exe
4524 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
4600 C:\Program Files\DellTPad\ApntEx.exe
4636 C:\Program Files\DellTPad\hidfind.exe
4720 C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
4760 C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
4824 C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
4860 C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
4900 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
4912 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
5004 C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
5096 C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
5124 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
5164 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
5224 C:\Program Files\iTunes\iTunesHelper.exe
5280 C:\WINDOWS\vVX3000.exe
5416 C:\WINDOWS\system32\wbem\unsecapp.exe
4416 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
3416 C:\Program Files\iPod\bin\iPodService.exe
3760 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2824 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
5348 C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
5560 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
5632 C:\Program Files\palmOne\AlarmApp.exe
5692 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
5740 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
5800 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
5908 C:\WINDOWS\system32\igfxext.exe
5952 C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
6060 C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
6084 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
3276 C:\Program Files\palmOne\HOTSYNC.EXE
1412 C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
4192 C:\Program Files\TechSmith\Snagit 9\TscHelp.exe
432 C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
828 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
4620 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
2324 C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe
4776 C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
3564 C:\WINDOWS\system32\svchost.exe
2680 C:\WINDOWS\system32\searchprotocolhost.exe
7996 C:\Documents and Settings\Ravi Ramlakhan\Desktop\MBRCheck.exe
8032 C:\WINDOWS\system32\HPZinw12.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06dd1c00 (NTFS)

PhysicalDrive0 Model Number: ST9250320AS, Rev: DE06

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 MBR Code Faked (known infection: Whistler / Black Internet)!
SHA1: 0CEFD8D44204B6423BDD943598F3B36E4B24EDDF


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

-----------------------------------
TDSSKiller found a number of suspicious files and skipped them but found a malicious item and opted for "cure". The report is as follows:

14:57:20.0296 0588 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
14:57:22.0296 0588 ============================================================
14:57:22.0296 0588 Current date / time: 2011/11/27 14:57:22.0296
14:57:22.0296 0588 SystemInfo:
14:57:22.0296 0588
14:57:22.0296 0588 OS Version: 5.1.2600 ServicePack: 3.0
14:57:22.0296 0588 Product type: Workstation
14:57:22.0296 0588 ComputerName: RAMLAKHAN3
14:57:22.0296 0588 UserName: Ravi Ramlakhan
14:57:22.0296 0588 Windows directory: C:\WINDOWS
14:57:22.0296 0588 System windows directory: C:\WINDOWS
14:57:22.0296 0588 Processor architecture: Intel x86
14:57:22.0296 0588 Number of processors: 2
14:57:22.0296 0588 Page size: 0x1000
14:57:22.0296 0588 Boot type: Normal boot
14:57:22.0296 0588 ============================================================
14:57:22.0734 0588 Initialize success
14:58:02.0000 8100 ============================================================
14:58:02.0000 8100 Scan started
14:58:02.0000 8100 Mode: Manual; SigCheck; TDLFS;
14:58:02.0000 8100 ============================================================
14:58:02.0421 8100 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
14:58:02.0609 8100 Aavmker4 - ok
14:58:02.0609 8100 Abiosdsk - ok
14:58:02.0656 8100 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:58:03.0046 8100 abp480n5 - ok
14:58:03.0218 8100 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:58:03.0343 8100 ACPI - ok
14:58:03.0437 8100 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:58:03.0546 8100 ACPIEC - ok
14:58:03.0578 8100 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:58:03.0718 8100 adpu160m - ok
14:58:03.0828 8100 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:58:04.0203 8100 aec - ok
14:58:04.0328 8100 AESTAud (f21d5e93a94514be9f5b6ebf74a696b2) C:\WINDOWS\system32\drivers\AESTAud.sys
14:58:04.0390 8100 AESTAud - ok
14:58:04.0437 8100 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:58:04.0453 8100 AFD - ok
14:58:04.0500 8100 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:58:04.0625 8100 agp440 - ok
14:58:04.0656 8100 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:58:04.0796 8100 agpCPQ - ok
14:58:04.0828 8100 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:58:04.0890 8100 Aha154x - ok
14:58:04.0937 8100 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:58:05.0078 8100 aic78u2 - ok
14:58:05.0109 8100 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:58:05.0203 8100 aic78xx - ok
14:58:05.0250 8100 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:58:05.0359 8100 AliIde - ok
14:58:05.0406 8100 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:58:05.0515 8100 alim1541 - ok
14:58:05.0531 8100 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:58:05.0625 8100 amdagp - ok
14:58:05.0656 8100 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:58:05.0734 8100 amsint - ok
14:58:05.0796 8100 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
14:58:05.0812 8100 ApfiltrService - ok
14:58:05.0875 8100 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:58:05.0984 8100 Arp1394 - ok
14:58:06.0031 8100 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:58:06.0140 8100 asc - ok
14:58:06.0203 8100 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:58:06.0250 8100 asc3350p - ok
14:58:06.0281 8100 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:58:06.0390 8100 asc3550 - ok
14:58:06.0500 8100 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
14:58:06.0515 8100 aswFsBlk - ok
14:58:06.0562 8100 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
14:58:06.0578 8100 aswMon2 - ok
14:58:06.0609 8100 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
14:58:06.0625 8100 aswRdr - ok
14:58:06.0703 8100 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
14:58:06.0734 8100 aswSnx - ok
14:58:06.0812 8100 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
14:58:06.0843 8100 aswSP - ok
14:58:06.0875 8100 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
14:58:06.0906 8100 aswTdi - ok
14:58:06.0984 8100 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:58:07.0093 8100 AsyncMac - ok
14:58:07.0218 8100 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:58:07.0312 8100 atapi - ok
14:58:07.0343 8100 Atdisk - ok
14:58:07.0375 8100 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:58:07.0500 8100 Atmarpc - ok
14:58:07.0546 8100 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:58:07.0656 8100 audstub - ok
14:58:07.0734 8100 b57w2k (58911390115465bf6d8048f21f48655a) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
14:58:07.0796 8100 b57w2k - ok
14:58:07.0875 8100 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\MgmtAgent\BASFND.sys
14:58:07.0906 8100 BASFND ( UnsignedFile.Multi.Generic ) - warning
14:58:07.0906 8100 BASFND - detected UnsignedFile.Multi.Generic (1)
14:58:08.0031 8100 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:58:08.0140 8100 Beep - ok
14:58:08.0171 8100 Blfp (9b53d428de0a2566a03499d7aa48dec4) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
14:58:08.0203 8100 Blfp - ok
14:58:08.0250 8100 btaudio (f688bbbe8e3e7e03e35caabd66616ddb) C:\WINDOWS\system32\drivers\btaudio.sys
14:58:08.0281 8100 btaudio - ok
14:58:08.0359 8100 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
14:58:08.0375 8100 BTDriver - ok
14:58:08.0421 8100 BTKRNL (38a3331e2f690d4cdc9de0604b9416e5) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
14:58:08.0468 8100 BTKRNL - ok
14:58:08.0531 8100 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
14:58:08.0546 8100 BTWDNDIS - ok
14:58:08.0578 8100 btwmodem (5922bae0cd84924b9cd7e6bb515ee070) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
14:58:08.0593 8100 btwmodem - ok
14:58:08.0625 8100 BTWUSB (d5af663711660d32ec230c6aaf7b6b83) C:\WINDOWS\system32\Drivers\btwusb.sys
14:58:08.0640 8100 BTWUSB - ok
14:58:08.0703 8100 catchme - ok
14:58:08.0796 8100 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:58:08.0906 8100 cbidf - ok
14:58:08.0968 8100 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:58:09.0062 8100 cbidf2k - ok
14:58:09.0140 8100 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:58:09.0250 8100 CCDECODE - ok
14:58:09.0281 8100 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:58:09.0359 8100 cd20xrnt - ok
14:58:09.0390 8100 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:58:09.0515 8100 Cdaudio - ok
14:58:09.0531 8100 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:58:09.0625 8100 Cdfs - ok
14:58:09.0656 8100 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:58:09.0765 8100 Cdrom - ok
14:58:09.0812 8100 Changer - ok
14:58:09.0875 8100 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:58:10.0000 8100 CmBatt - ok
14:58:10.0078 8100 cmdGuard (932d8df2277be80adcce71e2359f7ceb) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
14:58:10.0093 8100 cmdGuard - ok
14:58:10.0234 8100 cmdHlp (a8add6dee129953763f19fe90a29a929) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
14:58:10.0250 8100 cmdHlp - ok
14:58:10.0312 8100 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:58:10.0421 8100 CmdIde - ok
14:58:10.0515 8100 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:58:10.0625 8100 Compbatt - ok
14:58:10.0671 8100 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:58:10.0796 8100 Cpqarray - ok
14:58:10.0828 8100 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:58:10.0953 8100 dac2w2k - ok
14:58:10.0984 8100 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:58:11.0078 8100 dac960nt - ok
14:58:11.0125 8100 DefragFS (4bb22f61e7257ed353a39130b3ed2461) C:\WINDOWS\system32\drivers\DefragFS.sys
14:58:11.0156 8100 DefragFS - ok
14:58:11.0203 8100 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:58:11.0390 8100 Disk - ok
14:58:11.0484 8100 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
14:58:11.0500 8100 DLABMFSM - ok
14:58:11.0500 8100 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
14:58:11.0531 8100 DLABOIOM - ok
14:58:11.0609 8100 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
14:58:11.0625 8100 DLACDBHM - ok
14:58:11.0640 8100 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
14:58:11.0656 8100 DLADResM - ok
14:58:11.0671 8100 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
14:58:11.0687 8100 DLAIFS_M - ok
14:58:11.0703 8100 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
14:58:11.0718 8100 DLAOPIOM - ok
14:58:11.0796 8100 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
14:58:11.0812 8100 DLAPoolM - ok
14:58:11.0828 8100 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
14:58:11.0843 8100 DLARTL_M - ok
14:58:11.0859 8100 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
14:58:11.0875 8100 DLAUDFAM - ok
14:58:11.0875 8100 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
14:58:11.0906 8100 DLAUDF_M - ok
14:58:11.0937 8100 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:58:12.0078 8100 dmboot - ok
14:58:12.0156 8100 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:58:12.0281 8100 dmio - ok
14:58:12.0312 8100 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:58:12.0421 8100 dmload - ok
14:58:12.0484 8100 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:58:12.0609 8100 DMusic - ok
14:58:12.0671 8100 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:58:12.0765 8100 dpti2o - ok
14:58:12.0828 8100 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:58:12.0921 8100 drmkaud - ok
14:58:12.0984 8100 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
14:58:13.0000 8100 DRVMCDB - ok
14:58:13.0046 8100 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
14:58:13.0062 8100 DRVNDDM - ok
14:58:13.0125 8100 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:58:13.0218 8100 Fastfat - ok
14:58:13.0265 8100 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:58:13.0390 8100 Fdc - ok
14:58:13.0453 8100 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:58:13.0578 8100 Fips - ok
14:58:13.0593 8100 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:58:13.0750 8100 Flpydisk - ok
14:58:13.0921 8100 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:58:14.0062 8100 FltMgr - ok
14:58:14.0078 8100 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:58:14.0203 8100 Fs_Rec - ok
14:58:14.0234 8100 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:58:14.0359 8100 Ftdisk - ok
14:58:14.0406 8100 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:58:14.0406 8100 GEARAspiWDM - ok
14:58:14.0453 8100 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
14:58:14.0484 8100 giveio ( UnsignedFile.Multi.Generic ) - warning
14:58:14.0484 8100 giveio - detected UnsignedFile.Multi.Generic (1)
14:58:14.0531 8100 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:58:14.0656 8100 Gpc - ok
14:58:14.0703 8100 GtTdiFltr (76360ae27cc97e462ff4e52b91d59e11) C:\WINDOWS\system32\drivers\GtTdiFltr.sys
14:58:14.0703 8100 GtTdiFltr ( UnsignedFile.Multi.Generic ) - warning
14:58:14.0703 8100 GtTdiFltr - detected UnsignedFile.Multi.Generic (1)
14:58:14.0718 8100 GTUHSBUS (3517b3e8bb7d27802ecd633e31aadf7b) C:\WINDOWS\system32\DRIVERS\gtuhsbus.sys
14:58:14.0765 8100 GTUHSBUS - ok
14:58:14.0828 8100 GTUHSNDISIPXP (770245ed20d62faeb34de4f1f4018708) C:\WINDOWS\system32\DRIVERS\gtuhs51.sys
14:58:14.0843 8100 GTUHSNDISIPXP - ok
14:58:14.0859 8100 GTUHSOMS (e3d4f72f92dd9d4f6e93a3c005d6dcbf) C:\WINDOWS\system32\DRIVERS\gtuhsoms.sys
14:58:14.0906 8100 GTUHSOMS - ok
14:58:14.0937 8100 GTUHSSER (25a80ada6ce5466aeb4a144cc8256990) C:\WINDOWS\system32\DRIVERS\gtuhsser.sys
14:58:14.0984 8100 GTUHSSER - ok
14:58:15.0015 8100 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:58:15.0125 8100 HDAudBus - ok
14:58:15.0156 8100 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:58:15.0250 8100 hidusb - ok
14:58:15.0281 8100 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:58:15.0375 8100 hpn - ok
14:58:15.0406 8100 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:58:15.0453 8100 HTTP - ok
14:58:15.0500 8100 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:58:15.0609 8100 i2omgmt - ok
14:58:15.0640 8100 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:58:15.0734 8100 i2omp - ok
14:58:15.0750 8100 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:58:15.0859 8100 i8042prt - ok
14:58:16.0015 8100 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:58:16.0609 8100 ialm - ok
14:58:16.0859 8100 iaStor (692830b048aacd7e0d6ededf098acc01) C:\WINDOWS\system32\drivers\iaStor.sys
14:58:16.0890 8100 iaStor - ok
14:58:16.0921 8100 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:58:17.0015 8100 Imapi - ok
14:58:17.0046 8100 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:58:17.0156 8100 ini910u - ok
14:58:17.0187 8100 Inspect (fdca8008bfc7ca72b08151698cd24236) C:\WINDOWS\system32\DRIVERS\inspect.sys
14:58:17.0218 8100 Inspect - ok
14:58:17.0265 8100 IntcHdmiAddService (f32a62c765885bd8e4352a1565f702a6) C:\WINDOWS\system32\drivers\IntcHdmi.sys
14:58:17.0296 8100 IntcHdmiAddService - ok
14:58:17.0312 8100 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:58:17.0421 8100 IntelIde - ok
14:58:17.0468 8100 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:58:17.0578 8100 intelppm - ok
14:58:17.0609 8100 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:58:17.0718 8100 Ip6Fw - ok
14:58:17.0734 8100 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:58:17.0828 8100 IpFilterDriver - ok
14:58:17.0859 8100 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:58:17.0968 8100 IpInIp - ok
14:58:17.0984 8100 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:58:18.0093 8100 IpNat - ok
14:58:18.0125 8100 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:58:18.0218 8100 IPSec - ok
14:58:18.0234 8100 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:58:18.0312 8100 IRENUM - ok
14:58:18.0375 8100 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:58:18.0500 8100 isapnp - ok
14:58:18.0531 8100 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:58:18.0656 8100 Kbdclass - ok
14:58:18.0687 8100 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:58:18.0812 8100 kbdhid - ok
14:58:18.0859 8100 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:58:19.0031 8100 kmixer - ok
14:58:19.0390 8100 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:58:19.0437 8100 KSecDD - ok
14:58:19.0468 8100 lbrtfdc - ok
14:58:19.0546 8100 massfilter (f0435fe3c1ec2659d2bbf073ca0752ee) C:\WINDOWS\system32\DRIVERS\massfilter.sys
14:58:19.0578 8100 massfilter - ok
14:58:19.0625 8100 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:58:19.0718 8100 mnmdd - ok
14:58:19.0734 8100 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:58:19.0859 8100 Modem - ok
14:58:19.0906 8100 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:58:20.0015 8100 Mouclass - ok
14:58:20.0062 8100 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:58:20.0171 8100 mouhid - ok
14:58:20.0187 8100 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:58:20.0312 8100 MountMgr - ok
14:58:20.0343 8100 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:58:20.0437 8100 mraid35x - ok
14:58:20.0484 8100 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:58:20.0593 8100 MRxDAV - ok
14:58:20.0640 8100 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:58:20.0687 8100 MRxSmb - ok
14:58:20.0718 8100 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:58:20.0812 8100 Msfs - ok
14:58:20.0843 8100 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:58:20.0968 8100 MSKSSRV - ok
14:58:20.0968 8100 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:58:21.0078 8100 MSPCLOCK - ok
14:58:21.0078 8100 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:58:21.0187 8100 MSPQM - ok
14:58:21.0218 8100 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:58:21.0343 8100 mssmbios - ok
14:58:21.0406 8100 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:58:21.0500 8100 MSTEE - ok
14:58:21.0531 8100 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:58:21.0562 8100 Mup - ok
14:58:21.0593 8100 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:58:21.0703 8100 NABTSFEC - ok
14:58:21.0734 8100 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:58:21.0843 8100 NDIS - ok
14:58:21.0875 8100 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:58:22.0000 8100 NdisIP - ok
14:58:22.0046 8100 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:58:22.0062 8100 NdisTapi - ok
14:58:22.0125 8100 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:58:22.0218 8100 Ndisuio - ok
14:58:22.0250 8100 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:58:22.0359 8100 NdisWan - ok
14:58:22.0406 8100 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:58:22.0421 8100 NDProxy - ok
14:58:22.0437 8100 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:58:22.0531 8100 NetBIOS - ok
14:58:22.0562 8100 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:58:22.0687 8100 NetBT - ok
14:58:22.0796 8100 NETw5x32 (cfe1981a47a2f7650a1ef8917dc4d1c3) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
14:58:22.0968 8100 NETw5x32 - ok
14:58:23.0265 8100 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:58:23.0359 8100 NIC1394 - ok
14:58:23.0375 8100 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:58:23.0500 8100 Npfs - ok
14:58:23.0578 8100 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:58:23.0703 8100 Ntfs - ok
14:58:23.0984 8100 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:58:24.0250 8100 Null - ok
14:58:24.0281 8100 NvtSp50 - ok
14:58:24.0312 8100 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:58:24.0437 8100 NwlnkFlt - ok
14:58:24.0468 8100 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:58:24.0562 8100 NwlnkFwd - ok
14:58:24.0625 8100 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:58:24.0734 8100 ohci1394 - ok
14:58:24.0796 8100 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
14:58:24.0921 8100 Parport - ok
14:58:24.0953 8100 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:58:25.0046 8100 PartMgr - ok
14:58:25.0046 8100 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:58:25.0156 8100 ParVdm - ok
14:58:25.0203 8100 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
14:58:25.0218 8100 PBADRV - ok
14:58:25.0250 8100 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:58:25.0359 8100 PCI - ok
14:58:25.0375 8100 PCIDump - ok
14:58:25.0390 8100 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:58:25.0484 8100 PCIIde - ok
14:58:25.0531 8100 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:58:25.0625 8100 Pcmcia - ok
14:58:25.0640 8100 PDCOMP - ok
14:58:25.0656 8100 PDFRAME - ok
14:58:25.0656 8100 PDRELI - ok
14:58:25.0671 8100 PDRFRAME - ok
14:58:25.0703 8100 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:58:25.0796 8100 perc2 - ok
14:58:25.0812 8100 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:58:25.0906 8100 perc2hib - ok
14:58:25.0953 8100 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:58:26.0046 8100 PptpMiniport - ok
14:58:26.0078 8100 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:58:26.0250 8100 PSched - ok
14:58:26.0453 8100 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:58:26.0687 8100 Ptilink - ok
14:58:26.0750 8100 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:58:26.0765 8100 PxHelp20 - ok
14:58:26.0812 8100 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:58:26.0937 8100 ql1080 - ok
14:58:26.0968 8100 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:58:27.0062 8100 Ql10wnt - ok
14:58:27.0109 8100 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:58:27.0203 8100 ql12160 - ok
14:58:27.0296 8100 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:58:27.0421 8100 ql1240 - ok
14:58:27.0468 8100 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:58:27.0562 8100 ql1280 - ok
14:58:27.0625 8100 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:58:27.0718 8100 RasAcd - ok
14:58:27.0765 8100 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:58:27.0843 8100 Rasl2tp - ok
14:58:27.0890 8100 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:58:28.0000 8100 RasPppoe - ok
14:58:28.0046 8100 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:58:28.0171 8100 Raspti - ok
14:58:28.0218 8100 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:58:28.0328 8100 Rdbss - ok
14:58:28.0375 8100 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:58:28.0484 8100 RDPCDD - ok
14:58:28.0546 8100 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:58:28.0687 8100 rdpdr - ok
14:58:28.0890 8100 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:58:28.0968 8100 RDPWD - ok
14:58:29.0093 8100 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:58:29.0218 8100 redbook - ok
14:58:29.0265 8100 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
14:58:29.0296 8100 rimmptsk - ok
14:58:29.0328 8100 s24trans (1f950f97dbf5e0ba4fbbfaf074d3b47c) C:\WINDOWS\system32\DRIVERS\s24trans.sys
14:58:29.0343 8100 s24trans ( UnsignedFile.Multi.Generic ) - warning
14:58:29.0343 8100 s24trans - detected UnsignedFile.Multi.Generic (1)
14:58:29.0375 8100 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:58:29.0500 8100 sdbus - ok
14:58:29.0531 8100 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:58:29.0593 8100 Secdrv - ok
14:58:29.0609 8100 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:58:29.0734 8100 Serenum - ok
14:58:29.0765 8100 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:58:29.0890 8100 Serial - ok
14:58:29.0906 8100 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:58:30.0015 8100 Sfloppy - ok
14:58:30.0015 8100 Simbad - ok
14:58:30.0062 8100 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:58:30.0187 8100 sisagp - ok
14:58:30.0375 8100 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:58:30.0468 8100 SLIP - ok
14:58:30.0531 8100 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\WINDOWS\system32\DRIVERS\SMBios.sys
14:58:30.0546 8100 SMBios ( UnsignedFile.Multi.Generic ) - warning
14:58:30.0546 8100 SMBios - detected UnsignedFile.Multi.Generic (1)
14:58:30.0593 8100 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:58:30.0671 8100 Sparrow - ok
14:58:30.0734 8100 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
14:58:30.0765 8100 speedfan ( UnsignedFile.Multi.Generic ) - warning
14:58:30.0765 8100 speedfan - detected UnsignedFile.Multi.Generic (1)
14:58:30.0859 8100 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:58:30.0984 8100 splitter - ok
14:58:31.0046 8100 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:58:31.0125 8100 sr - ok
14:58:31.0203 8100 SRS_PremiumSound_Service (43e8e8238ff52a807d5c17f1ae5cc49c) C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys
14:58:31.0234 8100 SRS_PremiumSound_Service - ok
14:58:31.0296 8100 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:58:31.0343 8100 Srv - ok
14:58:31.0437 8100 STHDA (1b76479b80ff0f6e245ba590a64102be) C:\WINDOWS\system32\drivers\sthda.sys
14:58:31.0546 8100 STHDA - ok
14:58:31.0609 8100 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
14:58:31.0703 8100 StillCam - ok
14:58:31.0750 8100 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:58:31.0859 8100 streamip - ok
14:58:31.0921 8100 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:58:32.0015 8100 swenum - ok
14:58:32.0046 8100 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:58:32.0156 8100 swmidi - ok
14:58:32.0203 8100 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:58:32.0312 8100 symc810 - ok
14:58:32.0359 8100 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:58:32.0468 8100 symc8xx - ok
14:58:32.0500 8100 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:58:32.0625 8100 sym_hi - ok
14:58:32.0656 8100 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:58:32.0734 8100 sym_u3 - ok
14:58:32.0765 8100 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:58:32.0875 8100 sysaudio - ok
14:58:32.0921 8100 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:58:32.0968 8100 Tcpip - ok
14:58:33.0000 8100 tcpipBM (4d96ee19d12304a048cc1f24f8d98389) C:\WINDOWS\system32\drivers\tcpipBM.sys
14:58:33.0031 8100 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
14:58:33.0031 8100 tcpipBM - detected UnsignedFile.Multi.Generic (1)
14:58:33.0078 8100 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:58:33.0203 8100 TDPIPE - ok
14:58:33.0234 8100 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:58:33.0359 8100 TDTCP - ok
14:58:33.0390 8100 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:58:33.0515 8100 TermDD - ok
14:58:33.0562 8100 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
14:58:33.0671 8100 TosIde - ok
14:58:33.0687 8100 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:58:33.0796 8100 Udfs - ok
14:58:33.0875 8100 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:58:33.0984 8100 ultra - ok
14:58:34.0031 8100 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:58:34.0140 8100 Update - ok
14:58:34.0203 8100 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:58:34.0312 8100 usbaudio - ok
14:58:34.0359 8100 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:58:34.0375 8100 usbccgp - ok
14:58:34.0406 8100 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:58:34.0500 8100 usbehci - ok
14:58:34.0531 8100 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:58:34.0656 8100 usbhub - ok
14:58:34.0703 8100 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:58:34.0812 8100 usbprint - ok
14:58:34.0875 8100 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:58:34.0968 8100 USBSTOR - ok
14:58:35.0015 8100 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:58:35.0125 8100 usbuhci - ok
14:58:35.0203 8100 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:58:35.0312 8100 VgaSave - ok
14:58:35.0359 8100 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:58:35.0468 8100 viaagp - ok
14:58:35.0531 8100 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:58:35.0625 8100 ViaIde - ok
14:58:35.0656 8100 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:58:35.0750 8100 VolSnap - ok
14:58:35.0843 8100 VX3000 (bd32d7007cb505d3b1c29e3d0ef2a46a) C:\WINDOWS\system32\DRIVERS\VX3000.sys
14:58:35.0984 8100 VX3000 - ok
14:58:36.0109 8100 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:58:36.0312 8100 Wanarp - ok
14:58:36.0921 8100 WavxDMgr (fc2606083f35db9c497d6ba9f554d22c) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
14:58:36.0953 8100 WavxDMgr - ok
14:58:37.0015 8100 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
14:58:37.0062 8100 wceusbsh - ok
14:58:37.0140 8100 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:58:37.0171 8100 Wdf01000 - ok
14:58:37.0171 8100 WDICA - ok
14:58:37.0250 8100 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:58:37.0359 8100 wdmaud - ok
14:58:37.0421 8100 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:58:37.0515 8100 WmiAcpi - ok
14:58:37.0609 8100 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:58:37.0703 8100 WSTCODEC - ok
14:58:37.0718 8100 xcpip - ok
14:58:37.0734 8100 xpsec - ok
14:58:37.0750 8100 ZTEusbmdm6k (b8b466103280e45e391e876f05122607) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
14:58:37.0812 8100 ZTEusbmdm6k - ok
14:58:37.0859 8100 ZTEusbnet (911ba85906bc7602c73441502abfb565) C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
14:58:37.0906 8100 ZTEusbnet - ok
14:58:37.0968 8100 ZTEusbnmea (69774b89725ddc4781e0eeb9809f3b20) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
14:58:38.0000 8100 ZTEusbnmea - ok
14:58:38.0031 8100 ZTEusbser6k (b8b466103280e45e391e876f05122607) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
14:58:38.0046 8100 ZTEusbser6k - ok
14:58:38.0078 8100 MBR (0x1B8) (199d66d15be31321331253788f490d3d) \Device\Harddisk0\DR0
14:58:38.0078 8100 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
14:58:38.0078 8100 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
14:58:38.0250 8100 Boot (0x1200) (11f4a25991ab34416dbeeb3ffd64a3b3) \Device\Harddisk0\DR0\Partition0
14:58:38.0265 8100 \Device\Harddisk0\DR0\Partition0 - ok
14:58:38.0265 8100 ============================================================
14:58:38.0265 8100 Scan finished
14:58:38.0265 8100 ============================================================
14:58:38.0375 2628 Detected object count: 8
14:58:38.0375 2628 Actual detected object count: 8
15:00:33.0078 2628 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:33.0078 2628 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:33.0078 2628 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:33.0078 2628 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:33.0078 2628 GtTdiFltr ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:33.0078 2628 GtTdiFltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:33.0078 2628 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:33.0078 2628 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:33.0078 2628 SMBios ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:33.0078 2628 SMBios ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:33.0078 2628 speedfan ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:33.0078 2628 speedfan ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:33.0078 2628 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:33.0078 2628 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:33.0125 2628 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
15:00:33.0125 2628 \Device\Harddisk0\DR0 - ok
15:00:33.0125 2628 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
15:00:42.0265 6596 Deinitialize success
-----------------------------------------------

Over to you!
  • 0

#14
Essexboy
Posted 27 November 2011 - 09:20 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run MBRcheck one more time please to ensure that it has gone... Then could you see if the false Visa is still present
  • 0

#15
Rav
Posted 27 November 2011 - 09:48 AM

Rav

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Well, MBRcheck throws up no irregularity. And, somewhat reassuringly, that Visa pop-up does NOT come up now at that stage in the purchase process. Phew!

MBRCheck Report:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 170):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xB9F4A000 pcmcia.sys
0xBA0B8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xB9F05000 dmio.sys
0xBA328000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA670000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA0C8000 VolSnap.sys
0xB9E35000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E15000 fltMgr.sys
0xB9E03000 sr.sys
0xBA5AC000 DLACDBHM.SYS
0xB9DEC000 DRVMCDB.SYS
0xBA0F8000 PxHelp20.sys
0xB9DD5000 KSecDD.sys
0xB9D48000 Ntfs.sys
0xB9D36000 inspect.sys
0xB9D09000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xBA330000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xBA5AE000 speedfan.sys
0xBA108000 PBADRV.sys
0xBA118000 ohci1394.sys
0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9CEF000 Mup.sys
0xBA671000 giveio.sys
0xBA158000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB9328000 \SystemRoot\system32\DRIVERS\SMBios.sys
0xB7BC1000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB7BAD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA458000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB7B89000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA460000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB7B61000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB77EA000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0xB77BB000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xB77A7000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB9308000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xB92F8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB777A000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xB92E8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB76FF000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xBA468000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA470000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB92D8000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA5A4000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB92C8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB76DC000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA478000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB9CC7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB9CC3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB75EB000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xBA622000 \SystemRoot\system32\DRIVERS\serscan.sys
0xB75B3000 \SystemRoot\system32\drivers\srs_PremiumSound_i386.sys
0xBA713000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9CBF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB759C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB825F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB758B000 \SystemRoot\system32\DRIVERS\psched.sys
0xB824F000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA480000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA488000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB755B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB823F000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA624000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB74FD000 \SystemRoot\system32\DRIVERS\update.sys
0xB9CAB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\btport.sys
0xBA278000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA288000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA650000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA3A47000 \SystemRoot\system32\drivers\sthda.sys
0xA3A23000 \SystemRoot\system32\drivers\portcls.sys
0xBA298000 \SystemRoot\system32\drivers\drmk.sys
0xA3A07000 \SystemRoot\system32\drivers\AESTAud.sys
0xA39E7000 \SystemRoot\system32\drivers\IntcHdmi.sys
0xA3BC6000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA128B000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xBA5B6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA27A5000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5B8000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA408000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xBA410000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA418000 \SystemRoot\System32\drivers\vga.sys
0xBA5BA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5BC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA420000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA428000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA3BB2000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA1230000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA11D7000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA430000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xBA438000 \SystemRoot\System32\Drivers\tcpipBM.SYS
0xA1161000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA3F0F000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA1139000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA5BE000 \SystemRoot\system32\drivers\GtTdiFltr.sys
0xBA440000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA1117000 \SystemRoot\System32\drivers\afd.sys
0xB9348000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA10EC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA107C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA2A8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA448000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA5A96000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB9338000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA1058000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA0110000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA1054000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA5328000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9EC5E000 \SystemRoot\System32\Drivers\aswSP.SYS
0x9EBEE000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xA061F000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA2084000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9ACA3000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x9AD99000 \SystemRoot\System32\drivers\Dxapi.sys
0xA071E000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0x9B5F4000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF058000 \SystemRoot\System32\igxpdv32.DLL
0xBF2E8000 \SystemRoot\System32\igxpdx32.DLL
0xBF691000 \SystemRoot\System32\ATMFD.DLL
0x9AC31000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys
0x9C9C5000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xBA248000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA72E000 \SystemRoot\System32\Drivers\DLADResM.SYS
0x9AC18000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
0xBA350000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
0x9C9AD000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
0x9ABF3000 \SystemRoot\System32\Drivers\DefragFS.SYS
0xBA368000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
0xBA370000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
0x9ABDD000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
0x9ABC6000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
0x9AD95000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9AD91000 \SystemRoot\system32\DRIVERS\s24trans.sys
0x9AB5D000 \SystemRoot\System32\Drivers\aswMon2.SYS
0x9A788000 \SystemRoot\system32\drivers\wdmaud.sys
0x9F22F000 \SystemRoot\system32\drivers\sysaudio.sys
0x9A40F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9B09F000 \??\C:\Program Files\Broadcom\MgmtAgent\BASFND.sys
0x99CD6000 \SystemRoot\system32\DRIVERS\srv.sys
0xA11B7000 \SystemRoot\System32\Drivers\TDTCP.SYS
0x9964B000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x99806000 \SystemRoot\System32\Drivers\btwusb.sys
0x99155000 \SystemRoot\system32\DRIVERS\btwdndis.sys
0x9B2FE000 \SystemRoot\system32\DRIVERS\btwmodem.sys
0x9B30E000 \SystemRoot\System32\Drivers\Modem.SYS
0x990D4000 \SystemRoot\system32\drivers\btaudio.sys
0x98AC4000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 89):
0 System Idle Process
4 System
932 C:\WINDOWS\system32\smss.exe
1008 csrss.exe
1032 C:\WINDOWS\system32\winlogon.exe
1080 C:\WINDOWS\system32\services.exe
1092 C:\WINDOWS\system32\lsass.exe
1284 C:\Program Files\Fingerprint Sensor\AtService.exe
1304 C:\WINDOWS\system32\svchost.exe
1372 svchost.exe
1456 C:\WINDOWS\system32\svchost.exe
1556 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
1672 svchost.exe
1720 svchost.exe
1996 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
476 C:\WINDOWS\explorer.exe
1588 C:\Program Files\DellTPad\Apoint.exe
1616 C:\Program Files\IDT\WDM\sttray.exe
1396 C:\Program Files\DellTPad\ApMsgFwd.exe
1680 C:\WINDOWS\system32\AESTFltr.exe
1812 C:\WINDOWS\system32\hkcmd.exe
1824 C:\WINDOWS\system32\igfxpers.exe
1832 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1888 C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
1916 C:\Program Files\DellTPad\hidfind.exe
1932 C:\WINDOWS\system32\igfxsrvc.exe
1768 C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
2020 C:\Program Files\DellTPad\ApntEx.exe
276 C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
300 C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
1544 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
784 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2088 C:\WINDOWS\system32\spoolsv.exe
2160 C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
2212 C:\drivers\audio\R213367\stacsv.exe
2268 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
2308 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2368 C:\Program Files\iTunes\iTunesHelper.exe
2620 C:\WINDOWS\vVX3000.exe
3624 svchost.exe
1136 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2428 C:\Program Files\Microsoft\BingBar\SeaPort.EXE
3596 C:\Program Files\Bonjour\mDNSResponder.exe
3660 C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
3868 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
3876 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3884 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
3920 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
3996 C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
3992 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
4076 C:\Program Files\palmOne\AlarmApp.exe
256 C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
664 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
688 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2152 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
2148 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2476 C:\Program Files\Java\jre6\bin\jqs.exe
2728 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2920 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
3272 C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
3280 C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
3368 C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
3360 C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
3424 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
3480 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
3500 C:\Program Files\palmOne\HOTSYNC.EXE
3632 C:\WINDOWS\system32\svchost.exe
1392 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
2740 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
3000 C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
2472 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
3452 C:\WINDOWS\system32\searchindexer.exe
3648 C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
3976 wmiprvse.exe
4236 C:\Program Files\TechSmith\Snagit 9\TscHelp.exe
4488 C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
4600 wmiprvse.exe
4792 C:\WINDOWS\system32\wbem\unsecapp.exe
5232 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
5244 C:\WINDOWS\system32\igfxext.exe
5776 C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
4548 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
5000 C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe
5684 C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
4808 C:\Program Files\iPod\bin\iPodService.exe
5220 alg.exe
5824 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
5832 C:\WINDOWS\system32\HPZinw12.exe
4868 C:\Documents and Settings\Ravi Ramlakhan\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06dd1c00 (NTFS)

PhysicalDrive0 Model Number: ST9250320AS, Rev: DE06

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

-------------------------------

Other Comments

The computer boot-up is quicker, as is the browser speed on both Firefox and IE, and Google seems to have lost the clunkiness when typing in the search field. Very well done, EB, you seem to have gotten rid of the monkey!! :thumbsup:

The only issue, and it is not a major one, is that on booting up my Avast Anti-Virus icon does NOT appear in the System Tray UNLESS I double-click on the desktop icon. Thankfully, when I do this I see that Avast is running and my system is secure. Do you think I should uninstall and re-install Avast to re-gain this System Tray functionality? Also the Wireless Network Connection icon, of late, can be stubborn to appear in the System Tray, but it usually always turn up eventually once I am patient.

Edited by Rav, 27 November 2011 - 10:09 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP