Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rootkit - Cannot connect to internet

Started by MaxMurder , Dec 05 2011 10:39 PM

  • Please log in to reply

#106
RKinner
Posted 24 December 2011 - 12:25 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
You can't delete the afd.sys file in System32 unless you delete the afd.sys file in System32\Drivers first. Windows will just copy it back. This System File Protection as described here:
http://support.microsoft.com/kb/222193

Go in to regedit and see if you can find:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD

Delete the key. Then try and merge it again.

If it won't let you delete it then you will need to take ownership of the key.

http://www.microsoft...n.mspx?mfr=true

Once you own the key you should be able to delete it (you may have to first change the permissions on it to give yourself Full Control)
  • 0

Advertisements

#107
MaxMurder
Posted 24 December 2011 - 12:36 PM

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
I do not have a LEGACY_AFD key.
Tried Merge again just because.
Nada.
  • 0

#108
RKinner
Posted 24 December 2011 - 12:54 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Try taking ownership of

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root

Don't delete it just take ownership.
  • 0

#109
MaxMurder
Posted 24 December 2011 - 03:56 PM

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
OK I just took ownership and Merged and:
Holy Crap! I have connection. AFD is back in my Device Manager!
  • 0

#110
RKinner
Posted 24 December 2011 - 04:25 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Hooray!

Let's run through the scans again and see if we find anything else. Probably best to delete your old TDSSKiller and aswMBR programs and get new as they are constantly being updated. Combofix should update on its own.

ComboFix

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.


Run OTL, Quickscan and post the log.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#111
MaxMurder
Posted 24 December 2011 - 04:31 PM

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Awesome. I will do these next steps either late tonight or sometime tomorrow. Got to do some unfortunate family stuff boo hah.
I will post logs next time I log in. In the meantime, enjoy your holiday Ron!

John
  • 0

#112
MaxMurder
Posted 26 December 2011 - 12:06 AM

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Alrighty...longest post in G2G history maybe??
Hopefully I got everything:


ComboFix 11-12-24.10 - Owner 12/25/2011 16:36:16.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.225 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\TBM2A0.tmp
c:\windows\system32\TBM2A2.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-11-25 to 2011-12-25 )))))))))))))))))))))))))))))))
.
.
2011-12-25 00:04 . 2011-12-25 00:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 05:31 . 2011-12-14 05:31 -------- d-----w- c:\program files\Windows Resource Kits
2011-12-07 04:35 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 04:35 . 2011-12-15 05:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-04 09:15 . 2011-12-04 11:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-24 16:10 . 2003-12-08 21:17 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-23 13:25 . 2003-10-11 02:22 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2003-12-08 21:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2003-12-08 21:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2003-12-08 20:38 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 11:23 . 2009-09-28 04:55 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2003-10-11 04:51 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-30 19:37 . 2003-02-21 18:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-10-30 19:37 . 2003-03-19 10:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-28 05:31 . 2003-12-08 21:18 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2003-10-11 02:22 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2002-08-29 08:04 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2003-12-08 21:18 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2003-03-04 05:57 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2002-09-24 05:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2006-08-15 09:03 . 2006-08-15 09:03 7033856 ----a-w- c:\program files\ptlibrarian.msi
2006-04-12 12:09 . 2006-04-12 12:09 11817800 ----a-w- c:\program files\GoogleEarth.exe
2006-03-18 00:39 . 2006-03-18 00:39 147456 ----a-w- c:\program files\BURNCDCC.EXE
2001-09-25 19:05 . 2001-09-25 19:05 1707856 ----a-w- c:\program files\InstMsiA.Exe
2001-09-11 22:04 . 2001-09-11 22:04 1821008 ----a-w- c:\program files\InstMsiW.Exe
2011-11-26 05:20 . 2011-03-28 01:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-08-19 852038]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-11-04 45056]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-15 139264]
"TkBellExe"="c:\program files\real\realone player\update\realsched.exe" [2011-10-30 273528]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 28672]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-13 335872]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
2002-10-07 14:23 90112 ----a-w- c:\program files\HP\Digital Imaging\Unload\HpqCmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2009-09-28 09:49 155648 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-19 21:27 5248312 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
2010-03-24 19:42 599328 ----a-w- c:\program files\Sony\PMB\PMBVolumeWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 20:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 2:18 AM 360224]
R3 PaeFireStudio;PreSonus FireStudio;c:\windows\system32\drivers\PaeFireStudio.sys [11/8/2009 8:27 PM 121984]
R3 PaeFireStudioAudio;PreSonus FireStudio Audio;c:\windows\system32\drivers\PaeFireStudioAudio.sys [11/8/2009 8:27 PM 21632]
R3 PaeFireStudioMidi;PreSonus FireStudio MIDI;c:\windows\system32\drivers\PaeFireStudioMidi.sys [11/8/2009 8:27 PM 26240]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/27/2010 6:49 AM 47360]
S2 AviraUpgradeService;Avira Upgrade Service;"c:\windows\TEMP\AVSETUP_4eaa1076\avupgsvc.exe" /TEMPSTART:""c:\windows\TEMP\AVSETUP_4eaa1076\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> c:\windows\TEMP\AVSETUP_4eaa1076\avupgsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/7/2010 6:52 AM 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [8/8/2010 7:40 PM 16512]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/7/2010 6:52 AM 136176]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-12-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-23 02:59]
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 11:52]
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 11:52]
.
2011-12-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2945407104-2445688501-1626213492-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2011-12-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2945407104-2445688501-1626213492-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
mStart Page = hxxp://us10.hpwis.com/
mSearch Bar = hxxp://srch-us10.hpwis.com/
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}: NameServer = 8.8.8.8,4.2.2.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-25 16:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2812)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Sonic\Update Manager\sgtray\sgtray.exe
.
**************************************************************************
.
Completion time: 2011-12-25 17:03:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-25 22:03
ComboFix2.txt 2011-12-14 07:07
ComboFix3.txt 2011-12-11 18:26
ComboFix4.txt 2011-12-06 05:59
.
Pre-Run: 14,694,531,072 bytes free
Post-Run: 14,669,119,488 bytes free
.
- - End Of File - - 2C9A112308520287E3312451C5718425

****************************************************************************************************************

18:29:17.0437 3644 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
18:29:17.0718 3644 ============================================================
18:29:17.0718 3644 Current date / time: 2011/12/25 18:29:17.0718
18:29:17.0718 3644 SystemInfo:
18:29:17.0718 3644
18:29:17.0718 3644 OS Version: 5.1.2600 ServicePack: 3.0
18:29:17.0718 3644 Product type: Workstation
18:29:17.0718 3644 ComputerName: HPSTUDIO
18:29:17.0718 3644 UserName: Owner
18:29:17.0718 3644 Windows directory: C:\WINDOWS
18:29:17.0718 3644 System windows directory: C:\WINDOWS
18:29:17.0718 3644 Processor architecture: Intel x86
18:29:17.0718 3644 Number of processors: 2
18:29:17.0718 3644 Page size: 0x1000
18:29:17.0718 3644 Boot type: Normal boot
18:29:17.0718 3644 ============================================================
18:29:19.0531 3644 Initialize success
18:29:22.0796 3588 ============================================================
18:29:22.0796 3588 Scan started
18:29:22.0796 3588 Mode: Manual;
18:29:22.0796 3588 ============================================================
18:29:25.0437 3588 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
18:29:25.0437 3588 61883 - ok
18:29:25.0578 3588 Abiosdsk - ok
18:29:25.0734 3588 abp480n5 - ok
18:29:25.0906 3588 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:29:25.0906 3588 ACPI - ok
18:29:26.0078 3588 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:29:26.0078 3588 ACPIEC - ok
18:29:26.0203 3588 adpu160m - ok
18:29:26.0390 3588 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:29:26.0390 3588 aec - ok
18:29:26.0546 3588 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:29:26.0546 3588 AFD - ok
18:29:26.0718 3588 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
18:29:26.0718 3588 AFS2K - ok
18:29:26.0890 3588 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:29:26.0890 3588 agp440 - ok
18:29:27.0031 3588 Aha154x - ok
18:29:27.0171 3588 aic78u2 - ok
18:29:27.0328 3588 aic78xx - ok
18:29:28.0328 3588 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
18:29:28.0437 3588 ALCXWDM - ok
18:29:28.0593 3588 AliIde - ok
18:29:28.0781 3588 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
18:29:28.0781 3588 AmdK7 - ok
18:29:28.0906 3588 amsint - ok
18:29:29.0109 3588 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:29:29.0109 3588 Arp1394 - ok
18:29:29.0250 3588 asc - ok
18:29:29.0390 3588 asc3350p - ok
18:29:29.0546 3588 asc3550 - ok
18:29:29.0734 3588 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
18:29:29.0734 3588 ASPI - ok
18:29:29.0906 3588 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:29:29.0906 3588 AsyncMac - ok
18:29:30.0078 3588 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:29:30.0078 3588 atapi - ok
18:29:30.0218 3588 Atdisk - ok
18:29:30.0687 3588 ati2mtag (7182bf0f2a392d48e4aa732b970aac9c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:29:30.0750 3588 ati2mtag - ok
18:29:30.0906 3588 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:29:30.0906 3588 Atmarpc - ok
18:29:31.0140 3588 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:29:31.0140 3588 audstub - ok
18:29:31.0296 3588 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
18:29:31.0296 3588 Avc - ok
18:29:31.0515 3588 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:29:31.0515 3588 Beep - ok
18:29:31.0546 3588 catchme - ok
18:29:31.0718 3588 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:29:31.0718 3588 cbidf2k - ok
18:29:31.0890 3588 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:29:31.0890 3588 CCDECODE - ok
18:29:32.0031 3588 cd20xrnt - ok
18:29:32.0187 3588 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:29:32.0187 3588 Cdaudio - ok
18:29:32.0453 3588 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:29:32.0453 3588 Cdfs - ok
18:29:32.0625 3588 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:29:32.0625 3588 Cdrom - ok
18:29:32.0843 3588 Changer - ok
18:29:33.0218 3588 CmdIde - ok
18:29:33.0390 3588 Cpqarray - ok
18:29:33.0578 3588 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
18:29:33.0578 3588 cpuz132 - ok
18:29:33.0734 3588 dac2w2k - ok
18:29:33.0875 3588 dac960nt - ok
18:29:34.0046 3588 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:29:34.0046 3588 Disk - ok
18:29:34.0250 3588 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:29:34.0296 3588 dmboot - ok
18:29:34.0468 3588 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:29:34.0468 3588 dmio - ok
18:29:34.0640 3588 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:29:34.0640 3588 dmload - ok
18:29:34.0828 3588 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:29:34.0828 3588 DMusic - ok
18:29:34.0984 3588 dpti2o - ok
18:29:35.0171 3588 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:29:35.0171 3588 drmkaud - ok
18:29:35.0531 3588 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:29:35.0578 3588 Fastfat - ok
18:29:35.0765 3588 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:29:35.0765 3588 Fdc - ok
18:29:35.0937 3588 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:29:35.0937 3588 Fips - ok
18:29:36.0093 3588 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:29:36.0093 3588 Flpydisk - ok
18:29:36.0265 3588 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:29:36.0281 3588 FltMgr - ok
18:29:36.0453 3588 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:29:36.0453 3588 Fs_Rec - ok
18:29:36.0625 3588 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:29:36.0625 3588 Ftdisk - ok
18:29:36.0796 3588 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:29:36.0796 3588 GEARAspiWDM - ok
18:29:36.0968 3588 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:29:36.0968 3588 Gpc - ok
18:29:37.0171 3588 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:29:37.0171 3588 HidUsb - ok
18:29:37.0343 3588 hpn - ok
18:29:37.0515 3588 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:29:37.0515 3588 HPZid412 - ok
18:29:37.0828 3588 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:29:37.0843 3588 HPZipr12 - ok
18:29:38.0015 3588 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:29:38.0015 3588 HPZius12 - ok
18:29:38.0187 3588 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:29:38.0187 3588 HTTP - ok
18:29:38.0343 3588 i2omgmt - ok
18:29:38.0515 3588 i2omp - ok
18:29:38.0718 3588 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:29:38.0718 3588 i8042prt - ok
18:29:38.0875 3588 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:29:38.0875 3588 ialm - ok
18:29:39.0046 3588 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:29:39.0046 3588 Imapi - ok
18:29:39.0218 3588 ini910u - ok
18:29:39.0531 3588 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
18:29:39.0531 3588 IntelIde - ok
18:29:39.0703 3588 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:29:39.0703 3588 intelppm - ok
18:29:39.0906 3588 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:29:39.0921 3588 ip6fw - ok
18:29:40.0390 3588 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:29:40.0390 3588 IpFilterDriver - ok
18:29:40.0625 3588 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:29:40.0625 3588 IpInIp - ok
18:29:40.0796 3588 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:29:40.0796 3588 IpNat - ok
18:29:40.0984 3588 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:29:41.0000 3588 IPSec - ok
18:29:41.0171 3588 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:29:41.0171 3588 IRENUM - ok
18:29:41.0359 3588 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:29:41.0359 3588 isapnp - ok
18:29:41.0515 3588 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:29:41.0515 3588 Kbdclass - ok
18:29:41.0671 3588 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:29:41.0671 3588 kbdhid - ok
18:29:41.0843 3588 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:29:41.0843 3588 kmixer - ok
18:29:42.0000 3588 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:29:42.0015 3588 KSecDD - ok
18:29:42.0140 3588 lbrtfdc - ok
18:29:42.0453 3588 ltmodem5 (829ef680a308c12e2a80e5e0da0d958d) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
18:29:42.0890 3588 ltmodem5 - ok
18:29:43.0593 3588 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:29:43.0625 3588 mnmdd - ok
18:29:44.0203 3588 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:29:44.0218 3588 Modem - ok
18:29:44.0812 3588 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:29:44.0828 3588 Mouclass - ok
18:29:45.0578 3588 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:29:45.0593 3588 mouhid - ok
18:29:46.0281 3588 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:29:46.0296 3588 MountMgr - ok
18:29:46.0828 3588 mraid35x - ok
18:29:47.0500 3588 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:29:47.0515 3588 MRxDAV - ok
18:29:48.0343 3588 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:29:48.0625 3588 MRxSmb - ok
18:29:49.0343 3588 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
18:29:49.0359 3588 MSDV - ok
18:29:49.0937 3588 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:29:49.0937 3588 Msfs - ok
18:29:50.0593 3588 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:29:50.0609 3588 MSKSSRV - ok
18:29:51.0453 3588 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:29:51.0453 3588 MSPCLOCK - ok
18:29:52.0187 3588 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:29:52.0203 3588 MSPQM - ok
18:29:52.0765 3588 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:29:52.0781 3588 mssmbios - ok
18:29:53.0359 3588 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:29:53.0375 3588 MSTEE - ok
18:29:54.0156 3588 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:29:54.0234 3588 Mup - ok
18:29:54.0984 3588 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:29:55.0015 3588 NABTSFEC - ok
18:29:55.0906 3588 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:29:55.0984 3588 NDIS - ok
18:29:56.0687 3588 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:29:56.0734 3588 NdisIP - ok
18:29:57.0500 3588 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:29:57.0515 3588 NdisTapi - ok
18:29:58.0265 3588 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:29:58.0281 3588 Ndisuio - ok
18:29:58.0921 3588 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:29:58.0984 3588 NdisWan - ok
18:29:59.0750 3588 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:29:59.0781 3588 NDProxy - ok
18:30:00.0578 3588 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:30:00.0593 3588 NetBIOS - ok
18:30:01.0250 3588 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:30:01.0281 3588 NetBT - ok
18:30:02.0125 3588 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:30:02.0140 3588 NIC1394 - ok
18:30:03.0109 3588 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:30:03.0171 3588 Npfs - ok
18:30:04.0187 3588 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:30:04.0468 3588 Ntfs - ok
18:30:05.0015 3588 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:30:05.0015 3588 Null - ok
18:30:06.0031 3588 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:30:06.0734 3588 nv - ok
18:30:07.0109 3588 nvcap (9b7accfac9b19b98d54f45a9cf61ca39) C:\WINDOWS\system32\DRIVERS\nvcap.sys
18:30:07.0125 3588 nvcap - ok
18:30:07.0531 3588 NVXBAR (bef79a5b5a01bb749afbed27837e6311) C:\WINDOWS\system32\DRIVERS\NVxbar.sys
18:30:07.0531 3588 NVXBAR - ok
18:30:08.0000 3588 nv_agp (01621905ae34bc24aaa2fddb93977299) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
18:30:08.0015 3588 nv_agp - ok
18:30:08.0421 3588 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:30:08.0468 3588 NwlnkFlt - ok
18:30:09.0015 3588 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:30:09.0046 3588 NwlnkFwd - ok
18:30:09.0640 3588 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:30:09.0640 3588 ohci1394 - ok
18:30:09.0843 3588 PaeFireStudio (f5ac1bb38c09545dcd75b48a94c8417b) C:\WINDOWS\system32\Drivers\PaeFireStudio.sys
18:30:09.0843 3588 PaeFireStudio - ok
18:30:10.0031 3588 PaeFireStudioAudio (a0bbc90b769dbeacffb017143ccb0023) C:\WINDOWS\system32\drivers\PaeFireStudioAudio.sys
18:30:10.0031 3588 PaeFireStudioAudio - ok
18:30:10.0187 3588 PaeFireStudioMidi (8024e0a6ab8a87040c6b1cc368dbca22) C:\WINDOWS\system32\drivers\PaeFireStudioMidi.sys
18:30:10.0187 3588 PaeFireStudioMidi - ok
18:30:10.0375 3588 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:30:10.0375 3588 Parport - ok
18:30:10.0593 3588 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:30:10.0593 3588 PartMgr - ok
18:30:10.0765 3588 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:30:10.0765 3588 ParVdm - ok
18:30:10.0937 3588 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:30:10.0937 3588 PCI - ok
18:30:11.0093 3588 PCIDump - ok
18:30:11.0312 3588 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:30:11.0312 3588 PCIIde - ok
18:30:11.0546 3588 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:30:11.0562 3588 Pcmcia - ok
18:30:12.0015 3588 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
18:30:12.0015 3588 pcouffin - ok
18:30:12.0187 3588 PDCOMP - ok
18:30:12.0312 3588 PDFRAME - ok
18:30:12.0437 3588 PDRELI - ok
18:30:12.0578 3588 PDRFRAME - ok
18:30:12.0718 3588 perc2 - ok
18:30:12.0859 3588 perc2hib - ok
18:30:13.0015 3588 pfc (e5ac9f8c128b597dd7919af96b84172e) C:\WINDOWS\system32\drivers\pfc.sys
18:30:13.0015 3588 pfc - ok
18:30:13.0203 3588 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:30:13.0203 3588 PptpMiniport - ok
18:30:13.0359 3588 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:30:13.0375 3588 Processor - ok
18:30:13.0531 3588 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
18:30:13.0531 3588 Ps2 - ok
18:30:13.0687 3588 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:30:13.0687 3588 Ptilink - ok
18:30:13.0843 3588 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
18:30:13.0843 3588 PxHelp20 - ok
18:30:14.0000 3588 ql1080 - ok
18:30:14.0218 3588 Ql10wnt - ok
18:30:14.0593 3588 ql12160 - ok
18:30:14.0734 3588 ql1240 - ok
18:30:14.0875 3588 ql1280 - ok
18:30:15.0078 3588 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:30:15.0078 3588 RasAcd - ok
18:30:15.0328 3588 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:30:15.0328 3588 Rasl2tp - ok
18:30:15.0500 3588 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:30:15.0515 3588 RasPppoe - ok
18:30:15.0671 3588 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:30:15.0671 3588 Raspti - ok
18:30:15.0828 3588 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:30:15.0828 3588 Rdbss - ok
18:30:16.0000 3588 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:30:16.0000 3588 RDPCDD - ok
18:30:16.0156 3588 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:30:16.0171 3588 RDPWD - ok
18:30:16.0343 3588 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:30:16.0343 3588 redbook - ok
18:30:16.0546 3588 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
18:30:16.0546 3588 rtl8139 - ok
18:30:16.0906 3588 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
18:30:16.0968 3588 S3Psddr - ok
18:30:17.0140 3588 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:30:17.0140 3588 Secdrv - ok
18:30:17.0312 3588 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:30:17.0312 3588 Serenum - ok
18:30:17.0484 3588 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:30:17.0484 3588 Serial - ok
18:30:17.0656 3588 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:30:17.0656 3588 Sfloppy - ok
18:30:17.0812 3588 Simbad - ok
18:30:17.0968 3588 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
18:30:18.0000 3588 SiS315 - ok
18:30:18.0156 3588 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
18:30:18.0156 3588 SISAGP - ok
18:30:18.0312 3588 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys
18:30:18.0312 3588 SiSkp - ok
18:30:18.0468 3588 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:30:18.0468 3588 SLIP - ok
18:30:18.0625 3588 Sparrow - ok
18:30:18.0796 3588 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:30:18.0796 3588 splitter - ok
18:30:18.0968 3588 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:30:18.0968 3588 sr - ok
18:30:19.0359 3588 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:30:19.0375 3588 Srv - ok
18:30:19.0562 3588 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:30:19.0562 3588 streamip - ok
18:30:19.0718 3588 SunkFilt (2087b202cfe8a2f8a59cecfffbec58d5) C:\WINDOWS\System32\Drivers\sunkfilt.sys
18:30:19.0718 3588 SunkFilt - ok
18:30:19.0859 3588 Sunkfiltp - ok
18:30:20.0031 3588 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:30:20.0031 3588 swenum - ok
18:30:20.0187 3588 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:30:20.0187 3588 swmidi - ok
18:30:20.0328 3588 symc810 - ok
18:30:20.0484 3588 symc8xx - ok
18:30:20.0625 3588 sym_hi - ok
18:30:20.0750 3588 sym_u3 - ok
18:30:20.0890 3588 SynasUSB - ok
18:30:21.0062 3588 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:30:21.0062 3588 sysaudio - ok
18:30:21.0250 3588 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:30:21.0265 3588 Tcpip - ok
18:30:21.0625 3588 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:30:21.0640 3588 TDPIPE - ok
18:30:21.0906 3588 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:30:21.0921 3588 TDTCP - ok
18:30:22.0078 3588 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:30:22.0078 3588 TermDD - ok
18:30:22.0234 3588 TosIde - ok
18:30:22.0406 3588 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:30:22.0406 3588 Udfs - ok
18:30:22.0578 3588 ultra - ok
18:30:22.0750 3588 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:30:22.0765 3588 Update - ok
18:30:22.0921 3588 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:30:22.0921 3588 USBAAPL - ok
18:30:23.0078 3588 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:30:23.0078 3588 usbccgp - ok
18:30:23.0234 3588 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:30:23.0234 3588 usbehci - ok
18:30:23.0437 3588 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:30:23.0453 3588 usbhub - ok
18:30:23.0609 3588 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:30:23.0609 3588 usbohci - ok
18:30:23.0765 3588 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:30:23.0765 3588 usbprint - ok
18:30:23.0953 3588 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:30:23.0968 3588 usbscan - ok
18:30:24.0125 3588 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:30:24.0125 3588 USBSTOR - ok
18:30:24.0281 3588 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:30:24.0281 3588 usbuhci - ok
18:30:24.0453 3588 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:30:24.0468 3588 VgaSave - ok
18:30:24.0609 3588 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
18:30:24.0625 3588 viaagp1 - ok
18:30:24.0781 3588 viagfx (e8c619c6c6bde90d130dda87150e1944) C:\WINDOWS\system32\DRIVERS\vtmini.sys
18:30:24.0796 3588 viagfx - ok
18:30:24.0953 3588 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
18:30:24.0953 3588 ViaIde - ok
18:30:25.0125 3588 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:30:25.0125 3588 VolSnap - ok
18:30:25.0281 3588 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:30:25.0281 3588 Wanarp - ok
18:30:25.0421 3588 WDICA - ok
18:30:25.0578 3588 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:30:25.0593 3588 wdmaud - ok
18:30:25.0828 3588 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:30:25.0828 3588 WS2IFSL - ok
18:30:25.0984 3588 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:30:25.0984 3588 WSTCODEC - ok
18:30:26.0140 3588 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:30:26.0140 3588 WudfPf - ok
18:30:26.0328 3588 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:30:26.0343 3588 WudfRd - ok
18:30:26.0562 3588 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
18:30:26.0562 3588 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
18:30:26.0765 3588 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
18:30:26.0765 3588 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
18:30:26.0781 3588 MBR (0x1B8) (8cc68602644010dfdb2a22cb60ddf258) \Device\Harddisk0\DR0
18:30:26.0812 3588 \Device\Harddisk0\DR0 - ok
18:30:26.0812 3588 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR7
18:30:26.0828 3588 \Device\Harddisk5\DR7 - ok
18:30:26.0828 3588 Boot (0x1200) (2d04e28597279dabd791c8f61fa192e4) \Device\Harddisk0\DR0\Partition0
18:30:26.0828 3588 \Device\Harddisk0\DR0\Partition0 - ok
18:30:26.0859 3588 Boot (0x1200) (cc9422ee90fbd5c4ae4d9f58eb388855) \Device\Harddisk0\DR0\Partition1
18:30:26.0859 3588 \Device\Harddisk0\DR0\Partition1 - ok
18:30:26.0875 3588 Boot (0x1200) (2d1fcd14a032d38bc5fb0e54d1f0ae3e) \Device\Harddisk5\DR7\Partition0
18:30:26.0875 3588 \Device\Harddisk5\DR7\Partition0 - ok
18:30:26.0875 3588 ============================================================
18:30:26.0875 3588 Scan finished
18:30:26.0875 3588 ============================================================
18:30:26.0906 3660 Detected object count: 0
18:30:26.0906 3660 Actual detected object count: 0
18:30:42.0125 3664 ============================================================
18:30:42.0125 3664 Scan started
18:30:42.0125 3664 Mode: Manual; SigCheck; TDLFS;
18:30:42.0125 3664 ============================================================
18:30:42.0609 3664 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
18:30:43.0671 3664 61883 - ok
18:30:43.0812 3664 Abiosdsk - ok
18:30:43.0953 3664 abp480n5 - ok
18:30:44.0125 3664 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:30:44.0312 3664 ACPI - ok
18:30:44.0484 3664 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:30:44.0656 3664 ACPIEC - ok
18:30:44.0781 3664 adpu160m - ok
18:30:44.0968 3664 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:30:45.0140 3664 aec - ok
18:30:45.0312 3664 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:30:45.0421 3664 AFD - ok
18:30:45.0593 3664 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
18:30:45.0640 3664 AFS2K - ok
18:30:45.0812 3664 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:30:45.0984 3664 agp440 - ok
18:30:46.0125 3664 Aha154x - ok
18:30:46.0250 3664 aic78u2 - ok
18:30:46.0390 3664 aic78xx - ok
18:30:46.0703 3664 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
18:30:47.0187 3664 ALCXWDM - ok
18:30:47.0343 3664 AliIde - ok
18:30:47.0562 3664 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
18:30:47.0718 3664 AmdK7 - ok
18:30:47.0875 3664 amsint - ok
18:30:48.0046 3664 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:30:48.0234 3664 Arp1394 - ok
18:30:48.0375 3664 asc - ok
18:30:48.0546 3664 asc3350p - ok
18:30:48.0687 3664 asc3550 - ok
18:30:48.0875 3664 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
18:30:48.0906 3664 ASPI ( UnsignedFile.Multi.Generic ) - warning
18:30:48.0906 3664 ASPI - detected UnsignedFile.Multi.Generic (1)
18:30:49.0078 3664 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:30:49.0250 3664 AsyncMac - ok
18:30:49.0421 3664 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:30:49.0593 3664 atapi - ok
18:30:49.0734 3664 Atdisk - ok
18:30:49.0906 3664 ati2mtag (7182bf0f2a392d48e4aa732b970aac9c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:30:50.0015 3664 ati2mtag - ok
18:30:50.0187 3664 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:30:50.0359 3664 Atmarpc - ok
18:30:50.0515 3664 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:30:50.0687 3664 audstub - ok
18:30:50.0843 3664 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
18:30:51.0031 3664 Avc - ok
18:30:51.0250 3664 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:30:51.0406 3664 Beep - ok
18:30:51.0437 3664 catchme - ok
18:30:51.0625 3664 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:30:51.0796 3664 cbidf2k - ok
18:30:51.0968 3664 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:30:52.0140 3664 CCDECODE - ok
18:30:52.0281 3664 cd20xrnt - ok
18:30:52.0468 3664 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:30:52.0640 3664 Cdaudio - ok
18:30:52.0828 3664 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:30:53.0015 3664 Cdfs - ok
18:30:53.0171 3664 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:30:53.0343 3664 Cdrom - ok
18:30:53.0484 3664 Changer - ok
18:30:53.0640 3664 CmdIde - ok
18:30:53.0812 3664 Cpqarray - ok
18:30:53.0984 3664 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
18:30:54.0000 3664 cpuz132 ( UnsignedFile.Multi.Generic ) - warning
18:30:54.0000 3664 cpuz132 - detected UnsignedFile.Multi.Generic (1)
18:30:54.0156 3664 dac2w2k - ok
18:30:54.0328 3664 dac960nt - ok
18:30:54.0531 3664 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:30:54.0703 3664 Disk - ok
18:30:54.0906 3664 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:30:55.0125 3664 dmboot - ok
18:30:55.0312 3664 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:30:55.0531 3664 dmio - ok
18:30:55.0718 3664 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:30:55.0859 3664 dmload - ok
18:30:56.0031 3664 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:30:56.0203 3664 DMusic - ok
18:30:56.0375 3664 dpti2o - ok
18:30:56.0593 3664 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:30:56.0765 3664 drmkaud - ok
18:30:56.0968 3664 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:30:57.0156 3664 Fastfat - ok
18:30:57.0343 3664 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:30:57.0515 3664 Fdc - ok
18:30:57.0703 3664 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:30:57.0875 3664 Fips - ok
18:30:58.0046 3664 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:30:58.0203 3664 Flpydisk - ok
18:30:58.0375 3664 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:30:58.0593 3664 FltMgr - ok
18:30:58.0765 3664 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:30:58.0937 3664 Fs_Rec - ok
18:30:59.0109 3664 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:30:59.0296 3664 Ftdisk - ok
18:30:59.0468 3664 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:30:59.0484 3664 GEARAspiWDM - ok
18:30:59.0671 3664 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:30:59.0828 3664 Gpc - ok
18:31:00.0015 3664 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:31:00.0187 3664 HidUsb - ok
18:31:00.0359 3664 hpn - ok
18:31:00.0531 3664 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:31:00.0625 3664 HPZid412 - ok
18:31:00.0812 3664 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:31:00.0906 3664 HPZipr12 - ok
18:31:01.0078 3664 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:31:01.0156 3664 HPZius12 - ok
18:31:01.0343 3664 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:31:01.0437 3664 HTTP - ok
18:31:01.0562 3664 i2omgmt - ok
18:31:01.0703 3664 i2omp - ok
18:31:01.0890 3664 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:31:02.0046 3664 i8042prt - ok
18:31:02.0203 3664 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:31:02.0515 3664 ialm - ok
18:31:02.0734 3664 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:31:02.0890 3664 Imapi - ok
18:31:03.0046 3664 ini910u - ok
18:31:03.0218 3664 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
18:31:03.0375 3664 IntelIde - ok
18:31:03.0562 3664 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:31:03.0750 3664 intelppm - ok
18:31:03.0921 3664 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:31:04.0093 3664 ip6fw - ok
18:31:04.0265 3664 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:31:04.0437 3664 IpFilterDriver - ok
18:31:04.0625 3664 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:31:04.0796 3664 IpInIp - ok
18:31:04.0968 3664 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:31:05.0125 3664 IpNat - ok
18:31:05.0328 3664 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:31:05.0515 3664 IPSec - ok
18:31:05.0687 3664 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:31:05.0765 3664 IRENUM - ok
18:31:05.0921 3664 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:31:06.0093 3664 isapnp - ok
18:31:06.0265 3664 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:31:06.0437 3664 Kbdclass - ok
18:31:06.0609 3664 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:31:06.0781 3664 kbdhid - ok
18:31:06.0953 3664 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:31:07.0109 3664 kmixer - ok
18:31:07.0312 3664 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:31:07.0421 3664 KSecDD - ok
18:31:07.0578 3664 lbrtfdc - ok
18:31:07.0796 3664 ltmodem5 (829ef680a308c12e2a80e5e0da0d958d) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
18:31:07.0921 3664 ltmodem5 - ok
18:31:08.0093 3664 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:31:08.0250 3664 mnmdd - ok
18:31:08.0437 3664 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:31:08.0609 3664 Modem - ok
18:31:08.0781 3664 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:31:08.0953 3664 Mouclass - ok
18:31:09.0109 3664 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:31:09.0281 3664 mouhid - ok
18:31:09.0468 3664 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:31:09.0625 3664 MountMgr - ok
18:31:09.0765 3664 mraid35x - ok
18:31:09.0953 3664 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:31:10.0109 3664 MRxDAV - ok
18:31:10.0328 3664 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:31:10.0437 3664 MRxSmb - ok
18:31:10.0625 3664 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
18:31:10.0796 3664 MSDV - ok
18:31:10.0968 3664 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:31:11.0140 3664 Msfs - ok
18:31:11.0328 3664 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:31:11.0484 3664 MSKSSRV - ok
18:31:11.0656 3664 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:31:11.0828 3664 MSPCLOCK - ok
18:31:12.0000 3664 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:31:12.0171 3664 MSPQM - ok
18:31:12.0343 3664 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:31:12.0515 3664 mssmbios - ok
18:31:12.0687 3664 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:31:12.0828 3664 MSTEE - ok
18:31:13.0000 3664 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:31:13.0062 3664 Mup - ok
18:31:13.0234 3664 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:31:13.0421 3664 NABTSFEC - ok
18:31:13.0609 3664 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:31:13.0765 3664 NDIS - ok
18:31:13.0937 3664 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:31:14.0109 3664 NdisIP - ok
18:31:14.0296 3664 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:31:14.0375 3664 NdisTapi - ok
18:31:14.0578 3664 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:31:14.0750 3664 Ndisuio - ok
18:31:14.0937 3664 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:31:15.0093 3664 NdisWan - ok
18:31:15.0265 3664 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:31:15.0359 3664 NDProxy - ok
18:31:15.0531 3664 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:31:15.0687 3664 NetBIOS - ok
18:31:15.0859 3664 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:31:16.0046 3664 NetBT - ok
18:31:16.0250 3664 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:31:16.0421 3664 NIC1394 - ok
18:31:16.0625 3664 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:31:16.0781 3664 Npfs - ok
18:31:16.0953 3664 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:31:17.0171 3664 Ntfs - ok
18:31:17.0343 3664 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:31:17.0515 3664 Null - ok
18:31:17.0765 3664 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:31:18.0015 3664 nv - ok
18:31:18.0187 3664 nvcap (9b7accfac9b19b98d54f45a9cf61ca39) C:\WINDOWS\system32\DRIVERS\nvcap.sys
18:31:18.0281 3664 nvcap - ok
18:31:18.0468 3664 NVXBAR (bef79a5b5a01bb749afbed27837e6311) C:\WINDOWS\system32\DRIVERS\NVxbar.sys
18:31:18.0500 3664 NVXBAR - ok
18:31:18.0640 3664 nv_agp (01621905ae34bc24aaa2fddb93977299) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
18:31:18.0703 3664 nv_agp - ok
18:31:18.0875 3664 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:31:19.0046 3664 NwlnkFlt - ok
18:31:19.0218 3664 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:31:19.0375 3664 NwlnkFwd - ok
18:31:19.0546 3664 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:31:19.0734 3664 ohci1394 - ok
18:31:19.0921 3664 PaeFireStudio (f5ac1bb38c09545dcd75b48a94c8417b) C:\WINDOWS\system32\Drivers\PaeFireStudio.sys
18:31:19.0937 3664 PaeFireStudio ( UnsignedFile.Multi.Generic ) - warning
18:31:19.0937 3664 PaeFireStudio - detected UnsignedFile.Multi.Generic (1)
18:31:20.0109 3664 PaeFireStudioAudio (a0bbc90b769dbeacffb017143ccb0023) C:\WINDOWS\system32\drivers\PaeFireStudioAudio.sys
18:31:20.0109 3664 PaeFireStudioAudio ( UnsignedFile.Multi.Generic ) - warning
18:31:20.0109 3664 PaeFireStudioAudio - detected UnsignedFile.Multi.Generic (1)
18:31:20.0281 3664 PaeFireStudioMidi (8024e0a6ab8a87040c6b1cc368dbca22) C:\WINDOWS\system32\drivers\PaeFireStudioMidi.sys
18:31:20.0312 3664 PaeFireStudioMidi ( UnsignedFile.Multi.Generic ) - warning
18:31:20.0312 3664 PaeFireStudioMidi - detected UnsignedFile.Multi.Generic (1)
18:31:20.0484 3664 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:31:20.0640 3664 Parport - ok
18:31:20.0828 3664 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:31:20.0984 3664 PartMgr - ok
18:31:21.0156 3664 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:31:21.0328 3664 ParVdm - ok
18:31:21.0500 3664 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:31:21.0640 3664 PCI - ok
18:31:21.0781 3664 PCIDump - ok
18:31:21.0937 3664 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:31:22.0109 3664 PCIIde - ok
18:31:22.0281 3664 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:31:22.0484 3664 Pcmcia - ok
18:31:22.0640 3664 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
18:31:22.0671 3664 pcouffin ( UnsignedFile.Multi.Generic ) - warning
18:31:22.0671 3664 pcouffin - detected UnsignedFile.Multi.Generic (1)
18:31:22.0812 3664 PDCOMP - ok
18:31:22.0953 3664 PDFRAME - ok
18:31:23.0093 3664 PDRELI - ok
18:31:23.0234 3664 PDRFRAME - ok
18:31:23.0375 3664 perc2 - ok
18:31:23.0562 3664 perc2hib - ok
18:31:23.0734 3664 pfc (e5ac9f8c128b597dd7919af96b84172e) C:\WINDOWS\system32\drivers\pfc.sys
18:31:23.0750 3664 pfc ( UnsignedFile.Multi.Generic ) - warning
18:31:23.0750 3664 pfc - detected UnsignedFile.Multi.Generic (1)
18:31:23.0968 3664 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:31:24.0140 3664 PptpMiniport - ok
18:31:24.0328 3664 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:31:24.0484 3664 Processor - ok
18:31:24.0671 3664 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
18:31:24.0703 3664 Ps2 - ok
18:31:24.0875 3664 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:31:25.0046 3664 Ptilink - ok
18:31:25.0203 3664 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
18:31:25.0468 3664 PxHelp20 - ok
18:31:25.0625 3664 ql1080 - ok
18:31:25.0765 3664 Ql10wnt - ok
18:31:25.0906 3664 ql12160 - ok
18:31:26.0062 3664 ql1240 - ok
18:31:26.0203 3664 ql1280 - ok
18:31:26.0375 3664 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:31:26.0546 3664 RasAcd - ok
18:31:26.0734 3664 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:31:26.0890 3664 Rasl2tp - ok
18:31:27.0062 3664 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:31:27.0234 3664 RasPppoe - ok
18:31:27.0406 3664 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:31:27.0578 3664 Raspti - ok
18:31:27.0765 3664 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:31:27.0937 3664 Rdbss - ok
18:31:28.0093 3664 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:31:28.0265 3664 RDPCDD - ok
18:31:28.0484 3664 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:31:28.0515 3664 RDPWD - ok
18:31:28.0703 3664 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:31:28.0875 3664 redbook - ok
18:31:29.0046 3664 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
18:31:29.0109 3664 rtl8139 - ok
18:31:29.0296 3664 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
18:31:29.0500 3664 S3Psddr - ok
18:31:29.0703 3664 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:31:29.0765 3664 Secdrv - ok
18:31:29.0953 3664 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:31:30.0093 3664 Serenum - ok
18:31:30.0265 3664 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:31:30.0437 3664 Serial - ok
18:31:30.0640 3664 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:31:30.0796 3664 Sfloppy - ok
18:31:30.0953 3664 Simbad - ok
18:31:31.0125 3664 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
18:31:31.0234 3664 SiS315 - ok
18:31:31.0406 3664 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
18:31:31.0453 3664 SISAGP - ok
18:31:31.0656 3664 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys
18:31:31.0687 3664 SiSkp - ok
18:31:31.0859 3664 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:31:32.0015 3664 SLIP - ok
18:31:32.0171 3664 Sparrow - ok
18:31:32.0343 3664 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:31:32.0500 3664 splitter - ok
18:31:32.0687 3664 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:31:32.0765 3664 sr - ok
18:31:32.0953 3664 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:31:33.0031 3664 Srv - ok
18:31:33.0203 3664 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:31:33.0359 3664 streamip - ok
18:31:33.0531 3664 SunkFilt (2087b202cfe8a2f8a59cecfffbec58d5) C:\WINDOWS\System32\Drivers\sunkfilt.sys
18:31:33.0546 3664 SunkFilt ( UnsignedFile.Multi.Generic ) - warning
18:31:33.0546 3664 SunkFilt - detected UnsignedFile.Multi.Generic (1)
18:31:33.0687 3664 Sunkfiltp - ok
18:31:33.0859 3664 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:31:34.0015 3664 swenum - ok
18:31:34.0171 3664 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:31:34.0343 3664 swmidi - ok
18:31:34.0515 3664 symc810 - ok
18:31:34.0656 3664 symc8xx - ok
18:31:34.0812 3664 sym_hi - ok
18:31:34.0953 3664 sym_u3 - ok
18:31:35.0093 3664 SynasUSB - ok
18:31:35.0265 3664 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:31:35.0437 3664 sysaudio - ok
18:31:35.0625 3664 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:31:35.0703 3664 Tcpip - ok
18:31:35.0890 3664 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:31:36.0046 3664 TDPIPE - ok
18:31:36.0218 3664 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:31:36.0390 3664 TDTCP - ok
18:31:36.0562 3664 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:31:36.0718 3664 TermDD - ok
18:31:36.0890 3664 TosIde - ok
18:31:37.0062 3664 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:31:37.0218 3664 Udfs - ok
18:31:37.0359 3664 ultra - ok
18:31:37.0562 3664 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:31:37.0765 3664 Update - ok
18:31:37.0953 3664 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:31:37.0984 3664 USBAAPL - ok
18:31:38.0156 3664 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:31:38.0328 3664 usbccgp - ok
18:31:38.0500 3664 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:31:38.0656 3664 usbehci - ok
18:31:38.0843 3664 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:31:39.0000 3664 usbhub - ok
18:31:39.0187 3664 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:31:39.0359 3664 usbohci - ok
18:31:39.0531 3664 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:31:39.0671 3664 usbprint - ok
18:31:39.0859 3664 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:31:40.0015 3664 usbscan - ok
18:31:40.0171 3664 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:31:40.0343 3664 USBSTOR - ok
18:31:40.0531 3664 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:31:40.0687 3664 usbuhci - ok
18:31:40.0859 3664 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:31:41.0015 3664 VgaSave - ok
18:31:41.0171 3664 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
18:31:41.0234 3664 viaagp1 - ok
18:31:41.0421 3664 viagfx (e8c619c6c6bde90d130dda87150e1944) C:\WINDOWS\system32\DRIVERS\vtmini.sys
18:31:41.0531 3664 viagfx - ok
18:31:41.0687 3664 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
18:31:41.0843 3664 ViaIde - ok
18:31:42.0015 3664 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:31:42.0156 3664 VolSnap - ok
18:31:42.0343 3664 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:31:42.0515 3664 Wanarp - ok
18:31:42.0640 3664 WDICA - ok
18:31:42.0812 3664 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:31:42.0968 3664 wdmaud - ok
18:31:43.0234 3664 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:31:43.0390 3664 WS2IFSL - ok
18:31:43.0562 3664 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:31:43.0718 3664 WSTCODEC - ok
18:31:43.0890 3664 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:31:43.0937 3664 WudfPf - ok
18:31:44.0093 3664 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:31:44.0125 3664 WudfRd - ok
18:31:44.0343 3664 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
18:31:44.0421 3664 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
18:31:44.0578 3664 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
18:31:44.0609 3664 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
18:31:44.0625 3664 MBR (0x1B8) (8cc68602644010dfdb2a22cb60ddf258) \Device\Harddisk0\DR0
18:31:44.0687 3664 \Device\Harddisk0\DR0 - ok
18:31:44.0703 3664 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR7
18:31:44.0875 3664 \Device\Harddisk5\DR7 - ok
18:31:44.0875 3664 Boot (0x1200) (2d04e28597279dabd791c8f61fa192e4) \Device\Harddisk0\DR0\Partition0
18:31:44.0875 3664 \Device\Harddisk0\DR0\Partition0 - ok
18:31:44.0906 3664 Boot (0x1200) (cc9422ee90fbd5c4ae4d9f58eb388855) \Device\Harddisk0\DR0\Partition1
18:31:44.0906 3664 \Device\Harddisk0\DR0\Partition1 - ok
18:31:44.0906 3664 Boot (0x1200) (2d1fcd14a032d38bc5fb0e54d1f0ae3e) \Device\Harddisk5\DR7\Partition0
18:31:44.0921 3664 \Device\Harddisk5\DR7\Partition0 - ok
18:31:44.0921 3664 ============================================================
18:31:44.0921 3664 Scan finished
18:31:44.0921 3664 ============================================================
18:31:45.0078 3440 Detected object count: 8
18:31:45.0078 3440 Actual detected object count: 8
18:32:06.0515 3440 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:06.0515 3440 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:06.0515 3440 cpuz132 ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:06.0515 3440 cpuz132 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:06.0531 3440 PaeFireStudio ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:06.0531 3440 PaeFireStudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:06.0531 3440 PaeFireStudioAudio ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:06.0531 3440 PaeFireStudioAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:06.0546 3440 PaeFireStudioMidi ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:06.0546 3440 PaeFireStudioMidi ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:06.0546 3440 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:06.0546 3440 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:06.0562 3440 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:06.0562 3440 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:06.0562 3440 SunkFilt ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:06.0562 3440 SunkFilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:10.0703 3636 Deinitialize success


*****************************************************************************************************************

aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-25 18:58:42
-----------------------------
18:58:42.437 OS Version: Windows 5.1.2600 Service Pack 3
18:58:42.437 Number of processors: 2 586 0x303
18:58:42.437 ComputerName: HPSTUDIO UserName: Owner
18:58:42.828 Initialize success
18:58:48.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:58:48.359 Disk 0 Vendor: ST380011A 3.08 Size: 76319MB BusType: 3
18:58:50.375 Disk 0 MBR read successfully
18:58:50.375 Disk 0 MBR scan
18:58:50.375 Disk 0 unknown MBR code
18:58:50.375 Disk 0 Partition 1 00 0B FAT32 RECOVERY 7146 MB offset 63
18:58:50.375 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 69162 MB offset 14636160
18:58:50.375 Disk 0 scanning sectors +156280320
18:58:50.437 Disk 0 scanning C:\WINDOWS\system32\drivers
18:59:01.984 Service scanning
18:59:03.156 Modules scanning
18:59:17.484 Scan finished successfully
18:59:26.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
18:59:26.703 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


*****************************************************************************************************************


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122503

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/25/2011 7:10:43 PM
mbam-log-2011-12-25 (19-10-43).txt

Scan type: Quick scan
Objects scanned: 188271
Time elapsed: 8 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


*****************************************************************************************************************

OTL logfile created on: 12/25/2011 8:20:11 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.29 Mb Total Physical Memory | 121.60 Mb Available Physical Memory | 23.78% Memory free
1.22 Gb Paging File | 0.76 Gb Available in Paging File | 62.52% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.54 Gb Total Space | 13.68 Gb Free Space | 20.26% Space Free | Partition Type: NTFS
Drive D: | 6.97 Gb Total Space | 1.28 Gb Free Space | 18.36% Space Free | Partition Type: FAT32
Drive M: | 5.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive N: | 3.81 Gb Total Space | 0.55 Gb Free Space | 14.34% Space Free | Partition Type: FAT32

Computer Name: HPSTUDIO | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/25 20:19:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/11/26 00:20:50 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/30 14:37:19 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealOne Player\Update\realsched.exe
PRC - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 04:42:26 | 001,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 04:42:18 | 000,015,872 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\system32\dmremote.exe
PRC - [2003/08/19 10:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray\sgtray.exe
PRC - [2003/08/14 20:11:32 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PRC - [2003/05/23 04:55:38 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/24 19:04:00 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/12/22 16:06:04 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko8.dll
MOD - [2011/11/26 00:20:48 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/05/19 15:55:36 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
MOD - [2009/01/10 17:15:44 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NMSAccess)
SRV - File not found [Auto | Stopped] -- -- (AviraUpgradeService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2003/05/16 19:54:34 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2000/05/24 15:20:36 | 000,015,360 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\ATMsrvc.exe -- (ATMsrvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2009/05/28 22:30:50 | 000,121,984 | ---- | M] (PreSonus Audio Electronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PaeFireStudio.sys -- (PaeFireStudio)
DRV - [2009/05/28 22:30:50 | 000,026,240 | ---- | M] (PreSonus Audio Electronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PaeFireStudioMidi.sys -- (PaeFireStudioMidi)
DRV - [2009/05/28 22:30:50 | 000,021,632 | ---- | M] (PreSonus Audio Electronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PaeFireStudioAudio.sys -- (PaeFireStudioAudio)
DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/04/13 21:04:34 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/09/03 09:01:22 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/09/03 01:51:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/08/13 20:50:36 | 000,039,648 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003/08/13 08:34:00 | 000,594,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/07/30 04:15:00 | 000,126,348 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nvcap.sys -- (nvcap) nVidia WDM Video Capture (universal)
DRV - [2003/07/30 04:15:00 | 000,013,006 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nvxbar.sys -- (NVXBAR)
DRV - [2003/07/02 13:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/07/02 01:33:00 | 000,652,497 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/05/06 17:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/04/11 10:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/02/20 18:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2001/06/04 16:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realone player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realone player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realone player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/30 14:38:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/26 00:20:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/30 14:39:11 | 000,000,000 | ---D | M]

[2010/02/23 23:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/02/23 23:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2011/12/24 19:05:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\extensions
[2010/04/27 07:03:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/24 19:05:45 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/04/17 01:21:38 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\extensions\[email protected]
[2010/07/04 16:10:00 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\searchplugins\askcom.xml
[2011/12/04 11:19:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/30 14:38:16 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/03/27 21:12:21 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/26 00:20:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/27 21:12:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/09 14:11:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/26 00:20:51 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/25 16:52:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realone player\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe ()
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1250915464984 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D28F29F-4509-44D9-8C68-CF037D5359AB}: NameServer = 8.8.8.8,4.2.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/10 21:32:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/12/11 15:03:59 | 000,000,277 | R--- | M] () - M:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/25 20:19:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/12/25 19:00:30 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/25 18:32:24 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/12/25 18:29:01 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/12/25 16:31:37 | 004,351,768 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/12/15 00:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/14 01:56:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/14 00:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2011/12/06 23:35:57 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/06 23:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/05 22:38:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/05 22:38:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/05 22:38:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/05 22:38:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/04 14:43:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/04 04:15:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/12/04 02:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/04 02:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/04 02:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/11/27 18:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2010/04/27 06:49:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2006/04/12 07:09:37 | 011,817,800 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\GoogleEarth.exe
[2006/03/17 19:39:22 | 000,147,456 | ---- | C] (TeraByte Unlimited) -- C:\Program Files\BURNCDCC.EXE
[2001/09/25 14:05:58 | 001,707,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\InstMsiA.Exe
[2001/09/11 17:04:42 | 001,821,008 | ---- | C] (Microsoft Corporation) -- C:\Program Files\InstMsiW.Exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/25 20:19:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/12/25 20:15:36 | 000,118,452 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\diskmgmt.JPG
[2011/12/25 19:50:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/25 19:01:35 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/25 19:00:30 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/25 18:59:26 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/12/25 18:32:25 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/12/25 18:29:01 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/12/25 16:54:40 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/12/25 16:52:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/25 16:52:20 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2945407104-2445688501-1626213492-1003.job
[2011/12/25 16:52:10 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/25 16:51:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/25 16:51:50 | 536,203,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/25 16:32:06 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2945407104-2445688501-1626213492-1003.job
[2011/12/25 16:31:37 | 004,351,768 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/12/25 10:02:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/12/24 19:04:27 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/24 19:01:51 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/24 17:09:05 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/24 16:52:02 | 000,436,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/24 16:52:02 | 000,070,016 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/24 11:09:46 | 000,002,806 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\afd.reg
[2011/12/24 10:50:01 | 000,000,406 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Legacy_afd.zip.lnk
[2011/12/22 08:21:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/14 08:57:28 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/12/14 00:24:01 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/14 00:21:19 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/10 17:10:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/12/04 11:14:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/27 18:50:32 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/25 20:15:36 | 000,118,452 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\diskmgmt.JPG
[2011/12/24 11:10:49 | 000,002,806 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\afd.reg
[2011/12/24 10:50:00 | 000,000,406 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Legacy_afd.zip.lnk
[2011/12/15 00:13:55 | 536,203,264 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/11 13:47:21 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/12/06 23:36:10 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/05 22:38:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/05 22:38:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/05 22:38:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/05 22:38:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/05 22:38:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/04 02:21:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/27 18:50:32 | 000,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/12/09 22:28:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2010/09/09 08:27:41 | 000,003,580 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\d3d9caps.dat
[2010/05/24 14:33:00 | 004,670,829 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/05/24 14:33:00 | 001,529,856 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/05/24 14:33:00 | 001,447,921 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/05/24 14:33:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/05/24 14:33:00 | 000,810,113 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/24 14:33:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/05/24 14:33:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/05/24 14:33:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/05/24 14:33:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/05/24 14:33:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/05/24 14:33:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/05/24 14:33:00 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/05/24 14:33:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/05/24 14:33:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/05/24 14:33:00 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/24 14:33:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/05/24 14:33:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/05/19 15:59:20 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2010/05/19 15:59:10 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2010/05/19 15:59:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2010/05/19 15:58:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2010/05/19 15:58:24 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2010/05/19 15:58:18 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2010/05/19 15:58:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2010/05/19 15:57:42 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2010/05/19 15:57:38 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2010/05/19 15:57:26 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2010/05/19 15:57:20 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2010/05/19 15:55:40 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010/05/19 15:55:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010/04/27 06:50:19 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2010/04/27 06:49:25 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2010/04/27 06:49:25 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/04/27 06:49:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2009/11/18 00:47:30 | 000,270,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/13 00:00:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/11/12 23:59:15 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/11/06 21:08:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/10/07 23:18:41 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/10/07 22:19:52 | 000,117,132 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2009/10/05 21:37:32 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2009/10/04 18:40:49 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe
[2009/10/04 15:19:20 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2009/08/22 01:02:07 | 000,000,204 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/06/07 11:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 10:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/11/25 17:06:11 | 000,000,204 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2007/11/25 17:05:36 | 000,000,064 | ---- | C] () -- C:\WINDOWS\exchng32.ini
[2007/11/25 17:05:36 | 000,000,026 | ---- | C] () -- C:\WINDOWS\datalink.ini
[2007/11/25 17:05:14 | 000,000,032 | ---- | C] () -- C:\WINDOWS\GRAPH5.INI
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/08/06 06:33:27 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/02/25 19:17:01 | 000,116,912 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2007/02/25 19:17:01 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2007/01/15 14:31:44 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/08/15 04:03:16 | 007,033,856 | ---- | C] () -- C:\Program Files\ptlibrarian.msi
[2006/08/03 01:01:03 | 000,009,262 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/05/05 18:19:28 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/03/27 08:22:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/22 19:34:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/03/22 19:30:06 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/03/22 19:29:53 | 000,003,801 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/08/06 06:55:58 | 000,001,785 | ---- | C] () -- C:\WINDOWS\jawa32vs.bin
[2004/06/01 06:39:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\wininit.ini_
[2004/03/29 07:44:05 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/03/29 07:34:50 | 000,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Stylus CX5400.ini
[2004/03/28 15:33:57 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/12/08 16:20:36 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/12/08 16:20:36 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/12/08 16:20:33 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/12/08 16:20:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/12/08 16:20:23 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/12/08 16:20:01 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/12/08 16:20:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/12/08 16:18:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/12/08 16:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/10/14 00:41:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/10/14 00:24:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/10/13 17:52:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/10/13 17:52:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/10/11 03:15:25 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2003/10/11 00:33:40 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/10/11 00:33:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/10/11 00:33:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/10/11 00:31:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2003/10/11 00:29:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/10/11 00:26:40 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66.exe
[2003/10/11 00:24:47 | 000,030,203 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/10/11 00:24:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/10/11 00:23:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/10/11 00:18:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/11 00:07:37 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/10/10 23:30:11 | 000,006,848 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2003/10/10 23:30:06 | 000,018,403 | ---- | C] () -- C:\WINDOWS\HPHins01.dat
[2003/10/10 23:30:06 | 000,004,308 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat
[2003/10/10 23:12:25 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2003/10/10 23:12:25 | 000,028,884 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2003/10/10 22:47:15 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2003/10/10 22:47:15 | 000,028,884 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2003/10/10 22:31:33 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/10/10 22:25:30 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2003/10/10 22:24:25 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/10/10 22:24:25 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/10/10 22:23:54 | 000,126,348 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvcap.sys
[2003/10/10 22:22:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2003/10/10 22:22:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2003/10/10 22:05:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/10 21:56:51 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/10/10 21:56:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/10/10 21:56:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/10/10 21:35:14 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/10/10 21:33:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/10/10 21:30:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/10/10 21:22:28 | 000,000,667 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/10/10 21:22:15 | 000,436,696 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/10/10 21:22:15 | 000,070,016 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/10/10 14:26:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/09/23 03:19:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/08/20 05:05:40 | 000,000,041 | ---- | C] () -- C:\Program Files\Setup.Ini
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/03/20 00:00:00 | 000,002,041 | ---- | C] () -- C:\WINDOWS\MSFNTMAP.INI
[1996/03/20 00:00:00 | 000,000,586 | ---- | C] () -- C:\WINDOWS\MSTXTCNV.INI
[1996/03/20 00:00:00 | 000,000,280 | ---- | C] () -- C:\WINDOWS\TTEMBED.INI
[1996/03/20 00:00:00 | 000,000,022 | ---- | C] () -- C:\WINDOWS\BSHELF95.INI

========== LOP Check ==========

[2009/10/05 22:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eLicenser
[2008/07/09 19:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2006/05/29 10:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/10/05 22:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2004/07/25 22:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/27 07:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2006/11/05 18:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2008/09/18 21:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/12/27 12:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006/08/23 08:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Alien Skin
[2004/09/17 14:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Common Files
[2005/09/02 04:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2010/12/30 09:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FireControlSettings
[2009/04/26 02:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2010/10/05 02:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2007/12/17 08:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iLike
[2011/04/02 21:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2004/05/03 13:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2004/03/29 04:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2006/11/16 15:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PACE Anti-Piracy
[2010/10/04 02:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Participatory Culture Foundation
[2010/10/13 18:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCF-VLC
[2008/08/10 11:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PreSonus
[2003/10/11 00:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2008/08/10 14:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Steinberg
[2009/11/10 23:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2004/10/29 23:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/10/12 02:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2008/08/17 20:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VST3 Presets
[2006/04/16 13:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Webshots
[2011/12/25 16:33:31 | 000,031,864 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


*****************************************************************************************************************

C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\runner.exe probably a variant of Win32/Agent.CBFNBEO trojan cleaned by deleting - quarantined
C:\Program Files\Updates from HP\137903\Program\Backweb-137903\BackWeb-137903.exe probably a variant of Win32/Agent.CBFNBEO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP838\A0155343.exe probably a variant of Win32/Agent.CBFNBEO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP838\A0155344.exe probably a variant of Win32/Agent.CBFNBEO trojan cleaned by deleting - quarantined


*****************************************************************************************************************

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=edc37e28c26e2048b224486f328bc64a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-26 04:13:19
# local_time=2011-12-25 11:13:19 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=256 16777215 100 0 69485018 69485018 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=5889 16764286 0 80 158100800 165466936 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=154699
# found=4
# cleaned=4
# scan_time=7807
C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\runner.exe probably a variant of Win32/Agent.CBFNBEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Updates from HP\137903\Program\Backweb-137903\BackWeb-137903.exe probably a variant of Win32/Agent.CBFNBEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP838\A0155343.exe probably a variant of Win32/Agent.CBFNBEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP838\A0155344.exe probably a variant of Win32/Agent.CBFNBEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


*****************************************************************************************************************


QuickScan Beta 32-bit v0.9.9.99
-------------------------------
Scan date: Mon Dec 26 00:34:15 2011
Machine ID: 5CE74AA7



No infection found.
-------------------



Processes
---------
Alcor Micro Sunkist 2112 C:\Program Files\Multimedia Card Reader\shwicon2k.exe
ATI Desktop Component 2480 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
ati2evxx.exe 596 C:\WINDOWS\system32\ati2evxx.exe
Bonjour 1720 C:\Program Files\Bonjour\mDNSResponder.exe
Firefox 3796 C:\Program Files\Mozilla Firefox\firefox.exe
Firefox 588 C:\Program Files\Mozilla Firefox\plugin-container.exe
Firefox 3772 C:\Program Files\Mozilla Firefox\plugin-container.exe
Hewlett-Packard Company KBD EXE 2240 C:\hp\KBD\kbd.exe
HP Photosmart 2264 C:\WINDOWS\system32\hphmon05.exe
hpsysdrv 2256 C:\WINDOWS\system\hpsysdrv.exe
Java™ Platform SE 6 U24 1828 C:\Program Files\Java\jre6\bin\jqs.exe
Microsoft® Windows® Operating System 972 C:\WINDOWS\system32\spoolsv.exe
MobileDeviceService 1692 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PMB 1036 C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
RealPlayer (32-bit) 2140 C:\Program Files\Real\RealOne Player\Update\realsched.exe
Sonic Update Manager 1420 C:\Program Files\Common Files\Sonic\Update Manager\sgtray\sgtray.exe
(verified) Google Update 1832 C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) Microsoft® .NET Framework 2032 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
(verified) Microsoft® Windows® Operating System 2812 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 1192 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 360 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 4036 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 440 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 428 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 308 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1680 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1072 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 796 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 740 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 696 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 612 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1636 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 384 C:\WINDOWS\system32\winlogon.exe
(verified) Yahoo! AutoUpdater 1112 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


Network activity
----------------
Process firefox.exe (3796) connected on port 80 (HTTP) --> 204.245.190.41
Process firefox.exe (3796) connected on port 443 (HTTP over SSL) --> 74.125.226.127
Process firefox.exe (3796) connected on port 80 (HTTP) --> 216.156.194.144
Process firefox.exe (3796) connected on port 443 (HTTP over SSL) --> 23.1.61.227
Process firefox.exe (3796) connected on port 80 (HTTP) --> 216.115.101.179
Process firefox.exe (3796) connected on port 80 (HTTP) --> 216.156.194.144
Process firefox.exe (3796) connected on port 443 (HTTP over SSL) --> 23.1.61.227
Process firefox.exe (3796) connected on port 80 (HTTP) --> 65.121.208.243
Process firefox.exe (3796) connected on port 443 (HTTP over SSL) --> 23.1.61.227
Process firefox.exe (3796) connected on port 80 (HTTP) --> 74.125.226.121
Process firefox.exe (3796) connected on port 80 (HTTP) --> 74.125.226.122
Process firefox.exe (3796) connected on port 80 (HTTP) --> 74.125.226.122
Process firefox.exe (3796) connected on port 443 (HTTP over SSL) --> 23.1.61.227
Process firefox.exe (3796) connected on port 443 (HTTP over SSL) --> 74.125.226.100
Process firefox.exe (3796) connected on port 443 (HTTP over SSL) --> 23.1.61.227
Process firefox.exe (3796) connected on port 80 (HTTP) --> 50.17.245.102
Process firefox.exe (3796) connected on port 80 (HTTP) --> 74.125.226.122
Process firefox.exe (3796) connected on port 80 (HTTP) --> 204.245.190.41
Process firefox.exe (3796) connected on port 80 (HTTP) --> 74.125.226.99
Process firefox.exe (3796) connected on port 80 (HTTP) --> 204.245.190.41
Process firefox.exe (3796) connected on port 443 (HTTP over SSL) --> 74.125.226.100
Process firefox.exe (3796) connected on port 80 (HTTP) --> 204.245.190.41
Process firefox.exe (3796) connected on port 80 (HTTP) --> 204.245.190.41
Process firefox.exe (3796) connected on port 80 (HTTP) --> 69.171.224.14
Process firefox.exe (3796) connected on port 80 (HTTP) --> 204.245.190.41
Process firefox.exe (3796) connected on port 443 (HTTP over SSL) --> 23.13.153.8

Process svchost.exe (696) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Alcor Micro Sunkist C:\Program Files\Multimedia Card Reader\shwicon2k.exe
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
ATI 2D Component C:\WINDOWS\system32\Ati2mdxx.exe
ATI Desktop Component C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Hewlett-Packard Company KBD EXE C:\hp\KBD\kbd.exe
Hewlett-Packard Company PS2 EXE C:\WINDOWS\system32\ps2.exe
HP Photosmart C:\WINDOWS\system32\hphmon05.exe
hpsysdrv C:\WINDOWS\system\hpsysdrv.exe
Intel® Common User Interface C:\WINDOWS\System32\hkcmd.exe
Intel® Common User Interface C:\WINDOWS\system32\igfxsrvc.dll
Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
NVIDIA nView Desktop and Window Manager C:\WINDOWS\system32\nview.dll
QuickTime C:\Program Files\QuickTime\QTTask.exe
RealPlayer (32-bit) C:\Program Files\Real\RealOne Player\Update\realsched.exe
Realtek Audio - Event Monitor C:\WINDOWS\ALCXMNTR.EXE
RealUpgrade C:\Program Files\Real\RealUpgrade\realupgrade.exe
Recguard Application C:\WINDOWS\SMINST\RECGUARD.EXE
sgtray.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
(verified) Ahead Software Gmbh NeroCheck C:\WINDOWS\system32\NeroCheck.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) Google Updater C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
BitDefender QuickScan C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
Google Update C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
Java Deployment Toolkit 6.0.240.7 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java™ Platform SE 6 U24 c:\program files\java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U24 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Java™ Platform SE 6 U24 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Kakadu Software Tools for JPEG2000 C:\WINDOWS\Downloaded Program Files\kdu_v32r.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
MSN® Games by Zone.com C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
RadioWMPCore.dll C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\extensions\[email protected]\components\RadioWMPCore.dll
RadioWMPCoreGecko5.dll C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko5.dll
RadioWMPCoreGecko6.dll C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko6.dll
RadioWMPCoreGecko7.dll C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko7.dll
RadioWMPCoreGecko8.dll C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko8.dll
RadioWMPCoreGecko9.dll C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko9.dll
RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
RealJukebox NS Plugin c:\program files\real\realone player\Netscape6\nprjplug.dll
RealNetworks™ Chrome Background Exte C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
RealPlayer Download and Record Plugin c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
RealPlayer Version Plugin c:\program files\real\realone player\Netscape6\nprpjplug.dll
RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
RealPlayer™ G2 LiveConnect-Enabled P c:\program files\real\realone player\Netscape6\nppl3260.dll
RealPlayer™ HTML5VideoShim Plug-In ( C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
Yahoo! Webcam C:\WINDOWS\Downloaded Program Files\yuplapp.dll
Yahoo! Webcam C:\WINDOWS\Downloaded Program Files\ywcupl.dll
(verified) Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) RadioWMPCoreGecko19.dll C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
(verified) RadioWMPCoreGecko19.dll C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll


Scan
----
MD5: dfabb5c6a9e7c54dd92b71ba6c0f6ecd C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome14browserrecordhelper.dll
MD5: 7cdd20e571f980b91bb72b89d98e9735 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpcommon15browserrecordplugin.dll
MD5: 321d74fa8037b4bd57c6becb0fddd669 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
MD5: cc54cd805b70dd0ddaadc00fc38c9994 c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
MD5: ffbc753853d0dc6fae5494864553c833 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
MD5: 405c0112d5a83d06d1278df1a76488b3 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
MD5: aa5cc948ae484531a074f929c4fa3006 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
MD5: 34c084b321ea0308c58eed1cf6b5fb02 C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\extensions\[email protected]\components\RadioWMPCore.dll
MD5: c2ad81a8cb014376dcc05257bc31ca23 C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko5.dll
MD5: 402f5c01b3629e70015d4eac29bd4b80 C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko6.dll
MD5: d55024f2e996643e54d736c83b4a4e8e C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko7.dll
MD5: 6b9ecf45d72b1b47bea6fbfd62925634 C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko8.dll
MD5: 816c504ac507224f0ec4f72f2024b028 C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko9.dll
MD5: f4a569f89a90205a095965ae628625e1 C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gfy51tgg.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: 3c45d593036ff03305ddc13da20af1f4 C:\HP\KBD\aol.dll
MD5: 261e5e3602941656a1442b255c936b9e C:\HP\KBD\cfg.dll
MD5: 4a95f15b706b8fd9ec8715b6401eab7b C:\hp\KBD\kbd.exe
MD5: f68a3f0d63be926ed65ed1c8c5b03a3d C:\HP\KBD\led.dll
MD5: eab2b04aeec2c7c45fc7c67ff58cc6b4 C:\HP\KBD\msg.dll
MD5: 60db5561f7b646fa217e9ea6561e6705 C:\HP\KBD\MSIKBDIF.DLL
MD5: ab529ab0bfd476644a6db2357c98d1d5 C:\HP\KBD\onl.dll
MD5: 92e1a2ca29373a25946a33f63e36799a C:\HP\KBD\osd.dll
MD5: 493aa0c313b540a11dfcd01c8099f7f5 C:\HP\KBD\ps2.dll
MD5: 6630b19a9e12970a93ce32092b920929 C:\HP\KBD\sct.dll
MD5: 1eb0b0bc085f75a29ae8aa8b303306d3 C:\HP\KBD\url.dll
MD5: 6b43fbc9887f35d21e6f90a715db7086 C:\HP\KBD\USB.dll
MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
MD5: 826ddbbca98f2e6cd1dfe33cef33994c C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MD5: 34ebd4ff6a24d86bb4716d6afcc1a89b C:\Program Files\Apple Software Update\SoftwareUpdate.exe
MD5: 5997a74a0def4dc879604b076a3d6ed6 C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll
MD5: 202819fe9851509263f3625bd7892433 C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll
MD5: 79fa429bd77f9cd6b0171c7fd235a515 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MD5: c6cd436b024e691b12900e32051150a8 C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.ENU
MD5: 1c87705ccb2f60172b0fc86b5d82f00d C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 203a74767eb81f96a5166b1933db46d0 c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: ff575e76da89a3cede920bb71ee2f3c7 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
MD5: 47c1de0a890613ffcff1d67648eedf90 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: e220d2b30e0d49886cf4cde06306ead8 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MD5: f503d4832d84c4ea71e467a24e14259c C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: 3fd1216394195466e8c216179a0bf213 C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
MD5: 2d84049be852a816ef2b0c90b329a5ec C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: fd86c605fd7ad4a41c01ec7a4a1e1c5d C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: a3609397ef273b03295dbb10274be12c C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: e7d2e0983db35f3eb8ab49a17d157688 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MD5: df1c1cd0c7ee95cc00d71e9e415e7bcd C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
MD5: 20f6f19fe9e753f2780dc2fa083ad597 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: dc70310b3d079d667b67f0c7067209f3 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: 2e5212a0bfb98fe0167c92c76c87afe3 C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: 62742c53a41bf972274ba51ae39945c4 C:\Program Files\Common Files\Sonic\Update Manager\sfcwall31.dll
MD5: 42a038b68129f278d6e54e9398f0b32d C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
MD5: 22fd4e58d69969a9165721c797d54931 C:\Program Files\Common Files\Sonic\Update Manager\sgtray\sgtray.exe
MD5: 5eeb29c046539548988c85d96423429d C:\Program Files\Common Files\Sonic\Update Manager\sus.dll
MD5: a2d760d8158a94b6edd02317394c2626 C:\Program Files\Common Files\Sonic\Update Manager\trayrENU.dll
MD5: eb624e6d79393f0499befbabae78684b C:\Program Files\Common Files\Sonic\Update Manager\VXHTTP.dll
MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
MD5: ebb3c5714874cdf1a4fa98f9b99bb834 C:\Program Files\Google\Update\1.3.21.79\goopdate.dll
MD5: 8c2044169be2224c8a7cb8e81e7581af C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 2dee3cbe9db65124c49a6366d0b042a3 C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MD5: 88e49c2b7e75b1d9695d6a063f28a8bb c:\program files\java\jre6\bin\jp2ssv.dll
MD5: 5e06a9d23727daf96faa796f1135fdcd C:\Program Files\Java\jre6\bin\jqs.exe
MD5: 4ebb5b4dcabec18b29d01f9f607b0114 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: a36f13f0a039de74e07d7b2fbcaf8bb7 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
MD5: 026423673b8563e9975bda97ed6273c7 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: 8e151a2a185daf9852322028abe55534 c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
MD5: bd4c601a0c7c2b5e06753c77b0f15cec C:\Program Files\Mozilla Firefox\components\browsercomps.dll
MD5: 25532414a7a088553527a75b31df0592 C:\Program Files\Mozilla Firefox\firefox.exe
MD5: acdda9608d9e9374227ae3981305da74 C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: 8bb7bee59f0287a0ead64957db67b532 C:\Program Files\Mozilla Firefox\mozalloc.dll
MD5: 54e853f7cbb2a7114da3763bf9abd4d5 C:\Program Files\Mozilla Firefox\MOZCPP19.dll
MD5: 37ef3bb68aea271b600a1d2eec58cd2a C:\Program Files\Mozilla Firefox\MOZCRT19.dll
MD5: 3a5236be0bc729a077a80e2e5a716843 C:\Program Files\Mozilla Firefox\mozjs.dll
MD5: 3481a993bbbcef7f83938d3bbcba53c3 C:\Program Files\Mozilla Firefox\mozsqlite3.dll
MD5: b18ac873044816fcd21f6c742eea4556 C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: 3c840551b5baafc45b3f02c789d4fc77 C:\Program Files\Mozilla Firefox\nss3.dll
MD5: 15032e6af825451b861f0f941c344932 C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: c45c19f159f02a7a050c840dfccac489 C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: 4585bff270a7f0bac15c15f131012578 C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: 3a6b10e1d909da39716dfbb921a4842c C:\Program Files\Mozilla Firefox\plc4.dll
MD5: f9375875aa40bf4756d66ff692393aac C:\Program Files\Mozilla Firefox\plds4.dll
MD5: 1cd878ffa3b97d9008fa0e723ed996cb C:\Program Files\Mozilla Firefox\plugin-container.exe
MD5: 9d35e12b661581b83dd74eb910ea9e6d C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
MD5: 850820c1441620d2c692603551aa10db C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: 52adf2256e4df1f2837270617ba27b3c C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
MD5: 03b65f4a482da5bcb6f43d12cc51475a C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
MD5: 3cf277c305780ffeb8be2f80276a9e37 C:\Program Files\Mozilla Firefox\smime3.dll
MD5: c30f05f0faa9c826b8578d0159fa7c83 C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: eda70aba6202a5a152c6d8b5c5874ce9 C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: 49f6273082e0341ddd4af0be02394da9 C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: d2f353297cdf9197dc322f4c930009c0 C:\Program Files\Mozilla Firefox\xul.dll
MD5: 334e242417b1e66ecaf45d9dc62b288a C:\Program Files\Multimedia Card Reader\shwicon2k.exe
MD5: 73430e79d6df4de9055e2a7742b881d3 C:\Program Files\QuickTime\QTTask.exe
MD5: 850820c1441620d2c692603551aa10db c:\program files\real\realone player\Netscape6\nppl3260.dll
MD5: 52adf2256e4df1f2837270617ba27b3c c:\program files\real\realone player\Netscape6\nprjplug.dll
MD5: 03b65f4a482da5bcb6f43d12cc51475a c:\program files\real\realone player\Netscape6\nprpjplug.dll
MD5: 2aa60514b683f15cf484c4a9f21c3425 C:\Program Files\Real\RealOne Player\Update\realsched.exe
MD5: 874b6089db177c2c9f2029cb5199373f C:\Program Files\Real\RealUpgrade\realupgrade.exe
MD5: 627fa58adc043704f9d14ca44340956f C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
MD5: 7b8875a5b04932ac73afd8079864db68 C:\WINDOWS\ALCXMNTR.EXE
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 516fd7927172bbbe2d335ea94d816b9e C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MD5: 11b7ef74351ac5950e2c392d29b5ae77 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll
MD5: b57b64cba44cfc5eefc93dc459207a33 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6e45cf503f025c5fe814ea7e52f62a78\SMSvcHost.ni.exe
MD5: a093e1fd3d1338d3c0ef45df07e18462 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MD5: 033d88247779b1dd754e3d7a00795ef0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d14065ede44df8e9b5d6b60c5ddccc69\System.IdentityModel.ni.dll
MD5: 0ef9f50c8b52fe2c930054b85ff0eb49 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
MD5: 38e0dbcc3755a44b3b73efe6357ca60f C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ceadaf3b3d017c7a1ef10a06f8009f6f\System.ServiceModel.ni.dll
MD5: e26d6062aaba181a666636eaed07189a C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MD5: f8a84311b7f3adc0732fca6774622b2f C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MD5: 01d92f377f7afa834b4a3be41a28fd17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MD5: 7400c2b29c0024ebc98b94f3ae6034d5 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MD5: 1da76880df3814afd6f66d71704b23e3 C:\WINDOWS\Downloaded Program Files\kdu_v32r.dll
MD5: c9a7906090449a70f7135c5af16438ee C:\WINDOWS\Downloaded Program Files\yuplapp.dll
MD5: 0aff21da874d5982884af30c7b18c881 C:\WINDOWS\Downloaded Program Files\ywcupl.dll
MD5: 9ea94132e01979f0867243de7d151a26 C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
MD5: bf88feadc7786ea328bdcc5cb116de89 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: d3cc7a3813123e955b3a497c04b404e2 C:\WINDOWS\SMINST\RECGUARD.EXE
MD5: 8fec5ea0cdbfd17ed87ce2466d6a76d5 C:\WINDOWS\system32\ati2evxx.exe
MD5: fae95d6d7651b5629c4e19adbc9a3863 C:\WINDOWS\system32\Ati2mdxx.exe
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\COMCTL32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: a90e118f12d355f9946dfb30a8f94609 C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll
MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: aa0507f0516a4dff1b1279ab4a2abb37 C:\WINDOWS\system32\DINPUT8.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll
MD5: 303a63f4b913aa5d8998161cb77a8ce7 C:\WINDOWS\system32\feclient.dll
MD5: ee2ac08be7024a781df6f40870ed748d C:\WINDOWS\System32\hkcmd.exe
MD5: a36cab365f2942fa8be8658d176311ad C:\WINDOWS\system32\hphmon05.exe
MD5: e9b4525052117d769ef6b597a0d31874 C:\WINDOWS\system32\hpowiax2.dll
MD5: adbb61bf0b9c97de818090738ec71e57 C:\WINDOWS\system32\hptcpmib.dll
MD5: 4e460240cb29778f5f8c1feb38806679 C:\WINDOWS\system32\HpTcpMon.dll
MD5: e2a611081dc6d6a13ad3a9dd2f291f30 C:\WINDOWS\system32\HPTcpMUI.dll
MD5: fdb859f93c8491f961c3b9168fa90f51 C:\WINDOWS\system32\hpz3l054.dll
MD5: ee142789631138c42112b5b757dde6a9 C:\WINDOWS\system32\hpzjrd01.dll
MD5: 0b8fb29cda02015448c9f5260a013f19 C:\WINDOWS\system32\ieframe.dll
MD5: 1ab894fa897e26b23ca53beed72f61f4 C:\WINDOWS\system32\iertutil.dll
MD5: 6474af152cd6025f781d7a5f2b8b6084 C:\WINDOWS\system32\igfxsrvc.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: de3745a51b7ac7fedc356a83f76c8023 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL
MD5: 1e744353bd534405187a404667da3dc3 C:\WINDOWS\system32\mgmtapi.dll
MD5: b56cff6dd69b0cbdf96ccdb9bdb637c9 C:\WINDOWS\system32\mkunicode.dll
MD5: 9bf1a8af22aadc7727f4e395c5c09b1b C:\WINDOWS\system32\mmfinfo.dll
MD5: d3f72d50de53f9f1f55240115af4d42e c:\windows\system32\msi.dll
MD5: 585992d78b671aaa075c02241309795d C:\WINDOWS\system32\MSVCIRT.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 26b3de625fe075f43a61be19155220e6 C:\WINDOWS\system32\nview.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: c4c523e78774e05d06efe3e10017cf6d C:\WINDOWS\system32\ps2.exe
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: 4b410e9dbc93846d2e6c9ebde8304845 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp054.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\System32\sti.dll
MD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\t2embed.dll
MD5: 496ce99bbbb7680323921df30b405c36 C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: 552263502ea8c24d301a0c43ff90b3ed C:\WINDOWS\system32\WININET.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 95cf3446911a6e25ee4086df8a45b2aa C:\WINDOWS\system32\winsrv.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: 277f3e3333f1d10ca428568197fcce70 C:\WINDOWS\system32\wsnmp32.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: 06a1ecb63df139ec639e084d4ab3c9d7 C:\WINDOWS\system\hpsysdrv.exe
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll


No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.02 MB sent, 0.88 KB recvd
Scanned 470 files and modules - 69 seconds

==============================================================================


Vino's Event Viewer v01c run on Windows XP in English
Report run at 26/12/2011 12:38:39 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/12/2011 4:53:20 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: AFD

Log: 'System' Date/Time: 25/12/2011 4:53:20 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The nVidia WDM A/V Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 25/12/2011 4:53:20 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The nVidia WDM Video Capture (universal) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 25/12/2011 4:53:20 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Avira Upgrade Service service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 25/12/2011 4:53:20 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 25/12/2011 4:53:20 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The DHCP Client service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 24/12/2011 7:03:14 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: AFD

Log: 'System' Date/Time: 24/12/2011 7:03:14 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The nVidia WDM A/V Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 24/12/2011 7:03:14 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The nVidia WDM Video Capture (universal) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 24/12/2011 7:03:14 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 24/12/2011 7:03:14 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Net.Tcp Port Sharing Service service to connect.

Log: 'System' Date/Time: 24/12/2011 7:03:14 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Avira Upgrade Service service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 24/12/2011 7:03:14 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 24/12/2011 7:03:14 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The DHCP Client service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 24/12/2011 4:50:49 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: AFD

Log: 'System' Date/Time: 24/12/2011 4:50:49 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The nVidia WDM A/V Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 24/12/2011 4:50:49 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The nVidia WDM Video Capture (universal) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 24/12/2011 4:50:49 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Avira Upgrade Service service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 24/12/2011 4:50:49 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 24/12/2011 4:50:49 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The DHCP Client service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/12/2011 8:42:20 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 24/12/2011 9:16:29 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 23/12/2011 4:16:56 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 21/12/2011 3:31:46 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 19/12/2011 10:31:45 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 18/12/2011 9:33:57 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 16/12/2011 2:48:49 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 16/12/2011 12:00:12 AM
Type: warning Category: 0
Event: 20027 Source: Rasman
Remote Access Connection Manager failed to start because NDISWAN could not be opened.

Log: 'System' Date/Time: 15/12/2011 11:59:51 PM
Type: warning Category: 0
Event: 39 Source: W32Time
The time service is unable to register for network configuration change events. This may occur when TCP/IP is not correctly configured. The time service will be unable to sync time from network providers, but will still use locally installed hardware provdiers, if any are available.

Log: 'System' Date/Time: 15/12/2011 3:18:19 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Attached Thumbnails

  • diskmgmt.JPG

  • 0

#113
RKinner
Posted 26 December 2011 - 12:32 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
VEW says that afd is acting up again. Don't see how that can be if we got on line but check Device Manager and see if it looks ok.

Can you find an Extras log and post it? Should have been created when you ran OTL. IF not:
Run OTL

select the All option in the Extra Registry group then Run Scan.

You should get two logs. I just want the Extras log.

I don't see an Anti-virus. Let's install the free Avast.

http://www.avast.com...ivirus-download

Download, Save, and Run it.
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

I think on XP systems the log file can be found in text form in C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\boot.txt (might also use ALWVIL Software instead of Avast Software.) If you can find it please copy and paste.

Start, Run, Services.msc OK and see if you can find the Avira UpgradeService. If you find it right click and select Properties then change the Startup Type to Disabled.

Repeat for NMSAccess
  • 0

#114
MaxMurder
Posted 27 December 2011 - 07:36 AM

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
I did have Avira but uninstalled it because it was conflicting with Combofix, even though I disabled it, Combofix still said Avira components were running somewhere.
And the ADF errors are strange. I thought they were older errors, but according to the Extras log it looks like they occurred the day after it was fixed. I haven't had any connection problems. Had to reset my router twice, I don't know if that had anything to do with it(?)

Here is the Avast Boot Scan log:
12/27/2011 00:26
Scan of all local drives

File C:\hp\bin\ProcessLogger.exe is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Program Files\Common Files\Adobe\defused.zip|>defused.jpg Error 42125 {ZIP archive is corrupted.}
File C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP840\A0155406.exe is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\WINDOWS\Installer\19e58d47.msp|>GDRGDR.cab|>FL_dfshim_dll_66795_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 Error 42127 {CAB archive is corrupted.}
File D:\PRELOAD\DATA9_03.INP|>wmvdmod.dll Error 42127 {CAB archive is corrupted.}
File D:\PRELOAD\BASE_10.INP is infected by Win32:QHost-CCK [Trj], Moved to chest
Number of searched folders: 17371
Number of tested files: 714269
Number of infected files: 3

D: infection??
and here is the Extras log:
OTL Extras logfile created on: 12/26/2011 10:40:45 PM - Run 7
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.29 Mb Total Physical Memory | 136.38 Mb Available Physical Memory | 26.67% Memory free
1.22 Gb Paging File | 0.83 Gb Available in Paging File | 68.28% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.54 Gb Total Space | 13.54 Gb Free Space | 20.04% Space Free | Partition Type: NTFS
Drive D: | 6.97 Gb Total Space | 1.28 Gb Free Space | 18.36% Space Free | Partition Type: FAT32
Drive M: | 5.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive N: | 3.81 Gb Total Space | 0.55 Gb Free Space | 14.34% Space Free | Partition Type: FAT32

Computer Name: HPSTUDIO | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe" = C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe:*:Enabled:Fireworks MX -- (Macromedia Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{145CACAF-9B34-41FC-BE49-7D510A253E78}" = Multimedia Card Reader
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{5D7F0A0E-369E-46C0-9F99-FAB21A064781}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.0.96
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}" = ArcSoft ShowBiz 2
"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}" = Steinberg Cubase LE 4
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}" = HP Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"36317AE4-57EC-4F3E-B828-009A3DD96BE8" = Polar Bowler from Hewlett-Packard Desktops (remove only)
"62067F4C-84A9-45B9-8573-B90468B0A3EF" = Orbital from Hewlett-Packard Desktops (remove only)
"6723E59E-322A-417A-8E03-27A61E18253C" = Overball from Hewlett-Packard Desktops (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe SVG Viewer" = Adobe SVG Viewer
"Adobe Type Manager 4.1" = Adobe Type Manager 4.1
"ATI Display Driver" = ATI Display Driver
"BackWeb-137903 Uninstaller" = Updates from HP
"BFBCBAE3-8293-4215-9C4F-C2402C118EDB" = Otto from Hewlett-Packard Desktops (remove only)
"C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A" = Slyder from Hewlett-Packard Desktops (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.1.4
"eLicenser Control" = eLicenser Control
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileHippo.com" = FileHippo.com Update Checker
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Instant Support" = HP Instant Support
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"HPTOOLKIT" = toolkit
"ie8" = Windows Internet Explorer 8
"InstallShield_{145CACAF-9B34-41FC-BE49-7D510A253E78}" = Multimedia Card Reader
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.6
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NVIDIA" =
"NVIDIA GART Driver" = NVIDIA GART Driver
"PreSonus Universal Control_is1" = PreSonus Universal Control 3.4.0.5254
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 12.0" = RealPlayer
"SystemRequirementsLab" = System Requirements Lab
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Digital Editions" = Adobe Digital Editions

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/19/2011 9:52:13 AM | Computer Name = HPSTUDIO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/21/2011 2:52:26 AM | Computer Name = HPSTUDIO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/22/2011 11:30:56 PM | Computer Name = HPSTUDIO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/23/2011 3:14:16 AM | Computer Name = HPSTUDIO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/23/2011 3:20:06 AM | Computer Name = HPSTUDIO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/23/2011 3:25:17 AM | Computer Name = HPSTUDIO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/23/2011 3:37:25 AM | Computer Name = HPSTUDIO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/23/2011 8:36:56 PM | Computer Name = HPSTUDIO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/24/2011 12:29:48 PM | Computer Name = HPSTUDIO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/26/2011 2:22:25 AM | Computer Name = HPSTUDIO | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module urlmon.dll, version 8.0.6001.19165, fault address 0x0002a335.

[ Application Events ]
Error - 12/19/2011 9:52:13 AM | Computer Name = HPSTUDIO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/21/2011 2:52:26 AM | Computer Name = HPSTUDIO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/22/2011 11:30:56 PM | Computer Name = HPSTUDIO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/23/2011 3:14:16 AM | Computer Name = HPSTUDIO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/23/2011 3:20:06 AM | Computer Name = HPSTUDIO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/23/2011 3:25:17 AM | Computer Name = HPSTUDIO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/23/2011 3:37:25 AM | Computer Name = HPSTUDIO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/23/2011 8:36:56 PM | Computer Name = HPSTUDIO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/24/2011 12:29:48 PM | Computer Name = HPSTUDIO | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/26/2011 2:22:25 AM | Computer Name = HPSTUDIO | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module urlmon.dll, version 8.0.6001.19165, fault address 0x0002a335.

[ System Events ]
Error - 12/24/2011 8:03:14 PM | Computer Name = HPSTUDIO | Source = Service Control Manager | ID = 7000
Description = The Net.Tcp Port Sharing Service service failed to start due to the
following error: %%1053

Error - 12/24/2011 8:03:14 PM | Computer Name = HPSTUDIO | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM Video Capture (universal) service failed to start due
to the following error: %%1058

Error - 12/24/2011 8:03:14 PM | Computer Name = HPSTUDIO | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM A/V Crossbar service failed to start due to the following
error: %%1058

Error - 12/24/2011 8:03:14 PM | Computer Name = HPSTUDIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD

Error - 12/25/2011 5:53:20 PM | Computer Name = HPSTUDIO | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the AFD Networking Support Environment
service which failed to start because of the following error: %%31

Error - 12/25/2011 5:53:20 PM | Computer Name = HPSTUDIO | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 12/25/2011 5:53:20 PM | Computer Name = HPSTUDIO | Source = Service Control Manager | ID = 7000
Description = The Avira Upgrade Service service failed to start due to the following
error: %%3

Error - 12/25/2011 5:53:20 PM | Computer Name = HPSTUDIO | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM Video Capture (universal) service failed to start due
to the following error: %%1058

Error - 12/25/2011 5:53:20 PM | Computer Name = HPSTUDIO | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM A/V Crossbar service failed to start due to the following
error: %%1058

Error - 12/25/2011 5:53:20 PM | Computer Name = HPSTUDIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD


< End of report >

Edited by MaxMurder, 27 December 2011 - 07:38 AM.

  • 0

#115
RKinner
Posted 27 December 2011 - 10:14 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Uninstall:
Java™ 6 Update 24 - obsolete get latest at java.com
Java 2 Runtime Environment, SE v1.4.2 - obsolete
Adobe Reader 9.4.7 - obsolete get latest at adobe.com
MarketResearch - useless
Adobe Flash Player 10 ActiveX - obsolete get latest at adobe.com
Yahoo! Software Update - useless


Click Start, point to Programs, point to Administrative Tools, and then click Services.
Double-click the service that did not start: nVidia WDM A/V Crossbar
Click the Log On tab.
Verify that the service has not been disabled for the hardware profile that you are using. If it has, click Enable.
Click the General tab. Verify that the service has not been disabled in the Startup Type box. If it has, click Automatic to have it start when you start the computer. Apply. Try to Start the service. What error do you get?

Clear the events and reboot then run Vino's as before and post the logs.
  • 0

Advertisements

#116
MaxMurder
Posted 27 December 2011 - 11:56 PM

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Cannot find MarketResearch. Not in my Add/Delete programs list. HP software add-on it looks like?
Fixed everything else.

Nvidia WDM A/V Crossbar is not in services, but rather Device Manager under Non-Plug and Play along with Nvidia WDM Video Capture (Universal), both of which have yellow "!" signs.

"This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)"

The AFD had a yellow "!" in the Device Manager as well, although it looked fine and was still connected. After restart the "!" was gone. Weird.




Vino's Event Viewer v01c run on Windows XP in English
Report run at 28/12/2011 12:46:01 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/12/2011 12:33:42 AM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: AFD

Log: 'System' Date/Time: 28/12/2011 12:33:42 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The nVidia WDM A/V Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 28/12/2011 12:33:42 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The nVidia WDM Video Capture (universal) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 28/12/2011 12:33:42 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 28/12/2011 12:33:42 AM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Net.Tcp Port Sharing Service service to connect.

Log: 'System' Date/Time: 28/12/2011 12:33:42 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 28/12/2011 12:33:42 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The DHCP Client service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by MaxMurder, 27 December 2011 - 11:58 PM.

  • 0

#117
RKinner
Posted 28 December 2011 - 12:33 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
You can probably Disable the Net.Tcp Port Sharing Service. Doesn't sound like you really need it for anything.

The nvidia stuff is something to do with your video so look on your PC maker's website and see if there is a new driver or reinstall the old one.

It acts like afd is just a bit slow starting up. You could set the timeout to a higher value.

http://integrityitso...on-startup.html

I'd try 1 minute (60000). This might slow the boot a bit but not by that much.
  • 0

#118
MaxMurder
Posted 29 December 2011 - 12:15 AM

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Disabled Net.Tcp Port Sharing Service and set the timeout value.

As far as those drivers, I didn't see them on the HP site. Didn't check anywhere else yet.
  • 0

#119
RKinner
Posted 29 December 2011 - 12:29 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Clear the events and reboot then run Vino's as before and post the logs.

What make and model HP is this?
  • 0

#120
MaxMurder
Posted 29 December 2011 - 09:03 PM

MaxMurder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
HP Pavilion a450y

Vino's Event Viewer v01c run on Windows XP in English
Report run at 29/12/2011 9:57:33 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/12/2011 9:53:44 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: AFD

Log: 'System' Date/Time: 29/12/2011 9:53:44 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The nVidia WDM A/V Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 29/12/2011 9:53:44 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The nVidia WDM Video Capture (universal) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 29/12/2011 9:53:44 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 29/12/2011 9:53:44 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The DHCP Client service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Before I cleared the events, I checked the AFD and again it had the "!" although it was still connected and all seemed normal. Not sure if there's any rhyme or reason to when or why it's doing this.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP