Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Security 2012, PING.exe, Redirects, etc [Closed]


  • This topic is locked This topic is locked

#1
y2kfroguy

y2kfroguy

    Member

  • Member
  • PipPip
  • 64 posts
Having the same issues as many here and cannot seem to fight it off for good. I have the combofix, tdsskiller, aswmbr, mbam, and otl logs below as I have seen that has been asked for with these problems. Thank you for your help you guys are amazing to help all of us out!



COMBOFIX

ComboFix 11-12-13.03 - Chris 12/14/2011 17:39:23.3.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.2433 [GMT -6:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 48
R6025
- pure virtual function call
SED: can't read CuRun.dmp: No such file or directory
SED: can't read CuRun.dmp: No such file or directory
SED: can't read CuRun.dmp: No such file or directory
SED: can't read CuRun.dmp: No such file or directory
.
/wow section - STAGE 50
.
.
((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))
.
.
2011-12-14 23:53 . 2011-12-14 23:54 -------- d-----w- c:\users\Chris\AppData\Local\temp
2011-12-14 23:53 . 2011-12-14 23:53 -------- d-----w- c:\users\Freenet\AppData\Local\temp
2011-12-14 23:53 . 2011-12-14 23:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-14 23:35 . 2011-12-14 23:35 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95CFABEB-5A2D-4BF8-ADCE-9B01C91C8A19}\offreg.dll
2011-12-14 22:12 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95CFABEB-5A2D-4BF8-ADCE-9B01C91C8A19}\mpengine.dll
2011-12-14 06:25 . 2008-01-21 02:23 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-11 05:03 . 2011-12-11 05:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-11 05:03 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-19 07:21 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-19 07:20 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-19 07:20 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-19 07:20 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2010-09-23 01:23 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-23 18:55 . 2011-10-23 18:55 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-20 16:42 . 2009-08-18 16:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-10-20 16:42 . 2009-08-18 16:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-11 06:25 . 2011-10-11 06:25 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6E2FD54-3561-48AE-A1F9-9C261107AD3D}\gapaengine.dll
2011-09-30 23:06 . 2011-10-13 03:38 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-13 03:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-13 03:38 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-13 03:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01 . 2011-10-13 03:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07 . 2011-10-13 03:38 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-13 03:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-13 03:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-26 02:40 . 2011-04-23 01:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-14 402832]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 23:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 17:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2009-09-04 19:16 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
R1 MpKsl0450a567;MpKsl0450a567;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73A3333A-CC5A-4578-81AA-1F73438DE7B8}\MpKsl0450a567.sys [x]
R1 MpKsl04ad696c;MpKsl04ad696c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33CED062-425D-4950-9D9A-CB0B0EFDAAE1}\MpKsl04ad696c.sys [x]
R1 MpKsl054eedf1;MpKsl054eedf1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F78D488-E291-45B6-9F70-F5ED37A004A4}\MpKsl054eedf1.sys [x]
R1 MpKsl072c5605;MpKsl072c5605;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{055B01A1-A737-4413-A2E0-8F12893E4C44}\MpKsl072c5605.sys [x]
R1 MpKsl07e2723b;MpKsl07e2723b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F12D0D83-F092-4E58-A388-5E8F8013E06D}\MpKsl07e2723b.sys [x]
R1 MpKsl091b0f5e;MpKsl091b0f5e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2C6EC87-716A-4860-8F5C-D73DBCDE0DED}\MpKsl091b0f5e.sys [x]
R1 MpKsl0ab04352;MpKsl0ab04352;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C451466F-6DE2-45E8-BA0B-EA8C507CD7CA}\MpKsl0ab04352.sys [x]
R1 MpKsl11bae039;MpKsl11bae039;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2C424BE-C27A-4CB9-BEAF-F302925C4E4D}\MpKsl11bae039.sys [x]
R1 MpKsl13cbeab6;MpKsl13cbeab6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15068510-A221-4582-B8E3-B171E427B6C4}\MpKsl13cbeab6.sys [x]
R1 MpKsl14587726;MpKsl14587726;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FCFC3B5E-D6D7-458C-8209-A96554F22227}\MpKsl14587726.sys [x]
R1 MpKsl145df352;MpKsl145df352;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D29DEF5-CCFB-4811-BA9D-E97151E26F21}\MpKsl145df352.sys [x]
R1 MpKsl17d1ffef;MpKsl17d1ffef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33CED062-425D-4950-9D9A-CB0B0EFDAAE1}\MpKsl17d1ffef.sys [x]
R1 MpKsl1a6d9eee;MpKsl1a6d9eee;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{231A49B1-80EF-452A-833D-B6F3762DE435}\MpKsl1a6d9eee.sys [x]
R1 MpKsl1ec972f2;MpKsl1ec972f2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2AAB2646-6523-41ED-87E4-C4C79DA10567}\MpKsl1ec972f2.sys [x]
R1 MpKsl24bb53be;MpKsl24bb53be;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FCC7023-DBE0-4A67-A85D-E07B38757632}\MpKsl24bb53be.sys [x]
R1 MpKsl2653b5af;MpKsl2653b5af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7EB1DC3F-16FA-45E0-87BC-782ABD2F9273}\MpKsl2653b5af.sys [x]
R1 MpKsl296d9f62;MpKsl296d9f62;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04FB81EC-5F26-4710-A342-93A5305E6E83}\MpKsl296d9f62.sys [x]
R1 MpKsl29890513;MpKsl29890513;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B19CBD82-9D3D-44CB-B675-F42AC35BEDE7}\MpKsl29890513.sys [x]
R1 MpKsl29f73266;MpKsl29f73266;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0AA1E284-CB69-4C87-A20F-8C56F0E01F68}\MpKsl29f73266.sys [x]
R1 MpKsl2ae3661f;MpKsl2ae3661f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78015E95-CDA3-4363-ACDA-061A77A290C9}\MpKsl2ae3661f.sys [x]
R1 MpKsl2e676c18;MpKsl2e676c18;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A80888C-9BCC-4B5A-91D2-A9C8B2B73610}\MpKsl2e676c18.sys [x]
R1 MpKsl34a24807;MpKsl34a24807;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E1C70B5-8806-46C6-97D9-31C963697847}\MpKsl34a24807.sys [x]
R1 MpKsl35b95aa8;MpKsl35b95aa8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E98B6733-7D44-4563-841B-8FF0EEFF28E9}\MpKsl35b95aa8.sys [x]
R1 MpKsl3618fc94;MpKsl3618fc94;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C1DE2E4-DDE4-4C36-93C3-23CA38DD93CF}\MpKsl3618fc94.sys [x]
R1 MpKsl37beff20;MpKsl37beff20;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05797F2A-283A-4D55-A491-B2A464695D3A}\MpKsl37beff20.sys [x]
R1 MpKsl3a7eeb65;MpKsl3a7eeb65;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBF2B626-6D42-4A80-9B2C-A3E0DA73D4C9}\MpKsl3a7eeb65.sys [x]
R1 MpKsl3c8de7c2;MpKsl3c8de7c2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C53135E-CC22-4D2E-A5E9-273E9594015F}\MpKsl3c8de7c2.sys [x]
R1 MpKsl3cf5a160;MpKsl3cf5a160;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42856969-046F-4B84-8FB1-224C9CD8FEF9}\MpKsl3cf5a160.sys [x]
R1 MpKsl439c4d58;MpKsl439c4d58;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{002264BC-07EC-44CA-A038-93E26A8A5568}\MpKsl439c4d58.sys [x]
R1 MpKsl442ca00f;MpKsl442ca00f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05797F2A-283A-4D55-A491-B2A464695D3A}\MpKsl442ca00f.sys [x]
R1 MpKsl446d8a4f;MpKsl446d8a4f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7160DB5C-7DE0-4204-BACA-78FD25EC3A68}\MpKsl446d8a4f.sys [x]
R1 MpKsl469ca24f;MpKsl469ca24f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31DF6C0A-6A04-404D-B2F7-1325609A9426}\MpKsl469ca24f.sys [x]
R1 MpKsl476cffeb;MpKsl476cffeb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4C64134-5339-4F39-87DD-0AA86B2BCD32}\MpKsl476cffeb.sys [x]
R1 MpKsl4a0be4b5;MpKsl4a0be4b5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04FB81EC-5F26-4710-A342-93A5305E6E83}\MpKsl4a0be4b5.sys [x]
R1 MpKsl4bb5891a;MpKsl4bb5891a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB367FEC-34FD-4D30-82DA-4D2F5399066C}\MpKsl4bb5891a.sys [x]
R1 MpKsl4f7e35d6;MpKsl4f7e35d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42856969-046F-4B84-8FB1-224C9CD8FEF9}\MpKsl4f7e35d6.sys [x]
R1 MpKsl5209c373;MpKsl5209c373;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCC89A97-FE9A-4B04-8DE3-47576D9D01E3}\MpKsl5209c373.sys [x]
R1 MpKsl55efaf91;MpKsl55efaf91;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A5489D6-DBAD-47E3-AF73-86119C1E8837}\MpKsl55efaf91.sys [x]
R1 MpKsl57350dbc;MpKsl57350dbc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{825718BB-C0E0-47BF-929A-82C842D0D327}\MpKsl57350dbc.sys [x]
R1 MpKsl5739cf65;MpKsl5739cf65;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3006A176-E208-4B2B-B824-F79A3CDA50CC}\MpKsl5739cf65.sys [x]
R1 MpKsl5bf8ed06;MpKsl5bf8ed06;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DD80D68-1504-4228-8795-82750472FFD0}\MpKsl5bf8ed06.sys [x]
R1 MpKsl5ddccabc;MpKsl5ddccabc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BC30767-DAD6-4A6D-88BA-5B06D59EF051}\MpKsl5ddccabc.sys [x]
R1 MpKsl5f9e99b0;MpKsl5f9e99b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F356C71-42BF-4B32-9F2B-5F279774E848}\MpKsl5f9e99b0.sys [x]
R1 MpKsl60da120f;MpKsl60da120f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EF041027-BF65-4FAD-A5F2-AAD159FC4711}\MpKsl60da120f.sys [x]
R1 MpKsl63ababa2;MpKsl63ababa2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9BE7CD0-4C11-4F65-8B33-0FE534914ABE}\MpKsl63ababa2.sys [x]
R1 MpKsl63c68757;MpKsl63c68757;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73A3333A-CC5A-4578-81AA-1F73438DE7B8}\MpKsl63c68757.sys [x]
R1 MpKsl649653eb;MpKsl649653eb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3959439A-FD09-4DC3-AEED-3F23B0E9E68B}\MpKsl649653eb.sys [x]
R1 MpKsl66e834a6;MpKsl66e834a6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{231A49B1-80EF-452A-833D-B6F3762DE435}\MpKsl66e834a6.sys [x]
R1 MpKsl6907c979;MpKsl6907c979;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0314A68-6D35-4ABD-A967-791963B6E608}\MpKsl6907c979.sys [x]
R1 MpKsl6a8a2abc;MpKsl6a8a2abc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE891397-F174-43EB-A370-E184295817AA}\MpKsl6a8a2abc.sys [x]
R1 MpKsl6ad5b5b6;MpKsl6ad5b5b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D23B9EC6-8450-477B-ADCB-FB0628E27C94}\MpKsl6ad5b5b6.sys [x]
R1 MpKsl6b2745f9;MpKsl6b2745f9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2A0BF71-34B9-4E5D-8BB5-CCB7A3B1816B}\MpKsl6b2745f9.sys [x]
R1 MpKsl70a0409b;MpKsl70a0409b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EFCFD4E-9CFA-4808-B842-E730AAE02541}\MpKsl70a0409b.sys [x]
R1 MpKsl70dade98;MpKsl70dade98;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8ABB109-E205-4327-AA5B-6815BCB22927}\MpKsl70dade98.sys [x]
R1 MpKsl72935daa;MpKsl72935daa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{700105C8-1B6D-4E2B-93AE-72FA9B6412C5}\MpKsl72935daa.sys [x]
R1 MpKsl7577ff9f;MpKsl7577ff9f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76488854-E3E4-4540-B4A7-B8D4E5845D00}\MpKsl7577ff9f.sys [x]
R1 MpKsl75ed7439;MpKsl75ed7439;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B220448C-EF10-4E19-BF5B-2B69E4F6C90E}\MpKsl75ed7439.sys [x]
R1 MpKsl792ce7c3;MpKsl792ce7c3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7A718D3-043F-4671-848C-909D2DA60910}\MpKsl792ce7c3.sys [x]
R1 MpKsl797875c7;MpKsl797875c7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F12D0D83-F092-4E58-A388-5E8F8013E06D}\MpKsl797875c7.sys [x]
R1 MpKsl79e86464;MpKsl79e86464;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3959439A-FD09-4DC3-AEED-3F23B0E9E68B}\MpKsl79e86464.sys [x]
R1 MpKsl7c05a715;MpKsl7c05a715;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B19CBD82-9D3D-44CB-B675-F42AC35BEDE7}\MpKsl7c05a715.sys [x]
R1 MpKsl80a3f0c9;MpKsl80a3f0c9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78015E95-CDA3-4363-ACDA-061A77A290C9}\MpKsl80a3f0c9.sys [x]
R1 MpKsl820dda1e;MpKsl820dda1e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C1DE2E4-DDE4-4C36-93C3-23CA38DD93CF}\MpKsl820dda1e.sys [x]
R1 MpKsl83f1e94b;MpKsl83f1e94b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F356C71-42BF-4B32-9F2B-5F279774E848}\MpKsl83f1e94b.sys [x]
R1 MpKsl8923db3a;MpKsl8923db3a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D393F828-4B9E-49B2-A5C6-E3E66E251897}\MpKsl8923db3a.sys [x]
R1 MpKsl8a85876a;MpKsl8a85876a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D29DEF5-CCFB-4811-BA9D-E97151E26F21}\MpKsl8a85876a.sys [x]
R1 MpKsl8cc0486a;MpKsl8cc0486a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3006A176-E208-4B2B-B824-F79A3CDA50CC}\MpKsl8cc0486a.sys [x]
R1 MpKsl8fde8f61;MpKsl8fde8f61;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B220448C-EF10-4E19-BF5B-2B69E4F6C90E}\MpKsl8fde8f61.sys [x]
R1 MpKsl90ff8dc6;MpKsl90ff8dc6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B946628E-6B8E-43E2-9079-D37886C6BEFD}\MpKsl90ff8dc6.sys [x]
R1 MpKsl91c76266;MpKsl91c76266;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBF2B626-6D42-4A80-9B2C-A3E0DA73D4C9}\MpKsl91c76266.sys [x]
R1 MpKsl96f9f579;MpKsl96f9f579;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3274473-3401-4209-8AF6-ED127A45309D}\MpKsl96f9f579.sys [x]
R1 MpKsl98235f0b;MpKsl98235f0b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04F648A4-8262-4F3D-9C66-B856E71B5B6F}\MpKsl98235f0b.sys [x]
R1 MpKsl990d2912;MpKsl990d2912;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29B89742-21FC-4301-B3CD-C7F702C4F46E}\MpKsl990d2912.sys [x]
R1 MpKsla0fa3733;MpKsla0fa3733;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07DD8CA2-392F-4E33-BA8B-72DEFAD914C6}\MpKsla0fa3733.sys [x]
R1 MpKsla59ae932;MpKsla59ae932;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04F648A4-8262-4F3D-9C66-B856E71B5B6F}\MpKsla59ae932.sys [x]
R1 MpKsla69ca89d;MpKsla69ca89d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D23B9EC6-8450-477B-ADCB-FB0628E27C94}\MpKsla69ca89d.sys [x]
R1 MpKsla6eb5529;MpKsla6eb5529;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42856969-046F-4B84-8FB1-224C9CD8FEF9}\MpKsla6eb5529.sys [x]
R1 MpKsla8bd92e0;MpKsla8bd92e0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A80888C-9BCC-4B5A-91D2-A9C8B2B73610}\MpKsla8bd92e0.sys [x]
R1 MpKslaa7e6e21;MpKslaa7e6e21;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{700105C8-1B6D-4E2B-93AE-72FA9B6412C5}\MpKslaa7e6e21.sys [x]
R1 MpKslac3b066d;MpKslac3b066d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5F32350-1217-4952-80E3-186D08A3498D}\MpKslac3b066d.sys [x]
R1 MpKslac9b8d00;MpKslac9b8d00;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A668D94-5376-4165-807A-DC083761217F}\MpKslac9b8d00.sys [x]
R1 MpKslacd27da4;MpKslacd27da4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29B89742-21FC-4301-B3CD-C7F702C4F46E}\MpKslacd27da4.sys [x]
R1 MpKslaebb185f;MpKslaebb185f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F78D488-E291-45B6-9F70-F5ED37A004A4}\MpKslaebb185f.sys [x]
R1 MpKslaef5f872;MpKslaef5f872;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B946628E-6B8E-43E2-9079-D37886C6BEFD}\MpKslaef5f872.sys [x]
R1 MpKslaf814032;MpKslaf814032;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB8B93BB-0C43-441E-AEB7-98C036F6E7A2}\MpKslaf814032.sys [x]
R1 MpKslafb126a7;MpKslafb126a7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1D2791E-5C09-4ECB-8DDB-26947C9CFC1C}\MpKslafb126a7.sys [x]
R1 MpKslb692fd8c;MpKslb692fd8c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B60C39E8-43E6-49F2-AF18-3343C49204D0}\MpKslb692fd8c.sys [x]
R1 MpKslb77ce85f;MpKslb77ce85f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCC89A97-FE9A-4B04-8DE3-47576D9D01E3}\MpKslb77ce85f.sys [x]
R1 MpKslb7dafbde;MpKslb7dafbde;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0178A7B-BC44-4E02-9709-9F6EFA52B993}\MpKslb7dafbde.sys [x]
R1 MpKslc0a20516;MpKslc0a20516;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{700105C8-1B6D-4E2B-93AE-72FA9B6412C5}\MpKslc0a20516.sys [x]
R1 MpKslc1491461;MpKslc1491461;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73ADBEF7-C3AC-4470-B4B6-9C3133C1A845}\MpKslc1491461.sys [x]
R1 MpKslc3c3ed30;MpKslc3c3ed30;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C53135E-CC22-4D2E-A5E9-273E9594015F}\MpKslc3c3ed30.sys [x]
R1 MpKslc4f8a70b;MpKslc4f8a70b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EAC248B-4EE6-43C4-8CF1-65216F2D37BD}\MpKslc4f8a70b.sys [x]
R1 MpKslca64f92d;MpKslca64f92d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0669A564-4BCD-4453-BCA6-6DD53627AC52}\MpKslca64f92d.sys [x]
R1 MpKsld1fc301a;MpKsld1fc301a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EFCFD4E-9CFA-4808-B842-E730AAE02541}\MpKsld1fc301a.sys [x]
R1 MpKsld2cd7195;MpKsld2cd7195;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DD8905B9-A1CA-4DDD-9179-C6F477D0223B}\MpKsld2cd7195.sys [x]
R1 MpKsld37c3ca9;MpKsld37c3ca9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0314A68-6D35-4ABD-A967-791963B6E608}\MpKsld37c3ca9.sys [x]
R1 MpKsld96ea051;MpKsld96ea051;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51D68E54-8F61-448D-B791-15FCDECCF86D}\MpKsld96ea051.sys [x]
R1 MpKsldad5cb0d;MpKsldad5cb0d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{825718BB-C0E0-47BF-929A-82C842D0D327}\MpKsldad5cb0d.sys [x]
R1 MpKsldd9e3773;MpKsldd9e3773;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B19CBD82-9D3D-44CB-B675-F42AC35BEDE7}\MpKsldd9e3773.sys [x]
R1 MpKsle7c1a914;MpKsle7c1a914;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2A0BF71-34B9-4E5D-8BB5-CCB7A3B1816B}\MpKsle7c1a914.sys [x]
R1 MpKsle9d5fb17;MpKsle9d5fb17;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7EB1DC3F-16FA-45E0-87BC-782ABD2F9273}\MpKsle9d5fb17.sys [x]
R1 MpKslea202cbf;MpKslea202cbf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC35ACB1-0E1E-452F-9215-62E7ECA2579D}\MpKslea202cbf.sys [x]
R1 MpKsleb09a783;MpKsleb09a783;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAB95F0C-CD21-4F7A-A996-4FDA209EFB39}\MpKsleb09a783.sys [x]
R1 MpKslec7e53c4;MpKslec7e53c4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8EADAB6-113A-4648-A9B5-24F16169D0C0}\MpKslec7e53c4.sys [x]
R1 MpKsleda90b15;MpKsleda90b15;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB367FEC-34FD-4D30-82DA-4D2F5399066C}\MpKsleda90b15.sys [x]
R1 MpKslfea38e03;MpKslfea38e03;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33CED062-425D-4950-9D9A-CB0B0EFDAAE1}\MpKslfea38e03.sys [x]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-14 352144]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 freenet;Freenet background service;c:\program files\Freenet\bin\wrapper-windows-x86-32.exe [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-04-23 15232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-08-01 47360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-23 232512]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 07:40]
.
2011-12-13 c:\windows\Tasks\HPCeeScheduleForChris.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
2011-12-14 c:\windows\Tasks\User_Feed_Synchronization-{D3D9B8B4-E29C-47D8-BDC9-D29EFDBAE505}.job
- c:\windows\system32\msfeedssync.exe [2011-10-13 21:29]
.
.
------- Supplementary Scan -------
.
uStart Page = About:Blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rk4i2as6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-14 17:54
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-14 17:56:18
ComboFix-quarantined-files.txt 2011-12-14 23:56
ComboFix2.txt 2011-12-14 08:18
.
Pre-Run: 143,306,485,760 bytes free
Post-Run: 143,343,108,096 bytes free
.
- - End Of File - - C58F91DC128DECC8189026C4A21B55C5



TDSSKILLER

18:04:21.0703 2224 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
18:04:22.0117 2224 ============================================================
18:04:22.0117 2224 Current date / time: 2011/12/14 18:04:22.0117
18:04:22.0117 2224 SystemInfo:
18:04:22.0117 2224
18:04:22.0118 2224 OS Version: 6.0.6002 ServicePack: 2.0
18:04:22.0118 2224 Product type: Workstation
18:04:22.0118 2224 ComputerName: CHRIS-PC
18:04:22.0118 2224 UserName: Chris
18:04:22.0119 2224 Windows directory: C:\Windows
18:04:22.0119 2224 System windows directory: C:\Windows
18:04:22.0119 2224 Processor architecture: Intel x86
18:04:22.0119 2224 Number of processors: 2
18:04:22.0119 2224 Page size: 0x1000
18:04:22.0119 2224 Boot type: Normal boot
18:04:22.0119 2224 ============================================================
18:04:25.0097 2224 Initialize success
18:04:27.0868 2484 ============================================================
18:04:27.0868 2484 Scan started
18:04:27.0868 2484 Mode: Manual;
18:04:27.0868 2484 ============================================================
18:04:29.0620 2484 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:04:29.0628 2484 ACPI - ok
18:04:30.0104 2484 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:04:30.0122 2484 adp94xx - ok
18:04:30.0245 2484 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:04:30.0302 2484 adpahci - ok
18:04:30.0604 2484 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:04:30.0615 2484 adpu160m - ok
18:04:30.0723 2484 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:04:30.0727 2484 adpu320 - ok
18:04:30.0969 2484 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:04:30.0977 2484 AFD - ok
18:04:31.0512 2484 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:04:31.0545 2484 agp440 - ok
18:04:31.0806 2484 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:04:31.0809 2484 aic78xx - ok
18:04:32.0150 2484 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
18:04:32.0151 2484 aliide - ok
18:04:32.0397 2484 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:04:32.0400 2484 amdagp - ok
18:04:32.0517 2484 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
18:04:32.0518 2484 amdide - ok
18:04:32.0619 2484 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:04:32.0636 2484 AmdK7 - ok
18:04:32.0679 2484 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:04:32.0706 2484 AmdK8 - ok
18:04:33.0058 2484 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:04:33.0061 2484 arc - ok
18:04:33.0149 2484 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:04:33.0177 2484 arcsas - ok
18:04:33.0305 2484 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:04:33.0328 2484 AsyncMac - ok
18:04:33.0477 2484 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:04:33.0478 2484 atapi - ok
18:04:33.0735 2484 athr (8aefd56986964bbae02b790971f2abaf) C:\Windows\system32\DRIVERS\athr.sys
18:04:34.0178 2484 athr - ok
18:04:34.0692 2484 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:04:34.0751 2484 Beep - ok
18:04:35.0216 2484 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:04:35.0246 2484 blbdrive - ok
18:04:35.0361 2484 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:04:35.0364 2484 bowser - ok
18:04:35.0485 2484 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:04:35.0487 2484 BrFiltLo - ok
18:04:35.0626 2484 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:04:35.0629 2484 BrFiltUp - ok
18:04:35.0741 2484 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:04:35.0751 2484 Brserid - ok
18:04:35.0960 2484 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:04:35.0963 2484 BrSerWdm - ok
18:04:36.0035 2484 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:04:36.0070 2484 BrUsbMdm - ok
18:04:36.0219 2484 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:04:36.0221 2484 BrUsbSer - ok
18:04:36.0302 2484 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:04:36.0304 2484 BTHMODEM - ok
18:04:36.0408 2484 catchme - ok
18:04:36.0587 2484 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:04:36.0590 2484 cdfs - ok
18:04:36.0745 2484 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:04:36.0755 2484 cdrom - ok
18:04:36.0944 2484 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:04:36.0946 2484 circlass - ok
18:04:37.0019 2484 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:04:37.0026 2484 CLFS - ok
18:04:37.0299 2484 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:04:37.0327 2484 CmBatt - ok
18:04:37.0444 2484 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
18:04:37.0445 2484 cmdide - ok
18:04:37.0725 2484 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
18:04:37.0768 2484 CnxtHdAudService - ok
18:04:38.0091 2484 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:04:38.0092 2484 Compbatt - ok
18:04:38.0190 2484 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:04:38.0191 2484 crcdisk - ok
18:04:38.0321 2484 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:04:38.0323 2484 Crusoe - ok
18:04:38.0604 2484 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:04:38.0651 2484 DfsC - ok
18:04:39.0112 2484 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:04:39.0114 2484 disk - ok
18:04:39.0346 2484 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
18:04:39.0374 2484 Dot4 - ok
18:04:39.0501 2484 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:04:39.0504 2484 Dot4Print - ok
18:04:39.0604 2484 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
18:04:39.0606 2484 dot4usb - ok
18:04:39.0962 2484 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:04:39.0963 2484 drmkaud - ok
18:04:40.0325 2484 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:04:40.0327 2484 dtsoftbus01 - ok
18:04:40.0714 2484 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:04:40.0721 2484 DXGKrnl - ok
18:04:40.0889 2484 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:04:40.0894 2484 E1G60 - ok
18:04:41.0141 2484 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:04:41.0145 2484 Ecache - ok
18:04:41.0254 2484 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:04:41.0263 2484 elxstor - ok
18:04:41.0466 2484 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:04:41.0468 2484 ErrDev - ok
18:04:41.0640 2484 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:04:41.0644 2484 exfat - ok
18:04:41.0727 2484 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:04:41.0731 2484 fastfat - ok
18:04:41.0879 2484 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:04:41.0881 2484 fdc - ok
18:04:41.0969 2484 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:04:41.0971 2484 FileInfo - ok
18:04:42.0047 2484 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:04:42.0049 2484 Filetrace - ok
18:04:42.0177 2484 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:04:42.0180 2484 flpydisk - ok
18:04:42.0291 2484 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:04:42.0296 2484 FltMgr - ok
18:04:42.0558 2484 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:04:42.0559 2484 Fs_Rec - ok
18:04:42.0608 2484 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:04:42.0638 2484 gagp30kx - ok
18:04:42.0957 2484 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:04:42.0958 2484 GEARAspiWDM - ok
18:04:43.0064 2484 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:04:43.0071 2484 HdAudAddService - ok
18:04:43.0182 2484 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:04:43.0205 2484 HDAudBus - ok
18:04:43.0372 2484 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:04:43.0375 2484 HidBth - ok
18:04:43.0491 2484 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:04:43.0493 2484 HidIr - ok
18:04:43.0590 2484 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:04:43.0592 2484 HidUsb - ok
18:04:43.0708 2484 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:04:43.0710 2484 HpCISSs - ok
18:04:43.0803 2484 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:04:43.0805 2484 HpqKbFiltr - ok
18:04:44.0075 2484 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:04:44.0207 2484 HSF_DPV - ok
18:04:44.0472 2484 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:04:44.0522 2484 HSXHWAZL - ok
18:04:45.0027 2484 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:04:45.0075 2484 HTTP - ok
18:04:45.0268 2484 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:04:45.0269 2484 i2omp - ok
18:04:45.0446 2484 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:04:45.0448 2484 i8042prt - ok
18:04:45.0572 2484 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:04:45.0579 2484 iaStorV - ok
18:04:46.0125 2484 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:04:47.0740 2484 igfx - ok
18:04:48.0256 2484 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:04:48.0258 2484 iirsp - ok
18:04:48.0535 2484 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
18:04:48.0565 2484 IntcHdmiAddService - ok
18:04:48.0804 2484 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
18:04:48.0805 2484 intelide - ok
18:04:48.0945 2484 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:04:48.0946 2484 intelppm - ok
18:04:49.0246 2484 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:04:49.0260 2484 IpFilterDriver - ok
18:04:49.0407 2484 IpInIp - ok
18:04:49.0633 2484 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:04:49.0636 2484 IPMIDRV - ok
18:04:50.0045 2484 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:04:50.0049 2484 IPNAT - ok
18:04:50.0506 2484 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:04:50.0516 2484 IRENUM - ok
18:04:50.0921 2484 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:04:50.0923 2484 isapnp - ok
18:04:51.0221 2484 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:04:51.0224 2484 iScsiPrt - ok
18:04:51.0525 2484 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:04:51.0543 2484 iteatapi - ok
18:04:52.0024 2484 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:04:52.0128 2484 iteraid - ok
18:04:52.0553 2484 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:04:52.0554 2484 kbdclass - ok
18:04:52.0850 2484 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
18:04:52.0870 2484 kbdhid - ok
18:04:53.0231 2484 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
18:04:53.0310 2484 KSecDD - ok
18:04:53.0605 2484 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
18:04:53.0607 2484 Lavasoft Kernexplorer - ok
18:04:53.0771 2484 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
18:04:53.0785 2484 Lbd - ok
18:04:54.0012 2484 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:04:54.0015 2484 lltdio - ok
18:04:54.0298 2484 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:04:54.0311 2484 LSI_FC - ok
18:04:54.0766 2484 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:04:54.0773 2484 LSI_SAS - ok
18:04:55.0143 2484 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:04:55.0150 2484 LSI_SCSI - ok
18:04:55.0539 2484 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:04:55.0569 2484 luafv - ok
18:04:55.0915 2484 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:04:55.0917 2484 mdmxsdk - ok
18:04:56.0051 2484 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:04:56.0052 2484 megasas - ok
18:04:56.0361 2484 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:04:56.0385 2484 MegaSR - ok
18:04:56.0707 2484 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:04:56.0726 2484 Modem - ok
18:04:57.0009 2484 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:04:57.0010 2484 monitor - ok
18:04:57.0237 2484 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:04:57.0238 2484 mouclass - ok
18:04:57.0405 2484 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:04:57.0415 2484 mouhid - ok
18:04:57.0640 2484 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:04:57.0642 2484 MountMgr - ok
18:04:58.0105 2484 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
18:04:58.0107 2484 MpFilter - ok
18:04:58.0501 2484 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:04:58.0510 2484 mpio - ok
18:04:58.0741 2484 MpKsl0450a567 - ok
18:04:58.0836 2484 MpKsl04ad696c - ok
18:04:58.0901 2484 MpKsl054eedf1 - ok
18:04:59.0045 2484 MpKsl072c5605 - ok
18:04:59.0270 2484 MpKsl07e2723b - ok
18:04:59.0478 2484 MpKsl091b0f5e - ok
18:04:59.0489 2484 MpKsl0ab04352 - ok
18:04:59.0593 2484 MpKsl11bae039 - ok
18:04:59.0604 2484 MpKsl13cbeab6 - ok
18:04:59.0617 2484 MpKsl14587726 - ok
18:04:59.0658 2484 MpKsl145df352 - ok
18:04:59.0671 2484 MpKsl17d1ffef - ok
18:04:59.0683 2484 MpKsl1a6d9eee - ok
18:04:59.0694 2484 MpKsl1ec972f2 - ok
18:04:59.0709 2484 MpKsl24bb53be - ok
18:04:59.0843 2484 MpKsl2653b5af - ok
18:04:59.0878 2484 MpKsl296d9f62 - ok
18:05:00.0036 2484 MpKsl29890513 - ok
18:05:00.0126 2484 MpKsl29f73266 - ok
18:05:00.0217 2484 MpKsl2ae3661f - ok
18:05:00.0301 2484 MpKsl2e676c18 - ok
18:05:00.0449 2484 MpKsl34a24807 - ok
18:05:00.0555 2484 MpKsl35b95aa8 - ok
18:05:00.0637 2484 MpKsl3618fc94 - ok
18:05:00.0651 2484 MpKsl37beff20 - ok
18:05:00.0699 2484 MpKsl3a7eeb65 - ok
18:05:00.0783 2484 MpKsl3c8de7c2 - ok
18:05:00.0794 2484 MpKsl3cf5a160 - ok
18:05:00.0807 2484 MpKsl439c4d58 - ok
18:05:00.0821 2484 MpKsl442ca00f - ok
18:05:00.0835 2484 MpKsl446d8a4f - ok
18:05:00.0873 2484 MpKsl469ca24f - ok
18:05:00.0885 2484 MpKsl476cffeb - ok
18:05:00.0921 2484 MpKsl4a0be4b5 - ok
18:05:00.0989 2484 MpKsl4bb5891a - ok
18:05:01.0038 2484 MpKsl4f7e35d6 - ok
18:05:01.0143 2484 MpKsl5209c373 - ok
18:05:01.0154 2484 MpKsl55efaf91 - ok
18:05:01.0174 2484 MpKsl57350dbc - ok
18:05:01.0193 2484 MpKsl5739cf65 - ok
18:05:01.0209 2484 MpKsl5bf8ed06 - ok
18:05:01.0259 2484 MpKsl5ddccabc - ok
18:05:01.0306 2484 MpKsl5f9e99b0 - ok
18:05:01.0318 2484 MpKsl60da120f - ok
18:05:01.0332 2484 MpKsl63ababa2 - ok
18:05:01.0343 2484 MpKsl63c68757 - ok
18:05:01.0395 2484 MpKsl649653eb - ok
18:05:01.0487 2484 MpKsl66e834a6 - ok
18:05:01.0501 2484 MpKsl6907c979 - ok
18:05:01.0514 2484 MpKsl6a8a2abc - ok
18:05:01.0525 2484 MpKsl6ad5b5b6 - ok
18:05:01.0569 2484 MpKsl6b2745f9 - ok
18:05:01.0581 2484 MpKsl70a0409b - ok
18:05:01.0597 2484 MpKsl70dade98 - ok
18:05:01.0608 2484 MpKsl72935daa - ok
18:05:01.0623 2484 MpKsl7577ff9f - ok
18:05:01.0638 2484 MpKsl75ed7439 - ok
18:05:01.0652 2484 MpKsl792ce7c3 - ok
18:05:01.0665 2484 MpKsl797875c7 - ok
18:05:01.0680 2484 MpKsl79e86464 - ok
18:05:01.0692 2484 MpKsl7c05a715 - ok
18:05:01.0814 2484 MpKsl80a3f0c9 - ok
18:05:01.0921 2484 MpKsl820dda1e - ok
18:05:02.0110 2484 MpKsl83f1e94b - ok
18:05:02.0121 2484 MpKsl8923db3a - ok
18:05:02.0223 2484 MpKsl8a85876a - ok
18:05:02.0304 2484 MpKsl8cc0486a - ok
18:05:02.0360 2484 MpKsl8fde8f61 - ok
18:05:02.0388 2484 MpKsl90ff8dc6 - ok
18:05:02.0399 2484 MpKsl91c76266 - ok
18:05:02.0411 2484 MpKsl96f9f579 - ok
18:05:02.0423 2484 MpKsl98235f0b - ok
18:05:02.0439 2484 MpKsl990d2912 - ok
18:05:02.0453 2484 MpKsla0fa3733 - ok
18:05:02.0467 2484 MpKsla59ae932 - ok
18:05:02.0526 2484 MpKsla69ca89d - ok
18:05:02.0564 2484 MpKsla6eb5529 - ok
18:05:02.0575 2484 MpKsla8bd92e0 - ok
18:05:02.0605 2484 MpKslaa7e6e21 - ok
18:05:02.0664 2484 MpKslac3b066d - ok
18:05:02.0687 2484 MpKslac9b8d00 - ok
18:05:02.0783 2484 MpKslacd27da4 - ok
18:05:02.0826 2484 MpKslaebb185f - ok
18:05:02.0861 2484 MpKslaef5f872 - ok
18:05:02.0872 2484 MpKslaf814032 - ok
18:05:02.0900 2484 MpKslafb126a7 - ok
18:05:02.0962 2484 MpKslb692fd8c - ok
18:05:02.0996 2484 MpKslb77ce85f - ok
18:05:03.0007 2484 MpKslb7dafbde - ok
18:05:03.0075 2484 MpKslc0a20516 - ok
18:05:03.0086 2484 MpKslc1491461 - ok
18:05:03.0130 2484 MpKslc3c3ed30 - ok
18:05:03.0145 2484 MpKslc4f8a70b - ok
18:05:03.0156 2484 MpKslca64f92d - ok
18:05:03.0171 2484 MpKsld1fc301a - ok
18:05:03.0186 2484 MpKsld2cd7195 - ok
18:05:03.0230 2484 MpKsld37c3ca9 - ok
18:05:03.0289 2484 MpKsld96ea051 - ok
18:05:03.0319 2484 MpKsldad5cb0d - ok
18:05:03.0335 2484 MpKsldd9e3773 - ok
18:05:03.0349 2484 MpKsle7c1a914 - ok
18:05:03.0362 2484 MpKsle9d5fb17 - ok
18:05:03.0378 2484 MpKslea202cbf - ok
18:05:03.0389 2484 MpKsleb09a783 - ok
18:05:03.0402 2484 MpKslec7e53c4 - ok
18:05:03.0418 2484 MpKsleda90b15 - ok
18:05:03.0434 2484 MpKslfea38e03 - ok
18:05:03.0659 2484 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:05:03.0662 2484 MpNWMon - ok
18:05:03.0888 2484 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:05:03.0899 2484 mpsdrv - ok
18:05:04.0042 2484 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:05:04.0068 2484 Mraid35x - ok
18:05:04.0264 2484 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:05:04.0286 2484 MRxDAV - ok
18:05:04.0846 2484 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:05:04.0854 2484 mrxsmb - ok
18:05:05.0148 2484 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:05:05.0154 2484 mrxsmb10 - ok
18:05:05.0325 2484 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:05:05.0366 2484 mrxsmb20 - ok
18:05:05.0509 2484 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
18:05:05.0510 2484 msahci - ok
18:05:05.0800 2484 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:05:05.0821 2484 msdsm - ok
18:05:06.0289 2484 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:05:06.0498 2484 Msfs - ok
18:05:06.0839 2484 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:05:06.0840 2484 msisadrv - ok
18:05:07.0256 2484 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:05:07.0258 2484 MSKSSRV - ok
18:05:07.0459 2484 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:05:07.0475 2484 MSPCLOCK - ok
18:05:07.0675 2484 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:05:07.0678 2484 MSPQM - ok
18:05:07.0865 2484 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:05:07.0869 2484 MsRPC - ok
18:05:08.0074 2484 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:05:08.0076 2484 mssmbios - ok
18:05:08.0148 2484 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:05:08.0173 2484 MSTEE - ok
18:05:08.0285 2484 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:05:08.0287 2484 Mup - ok
18:05:08.0442 2484 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:05:08.0469 2484 NativeWifiP - ok
18:05:08.0530 2484 NAVENG - ok
18:05:08.0541 2484 NAVEX15 - ok
18:05:08.0712 2484 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:05:08.0819 2484 NDIS - ok
18:05:09.0195 2484 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:05:09.0217 2484 NdisTapi - ok
18:05:09.0264 2484 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:05:09.0266 2484 Ndisuio - ok
18:05:09.0383 2484 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:05:09.0387 2484 NdisWan - ok
18:05:09.0499 2484 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:05:09.0501 2484 NDProxy - ok
18:05:09.0588 2484 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:05:09.0590 2484 NetBIOS - ok
18:05:09.0691 2484 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:05:09.0696 2484 netbt - ok
18:05:10.0205 2484 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
18:05:10.0926 2484 NETw3v32 - ok
18:05:11.0184 2484 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:05:11.0186 2484 nfrd960 - ok
18:05:11.0409 2484 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:05:11.0439 2484 NisDrv - ok
18:05:11.0718 2484 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:05:11.0719 2484 Npfs - ok
18:05:11.0774 2484 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:05:11.0775 2484 nsiproxy - ok
18:05:11.0930 2484 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:05:12.0121 2484 Ntfs - ok
18:05:12.0252 2484 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:05:12.0254 2484 ntrigdigi - ok
18:05:12.0356 2484 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:05:12.0358 2484 Null - ok
18:05:12.0433 2484 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:05:12.0436 2484 nvraid - ok
18:05:12.0725 2484 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:05:12.0733 2484 nvstor - ok
18:05:12.0911 2484 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:05:12.0930 2484 nv_agp - ok
18:05:13.0090 2484 NwlnkFlt - ok
18:05:13.0185 2484 NwlnkFwd - ok
18:05:13.0400 2484 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
18:05:13.0461 2484 ohci1394 - ok
18:05:13.0704 2484 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:05:13.0707 2484 Parport - ok
18:05:13.0852 2484 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:05:13.0854 2484 partmgr - ok
18:05:13.0961 2484 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:05:13.0963 2484 Parvdm - ok
18:05:14.0022 2484 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:05:14.0026 2484 pci - ok
18:05:14.0173 2484 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
18:05:14.0177 2484 pciide - ok
18:05:14.0254 2484 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:05:14.0260 2484 pcmcia - ok
18:05:14.0449 2484 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
18:05:14.0470 2484 pcouffin - ok
18:05:14.0719 2484 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:05:14.0840 2484 PEAUTH - ok
18:05:15.0055 2484 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:05:15.0057 2484 PptpMiniport - ok
18:05:15.0099 2484 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:05:15.0101 2484 Processor - ok
18:05:15.0231 2484 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:05:15.0234 2484 PSched - ok
18:05:15.0608 2484 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:05:15.0645 2484 ql2300 - ok
18:05:15.0710 2484 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:05:15.0731 2484 ql40xx - ok
18:05:15.0936 2484 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:05:15.0951 2484 QWAVEdrv - ok
18:05:16.0130 2484 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:05:16.0142 2484 RasAcd - ok
18:05:16.0486 2484 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:05:16.0489 2484 Rasl2tp - ok
18:05:16.0626 2484 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:05:16.0629 2484 RasPppoe - ok
18:05:16.0724 2484 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:05:16.0727 2484 RasSstp - ok
18:05:16.0808 2484 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:05:16.0815 2484 rdbss - ok
18:05:16.0908 2484 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:05:16.0909 2484 RDPCDD - ok
18:05:17.0068 2484 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:05:17.0116 2484 rdpdr - ok
18:05:17.0275 2484 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:05:17.0276 2484 RDPENCDD - ok
18:05:17.0474 2484 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:05:17.0479 2484 RDPWD - ok
18:05:17.0606 2484 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:05:17.0608 2484 rspndr - ok
18:05:17.0798 2484 RTL8169 (a1adc7b4c074744662207da6edcdfbb0) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:05:17.0843 2484 RTL8169 - ok
18:05:17.0977 2484 RTSTOR (08c3394391ab0aff65d75ae65d4207e1) C:\Windows\system32\drivers\RTSTOR.SYS
18:05:17.0980 2484 RTSTOR - ok
18:05:18.0352 2484 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:05:18.0386 2484 sbp2port - ok
18:05:18.0640 2484 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
18:05:18.0643 2484 sdbus - ok
18:05:18.0722 2484 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:05:18.0754 2484 secdrv - ok
18:05:18.0986 2484 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:05:18.0988 2484 Serenum - ok
18:05:19.0050 2484 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:05:19.0091 2484 Serial - ok
18:05:19.0166 2484 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:05:19.0169 2484 sermouse - ok
18:05:19.0341 2484 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:05:19.0343 2484 sffdisk - ok
18:05:19.0400 2484 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:05:19.0402 2484 sffp_mmc - ok
18:05:19.0447 2484 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:05:19.0449 2484 sffp_sd - ok
18:05:19.0505 2484 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:05:19.0507 2484 sfloppy - ok
18:05:19.0573 2484 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:05:19.0576 2484 sisagp - ok
18:05:19.0636 2484 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:05:19.0638 2484 SiSRaid2 - ok
18:05:19.0681 2484 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:05:19.0683 2484 SiSRaid4 - ok
18:05:19.0728 2484 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:05:19.0731 2484 Smb - ok
18:05:19.0767 2484 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:05:19.0769 2484 spldr - ok
18:05:19.0798 2484 SRTSP - ok
18:05:19.0818 2484 SRTSPX - ok
18:05:19.0882 2484 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:05:19.0891 2484 srv - ok
18:05:19.0962 2484 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:05:19.0967 2484 srv2 - ok
18:05:20.0035 2484 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:05:20.0039 2484 srvnet - ok
18:05:20.0097 2484 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
18:05:20.0099 2484 StillCam - ok
18:05:20.0158 2484 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:05:20.0159 2484 swenum - ok
18:05:20.0195 2484 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:05:20.0196 2484 Symc8xx - ok
18:05:20.0251 2484 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:05:20.0252 2484 Sym_hi - ok
18:05:20.0322 2484 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:05:20.0324 2484 Sym_u3 - ok
18:05:20.0398 2484 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
18:05:20.0401 2484 SynTP - ok
18:05:20.0860 2484 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
18:05:21.0097 2484 Tcpip - ok
18:05:21.0383 2484 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
18:05:21.0393 2484 Tcpip6 - ok
18:05:21.0567 2484 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
18:05:21.0569 2484 tcpipreg - ok
18:05:21.0656 2484 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:05:21.0679 2484 TDPIPE - ok
18:05:21.0850 2484 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:05:21.0855 2484 TDTCP - ok
18:05:21.0983 2484 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:05:22.0004 2484 tdx - ok
18:05:22.0156 2484 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:05:22.0157 2484 TermDD - ok
18:05:22.0349 2484 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:05:22.0357 2484 tssecsrv - ok
18:05:22.0479 2484 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:05:22.0484 2484 tunmp - ok
18:05:22.0681 2484 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:05:22.0695 2484 tunnel - ok
18:05:22.0848 2484 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:05:22.0852 2484 uagp35 - ok
18:05:23.0019 2484 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:05:23.0069 2484 udfs - ok
18:05:23.0203 2484 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:05:23.0206 2484 uliagpkx - ok
18:05:23.0338 2484 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:05:23.0379 2484 uliahci - ok
18:05:23.0573 2484 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:05:23.0589 2484 UlSata - ok
18:05:23.0763 2484 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:05:23.0771 2484 ulsata2 - ok
18:05:23.0850 2484 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:05:23.0862 2484 umbus - ok
18:05:24.0013 2484 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
18:05:24.0016 2484 USBAAPL - ok
18:05:24.0238 2484 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
18:05:24.0242 2484 usbaudio - ok
18:05:24.0296 2484 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:05:24.0313 2484 usbccgp - ok
18:05:24.0385 2484 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:05:24.0388 2484 usbcir - ok
18:05:24.0532 2484 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:05:24.0534 2484 usbehci - ok
18:05:24.0594 2484 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:05:24.0628 2484 usbhub - ok
18:05:24.0811 2484 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:05:24.0824 2484 usbohci - ok
18:05:25.0071 2484 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:05:25.0081 2484 usbprint - ok
18:05:25.0347 2484 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:05:25.0362 2484 usbscan - ok
18:05:25.0631 2484 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:05:25.0649 2484 USBSTOR - ok
18:05:26.0038 2484 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:05:26.0054 2484 usbuhci - ok
18:05:26.0481 2484 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:05:26.0539 2484 usbvideo - ok
18:05:27.0106 2484 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:05:27.0122 2484 vga - ok
18:05:27.0445 2484 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:05:27.0460 2484 VgaSave - ok
18:05:27.0702 2484 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:05:27.0712 2484 viaagp - ok
18:05:27.0890 2484 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:05:27.0908 2484 ViaC7 - ok
18:05:28.0064 2484 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
18:05:28.0065 2484 viaide - ok
18:05:28.0294 2484 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:05:28.0309 2484 volmgr - ok
18:05:28.0575 2484 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:05:28.0615 2484 volmgrx - ok
18:05:28.0898 2484 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:05:28.0962 2484 volsnap - ok
18:05:29.0320 2484 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:05:29.0343 2484 vsmraid - ok
18:05:29.0604 2484 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:05:29.0609 2484 WacomPen - ok
18:05:29.0831 2484 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:05:29.0847 2484 Wanarp - ok
18:05:29.0911 2484 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:05:29.0913 2484 Wanarpv6 - ok
18:05:30.0159 2484 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:05:30.0160 2484 Wd - ok
18:05:30.0338 2484 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:05:30.0433 2484 Wdf01000 - ok
18:05:30.0734 2484 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:05:30.0845 2484 winachsf - ok
18:05:31.0100 2484 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
18:05:31.0116 2484 WinUSB - ok
18:05:31.0429 2484 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:05:31.0430 2484 WmiAcpi - ok
18:05:32.0049 2484 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:05:32.0073 2484 WpdUsb - ok
18:05:32.0556 2484 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:05:32.0596 2484 ws2ifsl - ok
18:05:32.0903 2484 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
18:05:32.0912 2484 WSDPrintDevice - ok
18:05:33.0048 2484 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
18:05:33.0060 2484 WudfPf - ok
18:05:33.0209 2484 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:05:33.0234 2484 WUDFRd - ok
18:05:33.0384 2484 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
18:05:33.0386 2484 XAudio - ok
18:05:33.0452 2484 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
18:05:33.0470 2484 yukonwlh - ok
18:05:33.0569 2484 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
18:05:33.0582 2484 \Device\Harddisk0\DR0 - ok
18:05:33.0588 2484 Boot (0x1200) (9dcdaf7f471265c30d24dfcfe84401fc) \Device\Harddisk0\DR0\Partition0
18:05:33.0590 2484 \Device\Harddisk0\DR0\Partition0 - ok
18:05:33.0628 2484 Boot (0x1200) (cb397c5c46b80037603f4951c15cacbc) \Device\Harddisk0\DR0\Partition1
18:05:33.0630 2484 \Device\Harddisk0\DR0\Partition1 - ok
18:05:33.0630 2484 ============================================================
18:05:33.0630 2484 Scan finished
18:05:33.0630 2484 ============================================================
18:05:33.0653 2224 Detected object count: 0
18:05:33.0653 2224 Actual detected object count: 0
18:10:21.0025 2500 Deinitialize success



ASWMBR

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-14 18:31:59
-----------------------------
18:31:59.287 OS Version: Windows 6.0.6002 Service Pack 2
18:31:59.287 Number of processors: 2 586 0x170A
18:31:59.289 ComputerName: CHRIS-PC UserName: Chris
18:32:00.814 Initialize success
18:32:06.853 AVAST engine defs: 11121402
18:32:12.095 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:32:12.099 Disk 0 Vendor: FUJITSU_MHZ2320BH_G2 8909 Size: 305245MB BusType: 3
18:32:14.126 Disk 0 MBR read successfully
18:32:14.130 Disk 0 MBR scan
18:32:14.139 Disk 0 unknown MBR code
18:32:14.160 Disk 0 scanning sectors +625135616
18:32:14.259 Disk 0 scanning C:\Windows\system32\drivers
18:32:30.158 Service scanning
18:32:31.345 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
18:32:32.036 Modules scanning
18:32:42.761 AVAST engine scan C:\Windows
18:32:48.944 AVAST engine scan C:\Windows\system32
18:35:10.182 AVAST engine scan C:\Windows\system32\drivers
18:35:22.374 AVAST engine scan C:\Users\Chris
18:37:05.408 File: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\5ae7c790-7013bc45 **INFECTED** Win32:MalOb-EJ [Cryp]
18:37:05.813 File: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\455b1452-4a4ef107 **INFECTED** Win32:MalOb-FN [Cryp]
18:37:08.497 File: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\1d1eba9f-5664564a **INFECTED** Win32:MalOb-FN [Cryp]
18:37:09.579 File: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\786848a3-48437afd **INFECTED** Win32:FakeAV-CQV [Trj]
18:37:09.932 File: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\be4ca5-712ed38f **INFECTED** Win32:MalOb-EJ [Cryp]
18:37:12.250 File: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\37cf23b0-1c448ed9 **INFECTED** Win32:MalOb-FN [Cryp]
18:37:14.747 File: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\28110c3b-7013382d **INFECTED** Win32:FakeSysdef-CX [Trj]
18:37:15.034 File: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\788ab7c6-528b8c27 **INFECTED** Win32:MalOb-FN [Cryp]
18:37:16.048 File: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\58c820c7-6cbe4119 **INFECTED** Win32:FakeSysdef-CX [Trj]
18:51:53.627 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
18:51:53.657 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"





MBAM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8373

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

12/14/2011 19:04:04
mbam-log-2011-12-14 (19-04-04).txt

Scan type: Quick scan
Objects scanned: 200979
Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



OTL

OTL logfile created on: 12/14/2011 19:06:28 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 57.28% Memory free
6.06 Gb Paging File | 5.00 Gb Available in Paging File | 82.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.21 Gb Total Space | 130.57 Gb Free Space | 45.46% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.82 Gb Free Space | 16.72% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/14 17:08:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2011/09/02 07:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/08/15 07:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/14 17:08:56 | 000,402,832 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/04/14 17:08:52 | 000,352,144 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2010/10/29 13:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 10:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/03/29 07:42:30 | 000,536,576 | ---- | M] () -- C:\Program Files\Combined Community Codec Pack\Filters\Haali\splitter.ax
MOD - [2008/03/29 07:41:52 | 000,079,360 | ---- | M] () -- C:\Program Files\Combined Community Codec Pack\Filters\Haali\mkzlib.dll
MOD - [2008/03/29 07:41:52 | 000,023,552 | ---- | M] () -- C:\Program Files\Combined Community Codec Pack\Filters\Haali\mkunicode.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - File not found [Auto | Stopped] -- -- (freenet)
SRV - [2011/09/02 07:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/14 17:08:52 | 000,352,144 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/04 13:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 13:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/10/06 10:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)


========== Driver Services (SafeList) ==========

DRV - [2011/10/23 12:55:22 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/22 19:14:17 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/08/12 06:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/09/02 03:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/05/19 14:52:20 | 001,166,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/04/10 22:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/29 08:52:26 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/01/20 20:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/20 20:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/10/17 17:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = About:Blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:4.60
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}:4.1.0.00
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "http://search.bearsh...&systemid=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Chris\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/24 23:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/18 11:03:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/18 11:03:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/25 20:40:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/12 20:52:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Chris\AppData\Roaming\Move Networks [2009/09/12 12:15:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/24 23:06:12 | 000,000,000 | ---D | M]

[2011/04/14 20:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2009/05/18 21:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/11/19 01:01:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rk4i2as6.default\extensions
[2009/06/25 11:36:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rk4i2as6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/14 13:08:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rk4i2as6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(12)
[2011/04/14 20:47:05 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rk4i2as6.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
[2011/07/28 16:53:55 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rk4i2as6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/10/17 11:10:48 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rk4i2as6.default\extensions\vshare@toolbar
[2010/09/14 06:48:25 | 000,002,506 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rk4i2as6.default\searchplugins\BearShareWebSearch.xml
[2009/05/21 22:52:07 | 000,004,140 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rk4i2as6.default\searchplugins\youtube.xml
[2011/12/10 10:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RK4I2AS6.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RK4I2AS6.DEFAULT\EXTENSIONS\[email protected]
[2011/11/25 20:40:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/06 09:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/03 16:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Program Files\mozilla firefox\plugins\NPDFusionWebFirefox.dll
[2009/11/06 09:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/09/14 06:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2011/10/04 16:15:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/25 20:40:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/12/14 00:58:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8D0B5FF-1D4E-4081-8815-705F9E568C30}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\Pictures\Mazatlan\PICT0148.JPG
O24 - Desktop BackupWallPaper: C:\Users\Chris\Pictures\Mazatlan\PICT0148.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/14 17:56:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/14 17:56:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2011/12/14 17:55:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/14 17:37:49 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/14 17:28:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\current
[2011/12/14 17:13:02 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2011/12/14 17:08:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/12/14 01:51:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/14 01:51:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/14 01:51:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/14 01:50:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/14 01:48:26 | 004,339,049 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
[2011/12/14 01:41:25 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
[2011/12/10 23:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/10 23:03:58 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/10 23:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/01 17:49:14 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/14 19:07:59 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D3D9B8B4-E29C-47D8-BDC9-D29EFDBAE505}.job
[2011/12/14 18:56:59 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/14 18:51:53 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat
[2011/12/14 18:00:48 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/12/14 17:58:14 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 17:58:12 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 17:57:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/14 17:57:45 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/14 17:35:56 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/12/14 17:35:56 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/12/14 17:13:11 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2011/12/14 17:08:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/12/14 16:10:56 | 000,337,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/14 01:48:38 | 004,339,049 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
[2011/12/14 01:41:34 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
[2011/12/14 00:58:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/13 22:38:56 | 000,007,728 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/12/13 22:22:46 | 000,008,456 | -HS- | M] () -- C:\Users\Chris\AppData\Local\q1ei76o2co1mmu
[2011/12/13 22:22:46 | 000,008,456 | -HS- | M] () -- C:\ProgramData\q1ei76o2co1mmu
[2011/12/12 23:43:26 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChris.job
[2011/12/10 22:53:04 | 000,010,652 | -HS- | M] () -- C:\Users\Chris\AppData\Local\wwjcuq7b2lbu6gei5hrv0j631y1v
[2011/12/10 22:53:04 | 000,010,652 | -HS- | M] () -- C:\ProgramData\wwjcuq7b2lbu6gei5hrv0j631y1v
[2011/12/08 19:58:54 | 000,619,802 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/08 19:58:54 | 000,109,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/08 00:01:58 | 000,205,194 | ---- | M] () -- C:\Windows\hpoins46.dat
[2011/12/07 23:33:14 | 000,205,843 | ---- | M] () -- C:\Windows\hpoins46.dat.temp
[2011/12/04 10:17:01 | 000,042,809 | ---- | M] () -- C:\Users\Chris\Desktop\https___www.usaa.com_inet_gas_pc_pas_GyRenderIDCardServlet_appsessionkey=PS_GYPROOFINSCARD_1322956573444&cards_persisted=true&context_ts=20111203175613091073&filename=_AutoInsuranceIDCard.pdf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/14 18:51:53 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat
[2011/12/14 17:57:45 | 3149,078,528 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/14 01:51:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/14 01:51:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/14 01:51:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/14 01:51:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/14 01:51:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/13 22:17:06 | 000,008,456 | -HS- | C] () -- C:\Users\Chris\AppData\Local\q1ei76o2co1mmu
[2011/12/13 22:17:06 | 000,008,456 | -HS- | C] () -- C:\ProgramData\q1ei76o2co1mmu
[2011/12/10 23:04:06 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/10 10:39:01 | 000,010,652 | -HS- | C] () -- C:\Users\Chris\AppData\Local\wwjcuq7b2lbu6gei5hrv0j631y1v
[2011/12/10 10:39:01 | 000,010,652 | -HS- | C] () -- C:\ProgramData\wwjcuq7b2lbu6gei5hrv0j631y1v
[2011/12/07 23:43:10 | 000,205,843 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2011/12/07 23:43:10 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011/12/04 10:17:01 | 000,042,809 | ---- | C] () -- C:\Users\Chris\Desktop\https___www.usaa.com_inet_gas_pc_pas_GyRenderIDCardServlet_appsessionkey=PS_GYPROOFINSCARD_1322956573444&cards_persisted=true&context_ts=20111203175613091073&filename=_AutoInsuranceIDCard.pdf
[2011/10/23 13:24:53 | 000,000,565 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\myMPQ.ini
[2011/10/19 14:02:19 | 000,000,022 | ---- | C] () -- C:\Users\Chris\AppData\Local\kodakpcd.ini
[2011/08/01 17:49:14 | 000,007,887 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2011/08/01 17:49:14 | 000,001,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
[2011/04/22 19:15:05 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/22 19:15:05 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/09/22 16:57:56 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/09/12 14:36:16 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/08/23 17:50:28 | 000,205,194 | ---- | C] () -- C:\Windows\hpoins46.dat
[2010/04/26 19:55:19 | 000,161,414 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\video-20100426T205518.wmv
[2010/02/23 20:43:30 | 000,008,794 | -HS- | C] () -- C:\Users\Chris\AppData\Local\iHFx3
[2010/01/29 15:21:20 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2009/09/26 03:20:52 | 000,007,728 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2009/09/23 23:22:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/23 23:22:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/01 22:22:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/28 22:26:35 | 000,001,160 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\wklnhst.dat
[2009/05/17 20:15:53 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/17 20:15:53 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/17 17:17:03 | 000,094,208 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/27 09:17:04 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/10/23 03:56:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/06 14:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2008/07/06 14:14:06 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/06/29 08:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,337,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,619,802 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,109,772 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 03:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/09/20 23:37:05 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Absolute Poker
[2010/12/15 18:40:24 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Camfrog
[2011/05/03 21:10:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CheeseSoft
[2011/10/23 12:57:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools Lite
[2011/04/14 20:53:10 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FrostWire
[2011/04/22 21:17:34 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\IObit
[2011/03/31 21:11:15 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LimeWire
[2011/04/14 20:47:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\MusicNet
[2011/06/14 21:44:30 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2010/09/21 20:34:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Paladin Antivirus
[2011/09/04 11:15:36 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\QuickScan
[2011/10/15 12:11:59 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Skinux
[2009/05/28 22:26:36 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Template
[2010/04/26 19:49:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Total Immersion
[2010/08/24 21:59:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\UB
[2009/09/20 23:43:47 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\UltimateBet
[2011/11/27 17:19:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2011/10/18 16:51:56 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso
[2009/05/17 15:53:15 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WildTangent
[2011/12/14 17:33:21 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/14 19:07:59 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D3D9B8B4-E29C-47D8-BDC9-D29EFDBAE505}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello y2kfroguy and welcome to my office here at G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/12/13 22:22:46 | 000,008,456 | -HS- | M] () -- C:\Users\Chris\AppData\Local\q1ei76o2co1mmu
    [2011/12/13 22:22:46 | 000,008,456 | -HS- | M] () -- C:\ProgramData\q1ei76o2co1mmu
    [2011/12/10 22:53:04 | 000,010,652 | -HS- | M] () -- C:\Users\Chris\AppData\Local\wwjcuq7b2lbu6gei5hrv0j631y1v
    [2011/12/10 22:53:04 | 000,010,652 | -HS- | M] () -- C:\ProgramData\wwjcuq7b2lbu6gei5hrv0j631y1v

    :Files
    C:\Users\Chris\AppData\Local\q1ei76o2co1mmu
    C:\ProgramData\q1ei76o2co1mmu
    C:\Users\Chris\AppData\Local\wwjcuq7b2lbu6gei5hrv0j631y1v
    C:\ProgramData\wwjcuq7b2lbu6gei5hrv0j631y1v
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.
Step 3

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 4

Please update me what problems you have now?

Step 5

Please don't forget to include these items in your reply:

  • OTL fix log
  • VRT log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#3
y2kfroguy

y2kfroguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
I am unable to get all the way through the Kaspersky scan without my computer shutting down. I have still noticed PING.exe running.


OTL log

========== OTL ==========
C:\Users\Chris\AppData\Local\q1ei76o2co1mmu moved successfully.
C:\ProgramData\q1ei76o2co1mmu moved successfully.
C:\Users\Chris\AppData\Local\wwjcuq7b2lbu6gei5hrv0j631y1v moved successfully.
C:\ProgramData\wwjcuq7b2lbu6gei5hrv0j631y1v moved successfully.
========== FILES ==========
File\Folder C:\Users\Chris\AppData\Local\q1ei76o2co1mmu not found.
File\Folder C:\ProgramData\q1ei76o2co1mmu not found.
File\Folder C:\Users\Chris\AppData\Local\wwjcuq7b2lbu6gei5hrv0j631y1v not found.
File\Folder C:\ProgramData\wwjcuq7b2lbu6gei5hrv0j631y1v not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Chris\Desktop\cmd.bat deleted successfully.
C:\Users\Chris\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 12192011_183653






GMER LOG

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-19 19:44:07
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.8909
Running: hyqimxlv.exe; Driver: C:\Users\Chris\AppData\Local\Temp\kgloqpod.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\Windows\system32\DRIVERS\dtsoftbus01.sys suspicious PE modification

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtProtectVirtualMemory 77A34B84 5 Bytes JMP 0094000A
.text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtWriteVirtualMemory 77A354C4 5 Bytes JMP 00A8000A
.text C:\Windows\system32\svchost.exe[1176] ntdll.dll!KiUserExceptionDispatcher 77A35BF8 5 Bytes JMP 0093000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7494A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [748FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74928395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [748FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7497CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7491C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [748E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [748F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 9002E000-90048000 (106496 bytes)

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB62280$\3801381427 0 bytes
File C:\Windows\$NtUninstallKB62280$\485945278 0 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\@ 2048 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\bckfg.tmp 849 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\cfg.ini 76 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\keywords 151 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\L 0 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\L\qnbwvoto 232512 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\U 0 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\U\80000000.@ 1024 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB62280$\485945278\U\80000032.@ 98304 bytes

---- EOF - GMER 1.0.15 ----
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi y2kfroguy,

We have work to do...

Step 1

NOTE: You have very nasty infection! I would strongly advice you to backup all your important data from your system before you begin with the fix.

This malware tends to disable you whole system and let you with nothing. Please backup your date.

Step 2

Please remove your version of Combofix and download new one.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Go to Start then Run... and type (For Vista/7 type this in Start -> Search box):

compmgmt.msc

From the left panel click Disk management and maximize the window.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

To print screen please download ClickShoot.exe on your desktop
Run the program and when you are ready press [Print Screen] button on your keyboard
Post ClickShoot_HHMMSS.jpg it creates here for me.

Step 4

Please don't forget to include these items in your reply:

  • Combofix log
  • Disk Management screenshot
It would be helpful if you could post each log in separate post
  • 0

#5
y2kfroguy

y2kfroguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
ComboFix 11-12-21.02 - Chris 12/21/2011 19:11:52.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1648 [GMT -6:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB62280$\3801381427
c:\windows\$NtUninstallKB62280$\485945278\@
c:\windows\$NtUninstallKB62280$\485945278\bckfg.tmp
c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
c:\windows\$NtUninstallKB62280$\485945278\keywords
c:\windows\$NtUninstallKB62280$\485945278\kwrd.dll
c:\windows\$NtUninstallKB62280$\485945278\L\qnbwvoto
c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@
c:\windows\system32\asw43CF.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-11-22 to 2011-12-22 )))))))))))))))))))))))))))))))
.
.
2011-12-22 01:39 . 2011-12-22 01:39 -------- d-----w- c:\users\Chris\AppData\Local\temp
2011-12-22 01:39 . 2011-12-22 01:39 -------- d-----w- c:\users\Freenet\AppData\Local\temp
2011-12-22 01:39 . 2011-12-22 01:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-21 02:13 . 2011-12-21 02:13 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F96A5E7E-859C-4727-808A-92ECD7C44E5C}\MpKsl12e0b3a2.sys
2011-12-20 01:50 . 2011-12-20 01:50 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-20 01:45 . 2011-12-22 01:09 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F96A5E7E-859C-4727-808A-92ECD7C44E5C}\offreg.dll
2011-12-20 01:45 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F96A5E7E-859C-4727-808A-92ECD7C44E5C}\mpengine.dll
2011-12-20 00:36 . 2011-12-20 00:36 -------- d-----w- C:\_OTL
2011-12-14 06:25 . 2008-01-21 02:23 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-11 05:03 . 2011-12-15 00:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-11 05:03 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2010-09-23 01:23 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-23 18:55 . 2011-10-23 18:55 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-20 16:42 . 2009-08-18 16:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-10-20 16:42 . 2009-08-18 16:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-11 06:25 . 2011-10-11 06:25 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6E2FD54-3561-48AE-A1F9-9C261107AD3D}\gapaengine.dll
2011-09-30 23:06 . 2011-10-13 03:38 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-13 03:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-13 03:38 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-13 03:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01 . 2011-10-13 03:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07 . 2011-10-13 03:38 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-13 03:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-13 03:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-26 02:40 . 2011-04-23 01:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-14 402832]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
_uninst_56415290.lnk - c:\users\Chris\AppData\Local\temp\_uninst_56415290.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 23:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 17:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2009-09-04 19:16 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
R1 MpKsl0450a567;MpKsl0450a567;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73A3333A-CC5A-4578-81AA-1F73438DE7B8}\MpKsl0450a567.sys [x]
R1 MpKsl04ad696c;MpKsl04ad696c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33CED062-425D-4950-9D9A-CB0B0EFDAAE1}\MpKsl04ad696c.sys [x]
R1 MpKsl054eedf1;MpKsl054eedf1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F78D488-E291-45B6-9F70-F5ED37A004A4}\MpKsl054eedf1.sys [x]
R1 MpKsl072c5605;MpKsl072c5605;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{055B01A1-A737-4413-A2E0-8F12893E4C44}\MpKsl072c5605.sys [x]
R1 MpKsl07e2723b;MpKsl07e2723b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F12D0D83-F092-4E58-A388-5E8F8013E06D}\MpKsl07e2723b.sys [x]
R1 MpKsl091b0f5e;MpKsl091b0f5e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2C6EC87-716A-4860-8F5C-D73DBCDE0DED}\MpKsl091b0f5e.sys [x]
R1 MpKsl0ab04352;MpKsl0ab04352;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C451466F-6DE2-45E8-BA0B-EA8C507CD7CA}\MpKsl0ab04352.sys [x]
R1 MpKsl11bae039;MpKsl11bae039;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2C424BE-C27A-4CB9-BEAF-F302925C4E4D}\MpKsl11bae039.sys [x]
R1 MpKsl13cbeab6;MpKsl13cbeab6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15068510-A221-4582-B8E3-B171E427B6C4}\MpKsl13cbeab6.sys [x]
R1 MpKsl14587726;MpKsl14587726;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FCFC3B5E-D6D7-458C-8209-A96554F22227}\MpKsl14587726.sys [x]
R1 MpKsl145df352;MpKsl145df352;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D29DEF5-CCFB-4811-BA9D-E97151E26F21}\MpKsl145df352.sys [x]
R1 MpKsl17d1ffef;MpKsl17d1ffef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33CED062-425D-4950-9D9A-CB0B0EFDAAE1}\MpKsl17d1ffef.sys [x]
R1 MpKsl1a6d9eee;MpKsl1a6d9eee;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{231A49B1-80EF-452A-833D-B6F3762DE435}\MpKsl1a6d9eee.sys [x]
R1 MpKsl1ec972f2;MpKsl1ec972f2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2AAB2646-6523-41ED-87E4-C4C79DA10567}\MpKsl1ec972f2.sys [x]
R1 MpKsl24bb53be;MpKsl24bb53be;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FCC7023-DBE0-4A67-A85D-E07B38757632}\MpKsl24bb53be.sys [x]
R1 MpKsl2653b5af;MpKsl2653b5af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7EB1DC3F-16FA-45E0-87BC-782ABD2F9273}\MpKsl2653b5af.sys [x]
R1 MpKsl296d9f62;MpKsl296d9f62;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04FB81EC-5F26-4710-A342-93A5305E6E83}\MpKsl296d9f62.sys [x]
R1 MpKsl29890513;MpKsl29890513;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B19CBD82-9D3D-44CB-B675-F42AC35BEDE7}\MpKsl29890513.sys [x]
R1 MpKsl29f73266;MpKsl29f73266;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0AA1E284-CB69-4C87-A20F-8C56F0E01F68}\MpKsl29f73266.sys [x]
R1 MpKsl2ae3661f;MpKsl2ae3661f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78015E95-CDA3-4363-ACDA-061A77A290C9}\MpKsl2ae3661f.sys [x]
R1 MpKsl2e676c18;MpKsl2e676c18;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A80888C-9BCC-4B5A-91D2-A9C8B2B73610}\MpKsl2e676c18.sys [x]
R1 MpKsl34a24807;MpKsl34a24807;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E1C70B5-8806-46C6-97D9-31C963697847}\MpKsl34a24807.sys [x]
R1 MpKsl35b95aa8;MpKsl35b95aa8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E98B6733-7D44-4563-841B-8FF0EEFF28E9}\MpKsl35b95aa8.sys [x]
R1 MpKsl3618fc94;MpKsl3618fc94;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C1DE2E4-DDE4-4C36-93C3-23CA38DD93CF}\MpKsl3618fc94.sys [x]
R1 MpKsl37beff20;MpKsl37beff20;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05797F2A-283A-4D55-A491-B2A464695D3A}\MpKsl37beff20.sys [x]
R1 MpKsl3a7eeb65;MpKsl3a7eeb65;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBF2B626-6D42-4A80-9B2C-A3E0DA73D4C9}\MpKsl3a7eeb65.sys [x]
R1 MpKsl3c8de7c2;MpKsl3c8de7c2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C53135E-CC22-4D2E-A5E9-273E9594015F}\MpKsl3c8de7c2.sys [x]
R1 MpKsl3cf5a160;MpKsl3cf5a160;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42856969-046F-4B84-8FB1-224C9CD8FEF9}\MpKsl3cf5a160.sys [x]
R1 MpKsl439c4d58;MpKsl439c4d58;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{002264BC-07EC-44CA-A038-93E26A8A5568}\MpKsl439c4d58.sys [x]
R1 MpKsl442ca00f;MpKsl442ca00f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05797F2A-283A-4D55-A491-B2A464695D3A}\MpKsl442ca00f.sys [x]
R1 MpKsl446d8a4f;MpKsl446d8a4f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7160DB5C-7DE0-4204-BACA-78FD25EC3A68}\MpKsl446d8a4f.sys [x]
R1 MpKsl469ca24f;MpKsl469ca24f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31DF6C0A-6A04-404D-B2F7-1325609A9426}\MpKsl469ca24f.sys [x]
R1 MpKsl476cffeb;MpKsl476cffeb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4C64134-5339-4F39-87DD-0AA86B2BCD32}\MpKsl476cffeb.sys [x]
R1 MpKsl4a0be4b5;MpKsl4a0be4b5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04FB81EC-5F26-4710-A342-93A5305E6E83}\MpKsl4a0be4b5.sys [x]
R1 MpKsl4bb5891a;MpKsl4bb5891a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB367FEC-34FD-4D30-82DA-4D2F5399066C}\MpKsl4bb5891a.sys [x]
R1 MpKsl4f7e35d6;MpKsl4f7e35d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42856969-046F-4B84-8FB1-224C9CD8FEF9}\MpKsl4f7e35d6.sys [x]
R1 MpKsl5209c373;MpKsl5209c373;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCC89A97-FE9A-4B04-8DE3-47576D9D01E3}\MpKsl5209c373.sys [x]
R1 MpKsl55efaf91;MpKsl55efaf91;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A5489D6-DBAD-47E3-AF73-86119C1E8837}\MpKsl55efaf91.sys [x]
R1 MpKsl57350dbc;MpKsl57350dbc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{825718BB-C0E0-47BF-929A-82C842D0D327}\MpKsl57350dbc.sys [x]
R1 MpKsl5739cf65;MpKsl5739cf65;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3006A176-E208-4B2B-B824-F79A3CDA50CC}\MpKsl5739cf65.sys [x]
R1 MpKsl5bf8ed06;MpKsl5bf8ed06;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DD80D68-1504-4228-8795-82750472FFD0}\MpKsl5bf8ed06.sys [x]
R1 MpKsl5ddccabc;MpKsl5ddccabc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BC30767-DAD6-4A6D-88BA-5B06D59EF051}\MpKsl5ddccabc.sys [x]
R1 MpKsl5f9e99b0;MpKsl5f9e99b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F356C71-42BF-4B32-9F2B-5F279774E848}\MpKsl5f9e99b0.sys [x]
R1 MpKsl60da120f;MpKsl60da120f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EF041027-BF65-4FAD-A5F2-AAD159FC4711}\MpKsl60da120f.sys [x]
R1 MpKsl63ababa2;MpKsl63ababa2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9BE7CD0-4C11-4F65-8B33-0FE534914ABE}\MpKsl63ababa2.sys [x]
R1 MpKsl63c68757;MpKsl63c68757;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73A3333A-CC5A-4578-81AA-1F73438DE7B8}\MpKsl63c68757.sys [x]
R1 MpKsl649653eb;MpKsl649653eb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3959439A-FD09-4DC3-AEED-3F23B0E9E68B}\MpKsl649653eb.sys [x]
R1 MpKsl66e834a6;MpKsl66e834a6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{231A49B1-80EF-452A-833D-B6F3762DE435}\MpKsl66e834a6.sys [x]
R1 MpKsl6907c979;MpKsl6907c979;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0314A68-6D35-4ABD-A967-791963B6E608}\MpKsl6907c979.sys [x]
R1 MpKsl6a8a2abc;MpKsl6a8a2abc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE891397-F174-43EB-A370-E184295817AA}\MpKsl6a8a2abc.sys [x]
R1 MpKsl6ad5b5b6;MpKsl6ad5b5b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D23B9EC6-8450-477B-ADCB-FB0628E27C94}\MpKsl6ad5b5b6.sys [x]
R1 MpKsl6b2745f9;MpKsl6b2745f9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2A0BF71-34B9-4E5D-8BB5-CCB7A3B1816B}\MpKsl6b2745f9.sys [x]
R1 MpKsl70a0409b;MpKsl70a0409b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EFCFD4E-9CFA-4808-B842-E730AAE02541}\MpKsl70a0409b.sys [x]
R1 MpKsl70dade98;MpKsl70dade98;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8ABB109-E205-4327-AA5B-6815BCB22927}\MpKsl70dade98.sys [x]
R1 MpKsl72935daa;MpKsl72935daa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{700105C8-1B6D-4E2B-93AE-72FA9B6412C5}\MpKsl72935daa.sys [x]
R1 MpKsl7577ff9f;MpKsl7577ff9f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76488854-E3E4-4540-B4A7-B8D4E5845D00}\MpKsl7577ff9f.sys [x]
R1 MpKsl75ed7439;MpKsl75ed7439;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B220448C-EF10-4E19-BF5B-2B69E4F6C90E}\MpKsl75ed7439.sys [x]
R1 MpKsl792ce7c3;MpKsl792ce7c3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7A718D3-043F-4671-848C-909D2DA60910}\MpKsl792ce7c3.sys [x]
R1 MpKsl797875c7;MpKsl797875c7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F12D0D83-F092-4E58-A388-5E8F8013E06D}\MpKsl797875c7.sys [x]
R1 MpKsl79e86464;MpKsl79e86464;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3959439A-FD09-4DC3-AEED-3F23B0E9E68B}\MpKsl79e86464.sys [x]
R1 MpKsl7c05a715;MpKsl7c05a715;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B19CBD82-9D3D-44CB-B675-F42AC35BEDE7}\MpKsl7c05a715.sys [x]
R1 MpKsl80a3f0c9;MpKsl80a3f0c9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78015E95-CDA3-4363-ACDA-061A77A290C9}\MpKsl80a3f0c9.sys [x]
R1 MpKsl820dda1e;MpKsl820dda1e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C1DE2E4-DDE4-4C36-93C3-23CA38DD93CF}\MpKsl820dda1e.sys [x]
R1 MpKsl83f1e94b;MpKsl83f1e94b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F356C71-42BF-4B32-9F2B-5F279774E848}\MpKsl83f1e94b.sys [x]
R1 MpKsl8923db3a;MpKsl8923db3a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D393F828-4B9E-49B2-A5C6-E3E66E251897}\MpKsl8923db3a.sys [x]
R1 MpKsl8a85876a;MpKsl8a85876a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D29DEF5-CCFB-4811-BA9D-E97151E26F21}\MpKsl8a85876a.sys [x]
R1 MpKsl8cc0486a;MpKsl8cc0486a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3006A176-E208-4B2B-B824-F79A3CDA50CC}\MpKsl8cc0486a.sys [x]
R1 MpKsl8fde8f61;MpKsl8fde8f61;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B220448C-EF10-4E19-BF5B-2B69E4F6C90E}\MpKsl8fde8f61.sys [x]
R1 MpKsl90ff8dc6;MpKsl90ff8dc6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B946628E-6B8E-43E2-9079-D37886C6BEFD}\MpKsl90ff8dc6.sys [x]
R1 MpKsl91c76266;MpKsl91c76266;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBF2B626-6D42-4A80-9B2C-A3E0DA73D4C9}\MpKsl91c76266.sys [x]
R1 MpKsl96f9f579;MpKsl96f9f579;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3274473-3401-4209-8AF6-ED127A45309D}\MpKsl96f9f579.sys [x]
R1 MpKsl98235f0b;MpKsl98235f0b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04F648A4-8262-4F3D-9C66-B856E71B5B6F}\MpKsl98235f0b.sys [x]
R1 MpKsl990d2912;MpKsl990d2912;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29B89742-21FC-4301-B3CD-C7F702C4F46E}\MpKsl990d2912.sys [x]
R1 MpKsla0fa3733;MpKsla0fa3733;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07DD8CA2-392F-4E33-BA8B-72DEFAD914C6}\MpKsla0fa3733.sys [x]
R1 MpKsla59ae932;MpKsla59ae932;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04F648A4-8262-4F3D-9C66-B856E71B5B6F}\MpKsla59ae932.sys [x]
R1 MpKsla69ca89d;MpKsla69ca89d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D23B9EC6-8450-477B-ADCB-FB0628E27C94}\MpKsla69ca89d.sys [x]
R1 MpKsla6eb5529;MpKsla6eb5529;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42856969-046F-4B84-8FB1-224C9CD8FEF9}\MpKsla6eb5529.sys [x]
R1 MpKsla8bd92e0;MpKsla8bd92e0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A80888C-9BCC-4B5A-91D2-A9C8B2B73610}\MpKsla8bd92e0.sys [x]
R1 MpKslaa7e6e21;MpKslaa7e6e21;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{700105C8-1B6D-4E2B-93AE-72FA9B6412C5}\MpKslaa7e6e21.sys [x]
R1 MpKslac3b066d;MpKslac3b066d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5F32350-1217-4952-80E3-186D08A3498D}\MpKslac3b066d.sys [x]
R1 MpKslac9b8d00;MpKslac9b8d00;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A668D94-5376-4165-807A-DC083761217F}\MpKslac9b8d00.sys [x]
R1 MpKslacd27da4;MpKslacd27da4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29B89742-21FC-4301-B3CD-C7F702C4F46E}\MpKslacd27da4.sys [x]
R1 MpKslaebb185f;MpKslaebb185f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F78D488-E291-45B6-9F70-F5ED37A004A4}\MpKslaebb185f.sys [x]
R1 MpKslaef5f872;MpKslaef5f872;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B946628E-6B8E-43E2-9079-D37886C6BEFD}\MpKslaef5f872.sys [x]
R1 MpKslaf814032;MpKslaf814032;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB8B93BB-0C43-441E-AEB7-98C036F6E7A2}\MpKslaf814032.sys [x]
R1 MpKslafb126a7;MpKslafb126a7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1D2791E-5C09-4ECB-8DDB-26947C9CFC1C}\MpKslafb126a7.sys [x]
R1 MpKslb692fd8c;MpKslb692fd8c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B60C39E8-43E6-49F2-AF18-3343C49204D0}\MpKslb692fd8c.sys [x]
R1 MpKslb77ce85f;MpKslb77ce85f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCC89A97-FE9A-4B04-8DE3-47576D9D01E3}\MpKslb77ce85f.sys [x]
R1 MpKslb7dafbde;MpKslb7dafbde;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0178A7B-BC44-4E02-9709-9F6EFA52B993}\MpKslb7dafbde.sys [x]
R1 MpKslc0a20516;MpKslc0a20516;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{700105C8-1B6D-4E2B-93AE-72FA9B6412C5}\MpKslc0a20516.sys [x]
R1 MpKslc1491461;MpKslc1491461;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73ADBEF7-C3AC-4470-B4B6-9C3133C1A845}\MpKslc1491461.sys [x]
R1 MpKslc3c3ed30;MpKslc3c3ed30;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C53135E-CC22-4D2E-A5E9-273E9594015F}\MpKslc3c3ed30.sys [x]
R1 MpKslc4f8a70b;MpKslc4f8a70b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EAC248B-4EE6-43C4-8CF1-65216F2D37BD}\MpKslc4f8a70b.sys [x]
R1 MpKslca64f92d;MpKslca64f92d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0669A564-4BCD-4453-BCA6-6DD53627AC52}\MpKslca64f92d.sys [x]
R1 MpKsld1fc301a;MpKsld1fc301a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EFCFD4E-9CFA-4808-B842-E730AAE02541}\MpKsld1fc301a.sys [x]
R1 MpKsld2cd7195;MpKsld2cd7195;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DD8905B9-A1CA-4DDD-9179-C6F477D0223B}\MpKsld2cd7195.sys [x]
R1 MpKsld37c3ca9;MpKsld37c3ca9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0314A68-6D35-4ABD-A967-791963B6E608}\MpKsld37c3ca9.sys [x]
R1 MpKsld96ea051;MpKsld96ea051;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51D68E54-8F61-448D-B791-15FCDECCF86D}\MpKsld96ea051.sys [x]
R1 MpKsldad5cb0d;MpKsldad5cb0d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{825718BB-C0E0-47BF-929A-82C842D0D327}\MpKsldad5cb0d.sys [x]
R1 MpKsldd9e3773;MpKsldd9e3773;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B19CBD82-9D3D-44CB-B675-F42AC35BEDE7}\MpKsldd9e3773.sys [x]
R1 MpKsle7c1a914;MpKsle7c1a914;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2A0BF71-34B9-4E5D-8BB5-CCB7A3B1816B}\MpKsle7c1a914.sys [x]
R1 MpKsle9d5fb17;MpKsle9d5fb17;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7EB1DC3F-16FA-45E0-87BC-782ABD2F9273}\MpKsle9d5fb17.sys [x]
R1 MpKslea202cbf;MpKslea202cbf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC35ACB1-0E1E-452F-9215-62E7ECA2579D}\MpKslea202cbf.sys [x]
R1 MpKsleb09a783;MpKsleb09a783;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAB95F0C-CD21-4F7A-A996-4FDA209EFB39}\MpKsleb09a783.sys [x]
R1 MpKslec7e53c4;MpKslec7e53c4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8EADAB6-113A-4648-A9B5-24F16169D0C0}\MpKslec7e53c4.sys [x]
R1 MpKsleda90b15;MpKsleda90b15;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB367FEC-34FD-4D30-82DA-4D2F5399066C}\MpKsleda90b15.sys [x]
R1 MpKslfea38e03;MpKslfea38e03;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33CED062-425D-4950-9D9A-CB0B0EFDAAE1}\MpKslfea38e03.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 freenet;Freenet background service;c:\program files\Freenet\bin\wrapper-windows-x86-32.exe [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-04-23 15232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-23 232512]
S1 MpKsl12e0b3a2;MpKsl12e0b3a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F96A5E7E-859C-4727-808A-92ECD7C44E5C}\MpKsl12e0b3a2.sys [2011-12-21 29904]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-14 352144]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-08-01 47360]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - 51847042
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-13 c:\windows\Tasks\HPCeeScheduleForChris.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
2011-12-22 c:\windows\Tasks\User_Feed_Synchronization-{D3D9B8B4-E29C-47D8-BDC9-D29EFDBAE505}.job
- c:\windows\system32\msfeedssync.exe [2011-10-13 21:29]
.
.
------- Supplementary Scan -------
.
uStart Page = About:Blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rk4i2as6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-21 19:39
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Chris\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-21 19:49:07
ComboFix-quarantined-files.txt 2011-12-22 01:49
ComboFix2.txt 2011-12-14 23:56
ComboFix3.txt 2011-12-14 08:18
.
Pre-Run: 128,517,718,016 bytes free
Post-Run: 128,864,231,424 bytes free
.
- - End Of File - - 89D40987E1D668EB7F9646DA519CCECB

Attached Thumbnails

  • ClickShoot_195411.jpg

  • 0

#6
y2kfroguy

y2kfroguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
I was also able to run Kaspersky all the way through. Here is the log. Again, thank you so much for your help!


Status: Absent (events: 1)
12/21/2011 20:59:23 Not found virus HEUR:Trojan.Win32.Generic c:\Windows\System32\drivers\dtsoftbus01.sys High
Status: Quarantined (events: 2)
12/21/2011 20:58:20 Quarantined virus HEUR:Trojan.Win32.Generic c:\Windows\System32\drivers\dtsoftbus01.sys High
12/21/2011 21:38:36 Quarantined unknown threat UDS:DangerousObject.Multi.Generic C:\Documents and Settings\Chris\AppData\Local\temp\kna0.5131880516852614.exe High
Status: Disinfected (events: 2)
12/21/2011 21:38:00 Disinfected Trojan program Exploit.Java.Agent.fw C:\Documents and Settings\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\76c99d50-2b8327fa High
12/21/2011 21:38:00 Disinfected Trojan program Exploit.Java.Agent.fw C:\Documents and Settings\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\76c99d50-2b8327fa/apache/adidas.class High
  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi y2kfroguy,

Looking good. Combofix took care of main infection. Let's see what's left...

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.


Step 2


Download aswMBR.exe ( 511KB ) to your desktop.


  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply
Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#8
y2kfroguy

y2kfroguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
00:46:34.0292 5504 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
00:46:34.0801 5504 ============================================================
00:46:34.0802 5504 Current date / time: 2011/12/22 00:46:34.0801
00:46:34.0802 5504 SystemInfo:
00:46:34.0802 5504
00:46:34.0802 5504 OS Version: 6.0.6002 ServicePack: 2.0
00:46:34.0802 5504 Product type: Workstation
00:46:34.0802 5504 ComputerName: CHRIS-PC
00:46:34.0802 5504 UserName: Chris
00:46:34.0802 5504 Windows directory: C:\Windows
00:46:34.0803 5504 System windows directory: C:\Windows
00:46:34.0803 5504 Processor architecture: Intel x86
00:46:34.0803 5504 Number of processors: 2
00:46:34.0803 5504 Page size: 0x1000
00:46:34.0803 5504 Boot type: Normal boot
00:46:34.0803 5504 ============================================================
00:46:36.0253 5504 Initialize success
00:46:44.0439 5556 ============================================================
00:46:44.0439 5556 Scan started
00:46:44.0439 5556 Mode: Manual;
00:46:44.0439 5556 ============================================================
00:46:45.0413 5556 26626798 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\26626798.sys
00:46:45.0416 5556 26626798 - ok
00:46:45.0499 5556 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:46:45.0507 5556 ACPI - ok
00:46:45.0594 5556 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
00:46:45.0617 5556 adp94xx - ok
00:46:45.0667 5556 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
00:46:45.0690 5556 adpahci - ok
00:46:45.0744 5556 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
00:46:45.0748 5556 adpu160m - ok
00:46:45.0779 5556 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
00:46:45.0784 5556 adpu320 - ok
00:46:45.0941 5556 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
00:46:45.0945 5556 AFD - ok
00:46:46.0046 5556 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
00:46:46.0048 5556 agp440 - ok
00:46:46.0096 5556 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:46:46.0099 5556 aic78xx - ok
00:46:46.0139 5556 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
00:46:46.0142 5556 aliide - ok
00:46:46.0198 5556 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
00:46:46.0201 5556 amdagp - ok
00:46:46.0231 5556 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
00:46:46.0234 5556 amdide - ok
00:46:46.0320 5556 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
00:46:46.0322 5556 AmdK7 - ok
00:46:46.0368 5556 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
00:46:46.0372 5556 AmdK8 - ok
00:46:46.0477 5556 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
00:46:46.0480 5556 arc - ok
00:46:46.0550 5556 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
00:46:46.0556 5556 arcsas - ok
00:46:46.0650 5556 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:46:46.0653 5556 AsyncMac - ok
00:46:46.0711 5556 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
00:46:46.0712 5556 atapi - ok
00:46:46.0834 5556 athr (8aefd56986964bbae02b790971f2abaf) C:\Windows\system32\DRIVERS\athr.sys
00:46:46.0867 5556 athr - ok
00:46:46.0993 5556 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:46:46.0994 5556 Beep - ok
00:46:47.0072 5556 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
00:46:47.0074 5556 blbdrive - ok
00:46:47.0173 5556 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:46:47.0175 5556 bowser - ok
00:46:47.0241 5556 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:46:47.0243 5556 BrFiltLo - ok
00:46:47.0293 5556 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:46:47.0295 5556 BrFiltUp - ok
00:46:47.0386 5556 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:46:47.0390 5556 Brserid - ok
00:46:47.0439 5556 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:46:47.0442 5556 BrSerWdm - ok
00:46:47.0491 5556 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:46:47.0493 5556 BrUsbMdm - ok
00:46:47.0531 5556 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:46:47.0533 5556 BrUsbSer - ok
00:46:47.0580 5556 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:46:47.0583 5556 BTHMODEM - ok
00:46:47.0686 5556 catchme - ok
00:46:47.0776 5556 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:46:47.0778 5556 cdfs - ok
00:46:47.0878 5556 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
00:46:47.0880 5556 cdrom - ok
00:46:47.0922 5556 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
00:46:47.0925 5556 circlass - ok
00:46:47.0972 5556 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:46:47.0980 5556 CLFS - ok
00:46:48.0088 5556 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
00:46:48.0089 5556 CmBatt - ok
00:46:48.0134 5556 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
00:46:48.0136 5556 cmdide - ok
00:46:48.0228 5556 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
00:46:48.0231 5556 CnxtHdAudService - ok
00:46:48.0298 5556 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
00:46:48.0301 5556 Compbatt - ok
00:46:48.0350 5556 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
00:46:48.0353 5556 crcdisk - ok
00:46:48.0410 5556 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
00:46:48.0412 5556 Crusoe - ok
00:46:48.0516 5556 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
00:46:48.0518 5556 DfsC - ok
00:46:48.0946 5556 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:46:48.0949 5556 disk - ok
00:46:49.0068 5556 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
00:46:49.0073 5556 Dot4 - ok
00:46:49.0113 5556 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
00:46:49.0116 5556 Dot4Print - ok
00:46:49.0148 5556 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
00:46:49.0151 5556 dot4usb - ok
00:46:49.0262 5556 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:46:49.0264 5556 drmkaud - ok
00:46:49.0347 5556 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
00:46:49.0356 5556 DXGKrnl - ok
00:46:49.0434 5556 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:46:49.0438 5556 E1G60 - ok
00:46:49.0574 5556 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:46:49.0579 5556 Ecache - ok
00:46:49.0654 5556 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
00:46:49.0663 5556 elxstor - ok
00:46:49.0711 5556 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
00:46:49.0713 5556 ErrDev - ok
00:46:49.0851 5556 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:46:49.0855 5556 exfat - ok
00:46:49.0916 5556 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:46:49.0921 5556 fastfat - ok
00:46:50.0023 5556 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
00:46:50.0026 5556 fdc - ok
00:46:50.0114 5556 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:46:50.0116 5556 FileInfo - ok
00:46:50.0169 5556 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:46:50.0171 5556 Filetrace - ok
00:46:50.0211 5556 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:46:50.0213 5556 flpydisk - ok
00:46:50.0269 5556 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:46:50.0273 5556 FltMgr - ok
00:46:50.0424 5556 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
00:46:50.0426 5556 Fs_Rec - ok
00:46:50.0463 5556 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
00:46:50.0467 5556 gagp30kx - ok
00:46:50.0557 5556 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:46:50.0558 5556 GEARAspiWDM - ok
00:46:50.0653 5556 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
00:46:50.0660 5556 HdAudAddService - ok
00:46:50.0759 5556 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:46:50.0783 5556 HDAudBus - ok
00:46:50.0828 5556 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:46:50.0830 5556 HidBth - ok
00:46:50.0880 5556 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:46:50.0883 5556 HidIr - ok
00:46:50.0979 5556 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:46:50.0981 5556 HidUsb - ok
00:46:51.0053 5556 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
00:46:51.0056 5556 HpCISSs - ok
00:46:51.0147 5556 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
00:46:51.0148 5556 HpqKbFiltr - ok
00:46:51.0263 5556 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
00:46:51.0277 5556 HSF_DPV - ok
00:46:51.0317 5556 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
00:46:51.0319 5556 HSXHWAZL - ok
00:46:51.0411 5556 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
00:46:51.0417 5556 HTTP - ok
00:46:51.0457 5556 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
00:46:51.0459 5556 i2omp - ok
00:46:51.0568 5556 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:46:51.0569 5556 i8042prt - ok
00:46:51.0627 5556 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
00:46:51.0635 5556 iaStorV - ok
00:46:51.0996 5556 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:46:52.0254 5556 igfx - ok
00:46:52.0300 5556 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:46:52.0303 5556 iirsp - ok
00:46:52.0401 5556 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
00:46:52.0403 5556 IntcHdmiAddService - ok
00:46:52.0504 5556 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
00:46:52.0506 5556 intelide - ok
00:46:52.0578 5556 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:46:52.0580 5556 intelppm - ok
00:46:52.0668 5556 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:46:52.0671 5556 IpFilterDriver - ok
00:46:52.0696 5556 IpInIp - ok
00:46:52.0733 5556 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
00:46:52.0736 5556 IPMIDRV - ok
00:46:52.0822 5556 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:46:52.0826 5556 IPNAT - ok
00:46:52.0906 5556 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:46:52.0913 5556 IRENUM - ok
00:46:52.0954 5556 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
00:46:52.0962 5556 isapnp - ok
00:46:53.0010 5556 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:46:53.0013 5556 iScsiPrt - ok
00:46:53.0046 5556 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:46:53.0049 5556 iteatapi - ok
00:46:53.0113 5556 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:46:53.0116 5556 iteraid - ok
00:46:53.0153 5556 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:46:53.0154 5556 kbdclass - ok
00:46:53.0205 5556 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
00:46:53.0209 5556 kbdhid - ok
00:46:53.0274 5556 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
00:46:53.0298 5556 KSecDD - ok
00:46:53.0415 5556 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
00:46:53.0418 5556 Lavasoft Kernexplorer - ok
00:46:53.0493 5556 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
00:46:53.0496 5556 Lbd - ok
00:46:53.0578 5556 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:46:53.0580 5556 lltdio - ok
00:46:53.0631 5556 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
00:46:53.0635 5556 LSI_FC - ok
00:46:53.0677 5556 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
00:46:53.0681 5556 LSI_SAS - ok
00:46:53.0776 5556 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
00:46:53.0780 5556 LSI_SCSI - ok
00:46:53.0816 5556 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:46:53.0818 5556 luafv - ok
00:46:53.0904 5556 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
00:46:53.0905 5556 mdmxsdk - ok
00:46:54.0028 5556 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
00:46:54.0031 5556 megasas - ok
00:46:54.0104 5556 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
00:46:54.0128 5556 MegaSR - ok
00:46:54.0173 5556 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:46:54.0175 5556 Modem - ok
00:46:54.0208 5556 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:46:54.0210 5556 monitor - ok
00:46:54.0269 5556 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:46:54.0270 5556 mouclass - ok
00:46:54.0316 5556 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:46:54.0318 5556 mouhid - ok
00:46:54.0383 5556 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:46:54.0386 5556 MountMgr - ok
00:46:54.0493 5556 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
00:46:54.0495 5556 MpFilter - ok
00:46:54.0578 5556 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
00:46:54.0582 5556 mpio - ok
00:46:54.0669 5556 MpKsl0450a567 - ok
00:46:54.0701 5556 MpKsl04ad696c - ok
00:46:54.0715 5556 MpKsl054eedf1 - ok
00:46:54.0743 5556 MpKsl072c5605 - ok
00:46:54.0752 5556 MpKsl07e2723b - ok
00:46:54.0781 5556 MpKsl091b0f5e - ok
00:46:54.0795 5556 MpKsl0ab04352 - ok
00:46:54.0816 5556 MpKsl11bae039 - ok
00:46:54.0831 5556 MpKsl13cbeab6 - ok
00:46:54.0846 5556 MpKsl14587726 - ok
00:46:54.0859 5556 MpKsl145df352 - ok
00:46:54.0869 5556 MpKsl17d1ffef - ok
00:46:54.0881 5556 MpKsl1a6d9eee - ok
00:46:54.0894 5556 MpKsl1ec972f2 - ok
00:46:54.0911 5556 MpKsl24bb53be - ok
00:46:54.0930 5556 MpKsl2653b5af - ok
00:46:54.0943 5556 MpKsl296d9f62 - ok
00:46:54.0960 5556 MpKsl29890513 - ok
00:46:54.0970 5556 MpKsl29f73266 - ok
00:46:54.0981 5556 MpKsl2ae3661f - ok
00:46:54.0996 5556 MpKsl2e676c18 - ok
00:46:55.0009 5556 MpKsl34a24807 - ok
00:46:55.0025 5556 MpKsl35b95aa8 - ok
00:46:55.0063 5556 MpKsl3618fc94 - ok
00:46:55.0076 5556 MpKsl37beff20 - ok
00:46:55.0092 5556 MpKsl3a7eeb65 - ok
00:46:55.0101 5556 MpKsl3c8de7c2 - ok
00:46:55.0114 5556 MpKsl3cf5a160 - ok
00:46:55.0127 5556 MpKsl439c4d58 - ok
00:46:55.0142 5556 MpKsl442ca00f - ok
00:46:55.0150 5556 MpKsl446d8a4f - ok
00:46:55.0166 5556 MpKsl469ca24f - ok
00:46:55.0181 5556 MpKsl476cffeb - ok
00:46:55.0196 5556 MpKsl4a0be4b5 - ok
00:46:55.0214 5556 MpKsl4bb5891a - ok
00:46:55.0229 5556 MpKsl4f7e35d6 - ok
00:46:55.0246 5556 MpKsl5209c373 - ok
00:46:55.0258 5556 MpKsl55efaf91 - ok
00:46:55.0274 5556 MpKsl57350dbc - ok
00:46:55.0284 5556 MpKsl5739cf65 - ok
00:46:55.0298 5556 MpKsl5bf8ed06 - ok
00:46:55.0313 5556 MpKsl5ddccabc - ok
00:46:55.0325 5556 MpKsl5f9e99b0 - ok
00:46:55.0343 5556 MpKsl60da120f - ok
00:46:55.0357 5556 MpKsl63ababa2 - ok
00:46:55.0375 5556 MpKsl63c68757 - ok
00:46:55.0402 5556 MpKsl649653eb - ok
00:46:55.0428 5556 MpKsl66e834a6 - ok
00:46:55.0440 5556 MpKsl6907c979 - ok
00:46:55.0452 5556 MpKsl6a8a2abc - ok
00:46:55.0464 5556 MpKsl6ad5b5b6 - ok
00:46:55.0479 5556 MpKsl6b2745f9 - ok
00:46:55.0491 5556 MpKsl70a0409b - ok
00:46:55.0508 5556 MpKsl70dade98 - ok
00:46:55.0516 5556 MpKsl72935daa - ok
00:46:55.0531 5556 MpKsl7577ff9f - ok
00:46:55.0545 5556 MpKsl75ed7439 - ok
00:46:55.0557 5556 MpKsl792ce7c3 - ok
00:46:55.0568 5556 MpKsl797875c7 - ok
00:46:55.0581 5556 MpKsl79e86464 - ok
00:46:55.0594 5556 MpKsl7c05a715 - ok
00:46:55.0607 5556 MpKsl80a3f0c9 - ok
00:46:55.0626 5556 MpKsl820dda1e - ok
00:46:55.0641 5556 MpKsl83f1e94b - ok
00:46:55.0651 5556 MpKsl8923db3a - ok
00:46:55.0692 5556 MpKsl8a85876a - ok
00:46:55.0707 5556 MpKsl8cc0486a - ok
00:46:55.0715 5556 MpKsl8fde8f61 - ok
00:46:55.0731 5556 MpKsl90ff8dc6 - ok
00:46:55.0746 5556 MpKsl91c76266 - ok
00:46:55.0760 5556 MpKsl96f9f579 - ok
00:46:55.0774 5556 MpKsl98235f0b - ok
00:46:55.0783 5556 MpKsl990d2912 - ok
00:46:55.0796 5556 MpKsla0fa3733 - ok
00:46:55.0809 5556 MpKsla59ae932 - ok
00:46:55.0821 5556 MpKsla69ca89d - ok
00:46:55.0833 5556 MpKsla6eb5529 - ok
00:46:55.0848 5556 MpKsla8bd92e0 - ok
00:46:55.0862 5556 MpKslaa7e6e21 - ok
00:46:55.0925 5556 MpKslac3b066d - ok
00:46:55.0939 5556 MpKslac9b8d00 - ok
00:46:55.0949 5556 MpKslacd27da4 - ok
00:46:55.0964 5556 MpKslaebb185f - ok
00:46:55.0982 5556 MpKslaef5f872 - ok
00:46:55.0997 5556 MpKslaf814032 - ok
00:46:56.0012 5556 MpKslafb126a7 - ok
00:46:56.0025 5556 MpKslb692fd8c - ok
00:46:56.0039 5556 MpKslb77ce85f - ok
00:46:56.0049 5556 MpKslb7dafbde - ok
00:46:56.0113 5556 MpKslc0a20516 - ok
00:46:56.0128 5556 MpKslc1491461 - ok
00:46:56.0141 5556 MpKslc3c3ed30 - ok
00:46:56.0157 5556 MpKslc4f8a70b - ok
00:46:56.0165 5556 MpKslca64f92d - ok
00:46:56.0180 5556 MpKsld1fc301a - ok
00:46:56.0195 5556 MpKsld2cd7195 - ok
00:46:56.0208 5556 MpKsld37c3ca9 - ok
00:46:56.0270 5556 MpKsld96ea051 - ok
00:46:56.0281 5556 MpKsldad5cb0d - ok
00:46:56.0296 5556 MpKsldd9e3773 - ok
00:46:56.0310 5556 MpKsle7c1a914 - ok
00:46:56.0322 5556 MpKsle9d5fb17 - ok
00:46:56.0333 5556 MpKslea202cbf - ok
00:46:56.0347 5556 MpKsleb09a783 - ok
00:46:56.0366 5556 MpKslec7e53c4 - ok
00:46:56.0381 5556 MpKsleda90b15 - ok
00:46:56.0397 5556 MpKslfea38e03 - ok
00:46:56.0491 5556 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
00:46:56.0494 5556 MpNWMon - ok
00:46:56.0542 5556 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:46:56.0545 5556 mpsdrv - ok
00:46:56.0585 5556 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:46:56.0588 5556 Mraid35x - ok
00:46:56.0652 5556 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:46:56.0657 5556 MRxDAV - ok
00:46:56.0756 5556 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:46:56.0758 5556 mrxsmb - ok
00:46:56.0818 5556 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:46:56.0821 5556 mrxsmb10 - ok
00:46:56.0855 5556 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:46:56.0857 5556 mrxsmb20 - ok
00:46:56.0919 5556 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
00:46:56.0920 5556 msahci - ok
00:46:57.0010 5556 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
00:46:57.0014 5556 msdsm - ok
00:46:57.0099 5556 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:46:57.0100 5556 Msfs - ok
00:46:57.0176 5556 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:46:57.0179 5556 msisadrv - ok
00:46:57.0277 5556 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:46:57.0279 5556 MSKSSRV - ok
00:46:57.0358 5556 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:46:57.0360 5556 MSPCLOCK - ok
00:46:57.0397 5556 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:46:57.0399 5556 MSPQM - ok
00:46:57.0462 5556 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:46:57.0467 5556 MsRPC - ok
00:46:57.0507 5556 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:46:57.0508 5556 mssmbios - ok
00:46:57.0591 5556 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:46:57.0593 5556 MSTEE - ok
00:46:57.0629 5556 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:46:57.0632 5556 Mup - ok
00:46:57.0685 5556 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:46:57.0687 5556 NativeWifiP - ok
00:46:57.0707 5556 NAVENG - ok
00:46:57.0721 5556 NAVEX15 - ok
00:46:57.0788 5556 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:46:57.0812 5556 NDIS - ok
00:46:57.0894 5556 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:46:57.0895 5556 NdisTapi - ok
00:46:57.0940 5556 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:46:57.0942 5556 Ndisuio - ok
00:46:58.0037 5556 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:46:58.0040 5556 NdisWan - ok
00:46:58.0066 5556 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:46:58.0068 5556 NDProxy - ok
00:46:58.0164 5556 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:46:58.0166 5556 NetBIOS - ok
00:46:58.0223 5556 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
00:46:58.0225 5556 netbt - ok
00:46:58.0391 5556 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
00:46:58.0464 5556 NETw3v32 - ok
00:46:58.0560 5556 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:46:58.0563 5556 nfrd960 - ok
00:46:58.0619 5556 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:46:58.0622 5556 NisDrv - ok
00:46:58.0683 5556 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:46:58.0685 5556 Npfs - ok
00:46:58.0721 5556 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:46:58.0722 5556 nsiproxy - ok
00:46:58.0818 5556 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:46:58.0855 5556 Ntfs - ok
00:46:58.0940 5556 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:46:58.0942 5556 ntrigdigi - ok
00:46:58.0988 5556 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:46:58.0990 5556 Null - ok
00:46:59.0032 5556 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
00:46:59.0036 5556 nvraid - ok
00:46:59.0069 5556 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
00:46:59.0072 5556 nvstor - ok
00:46:59.0143 5556 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
00:46:59.0147 5556 nv_agp - ok
00:46:59.0207 5556 NwlnkFlt - ok
00:46:59.0242 5556 NwlnkFwd - ok
00:46:59.0343 5556 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
00:46:59.0346 5556 ohci1394 - ok
00:46:59.0413 5556 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:46:59.0416 5556 Parport - ok
00:46:59.0495 5556 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
00:46:59.0498 5556 partmgr - ok
00:46:59.0568 5556 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:46:59.0570 5556 Parvdm - ok
00:46:59.0632 5556 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:46:59.0637 5556 pci - ok
00:46:59.0694 5556 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
00:46:59.0696 5556 pciide - ok
00:46:59.0752 5556 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
00:46:59.0758 5556 pcmcia - ok
00:46:59.0881 5556 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
00:46:59.0883 5556 pcouffin - ok
00:46:59.0992 5556 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:47:00.0005 5556 PEAUTH - ok
00:47:00.0164 5556 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:47:00.0166 5556 PptpMiniport - ok
00:47:00.0231 5556 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
00:47:00.0233 5556 Processor - ok
00:47:00.0329 5556 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:47:00.0331 5556 PSched - ok
00:47:00.0418 5556 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
00:47:00.0453 5556 ql2300 - ok
00:47:00.0489 5556 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:47:00.0493 5556 ql40xx - ok
00:47:00.0557 5556 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:47:00.0559 5556 QWAVEdrv - ok
00:47:00.0595 5556 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:47:00.0597 5556 RasAcd - ok
00:47:00.0640 5556 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:47:00.0642 5556 Rasl2tp - ok
00:47:00.0701 5556 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:47:00.0702 5556 RasPppoe - ok
00:47:00.0744 5556 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:47:00.0746 5556 RasSstp - ok
00:47:00.0827 5556 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:47:00.0830 5556 rdbss - ok
00:47:00.0872 5556 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:47:00.0874 5556 RDPCDD - ok
00:47:00.0933 5556 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
00:47:00.0940 5556 rdpdr - ok
00:47:00.0987 5556 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:47:00.0989 5556 RDPENCDD - ok
00:47:01.0082 5556 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
00:47:01.0085 5556 RDPWD - ok
00:47:01.0213 5556 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:47:01.0215 5556 rspndr - ok
00:47:01.0319 5556 RTL8169 (a1adc7b4c074744662207da6edcdfbb0) C:\Windows\system32\DRIVERS\Rtlh86.sys
00:47:01.0321 5556 RTL8169 - ok
00:47:01.0398 5556 RTSTOR (08c3394391ab0aff65d75ae65d4207e1) C:\Windows\system32\drivers\RTSTOR.SYS
00:47:01.0400 5556 RTSTOR - ok
00:47:01.0439 5556 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:47:01.0443 5556 sbp2port - ok
00:47:01.0516 5556 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
00:47:01.0520 5556 sdbus - ok
00:47:01.0565 5556 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:47:01.0567 5556 secdrv - ok
00:47:01.0617 5556 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
00:47:01.0620 5556 Serenum - ok
00:47:01.0682 5556 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:47:01.0686 5556 Serial - ok
00:47:01.0721 5556 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:47:01.0724 5556 sermouse - ok
00:47:01.0784 5556 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
00:47:01.0786 5556 sffdisk - ok
00:47:01.0843 5556 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
00:47:01.0845 5556 sffp_mmc - ok
00:47:01.0901 5556 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
00:47:01.0904 5556 sffp_sd - ok
00:47:01.0959 5556 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:47:01.0962 5556 sfloppy - ok
00:47:02.0038 5556 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
00:47:02.0041 5556 sisagp - ok
00:47:02.0079 5556 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
00:47:02.0082 5556 SiSRaid2 - ok
00:47:02.0135 5556 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
00:47:02.0139 5556 SiSRaid4 - ok
00:47:02.0204 5556 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:47:02.0206 5556 Smb - ok
00:47:02.0265 5556 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:47:02.0268 5556 spldr - ok
00:47:02.0329 5556 SRTSP - ok
00:47:02.0363 5556 SRTSPX - ok
00:47:02.0425 5556 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:47:02.0429 5556 srv - ok
00:47:02.0482 5556 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
00:47:02.0485 5556 srv2 - ok
00:47:02.0523 5556 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
00:47:02.0525 5556 srvnet - ok
00:47:02.0617 5556 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
00:47:02.0620 5556 StillCam - ok
00:47:02.0678 5556 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:47:02.0680 5556 swenum - ok
00:47:02.0726 5556 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:47:02.0730 5556 Symc8xx - ok
00:47:02.0771 5556 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:47:02.0774 5556 Sym_hi - ok
00:47:02.0821 5556 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:47:02.0824 5556 Sym_u3 - ok
00:47:02.0908 5556 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
00:47:02.0919 5556 SynTP - ok
00:47:03.0047 5556 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
00:47:03.0083 5556 Tcpip - ok
00:47:03.0170 5556 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
00:47:03.0183 5556 Tcpip6 - ok
00:47:03.0265 5556 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
00:47:03.0267 5556 tcpipreg - ok
00:47:03.0332 5556 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:47:03.0334 5556 TDPIPE - ok
00:47:03.0381 5556 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:47:03.0383 5556 TDTCP - ok
00:47:03.0425 5556 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:47:03.0428 5556 tdx - ok
00:47:03.0477 5556 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:47:03.0478 5556 TermDD - ok
00:47:03.0580 5556 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:47:03.0582 5556 tssecsrv - ok
00:47:03.0633 5556 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:47:03.0635 5556 tunmp - ok
00:47:03.0673 5556 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
00:47:03.0675 5556 tunnel - ok
00:47:03.0721 5556 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
00:47:03.0725 5556 uagp35 - ok
00:47:03.0783 5556 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:47:03.0790 5556 udfs - ok
00:47:03.0901 5556 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
00:47:03.0905 5556 uliagpkx - ok
00:47:03.0957 5556 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
00:47:03.0964 5556 uliahci - ok
00:47:04.0004 5556 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:47:04.0009 5556 UlSata - ok
00:47:04.0045 5556 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:47:04.0050 5556 ulsata2 - ok
00:47:04.0081 5556 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:47:04.0083 5556 umbus - ok
00:47:04.0143 5556 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
00:47:04.0146 5556 USBAAPL - ok
00:47:04.0269 5556 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
00:47:04.0273 5556 usbaudio - ok
00:47:04.0328 5556 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:47:04.0330 5556 usbccgp - ok
00:47:04.0383 5556 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:47:04.0386 5556 usbcir - ok
00:47:04.0475 5556 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
00:47:04.0477 5556 usbehci - ok
00:47:04.0559 5556 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
00:47:04.0562 5556 usbhub - ok
00:47:04.0598 5556 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
00:47:04.0601 5556 usbohci - ok
00:47:04.0658 5556 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
00:47:04.0661 5556 usbprint - ok
00:47:04.0712 5556 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
00:47:04.0715 5556 usbscan - ok
00:47:04.0784 5556 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:47:04.0788 5556 USBSTOR - ok
00:47:04.0881 5556 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:47:04.0882 5556 usbuhci - ok
00:47:04.0971 5556 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
00:47:04.0974 5556 usbvideo - ok
00:47:05.0070 5556 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
00:47:05.0073 5556 vga - ok
00:47:05.0121 5556 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:47:05.0123 5556 VgaSave - ok
00:47:05.0200 5556 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
00:47:05.0203 5556 viaagp - ok
00:47:05.0255 5556 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
00:47:05.0258 5556 ViaC7 - ok
00:47:05.0306 5556 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
00:47:05.0309 5556 viaide - ok
00:47:05.0348 5556 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:47:05.0351 5556 volmgr - ok
00:47:05.0407 5556 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:47:05.0415 5556 volmgrx - ok
00:47:05.0508 5556 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:47:05.0515 5556 volsnap - ok
00:47:05.0563 5556 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
00:47:05.0568 5556 vsmraid - ok
00:47:05.0635 5556 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:47:05.0638 5556 WacomPen - ok
00:47:05.0684 5556 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:47:05.0686 5556 Wanarp - ok
00:47:05.0717 5556 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:47:05.0719 5556 Wanarpv6 - ok
00:47:05.0812 5556 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
00:47:05.0815 5556 Wd - ok
00:47:05.0875 5556 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
00:47:05.0899 5556 Wdf01000 - ok
00:47:06.0017 5556 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
00:47:06.0026 5556 winachsf - ok
00:47:06.0120 5556 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
00:47:06.0123 5556 WinUSB - ok
00:47:06.0238 5556 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:47:06.0239 5556 WmiAcpi - ok
00:47:06.0368 5556 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
00:47:06.0372 5556 WpdUsb - ok
00:47:06.0421 5556 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:47:06.0424 5556 ws2ifsl - ok
00:47:06.0490 5556 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
00:47:06.0491 5556 WSDPrintDevice - ok
00:47:06.0575 5556 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
00:47:06.0578 5556 WudfPf - ok
00:47:06.0655 5556 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:47:06.0661 5556 WUDFRd - ok
00:47:06.0748 5556 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
00:47:06.0750 5556 XAudio - ok
00:47:06.0817 5556 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
00:47:06.0823 5556 yukonwlh - ok
00:47:06.0911 5556 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
00:47:06.0921 5556 \Device\Harddisk0\DR0 - ok
00:47:06.0926 5556 Boot (0x1200) (9dcdaf7f471265c30d24dfcfe84401fc) \Device\Harddisk0\DR0\Partition0
00:47:06.0928 5556 \Device\Harddisk0\DR0\Partition0 - ok
00:47:06.0959 5556 Boot (0x1200) (cb397c5c46b80037603f4951c15cacbc) \Device\Harddisk0\DR0\Partition1
00:47:06.0960 5556 \Device\Harddisk0\DR0\Partition1 - ok
00:47:06.0961 5556 ============================================================
00:47:06.0961 5556 Scan finished
00:47:06.0961 5556 ============================================================
00:47:06.0979 5548 Detected object count: 0
00:47:06.0979 5548 Actual detected object count: 0
  • 0

#9
y2kfroguy

y2kfroguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
aswMBR version 0.9.9.1116 Copyright© 2011 AVAST Software
Run date: 2011-12-22 00:48:46
-----------------------------
00:48:46.569 OS Version: Windows 6.0.6002 Service Pack 2
00:48:46.569 Number of processors: 2 586 0x170A
00:48:46.571 ComputerName: CHRIS-PC UserName: Chris
00:48:48.839 Initialize success
00:49:34.934 AVAST engine defs: 11122102
00:49:39.714 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:49:39.718 Disk 0 Vendor: FUJITSU_MHZ2320BH_G2 8909 Size: 305245MB BusType: 3
00:49:41.753 Disk 0 MBR read successfully
00:49:41.757 Disk 0 MBR scan
00:49:41.763 Disk 0 unknown MBR code
00:49:41.768 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294097 MB offset 63
00:49:41.811 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11144 MB offset 602312704
00:49:41.822 Disk 0 scanning sectors +625135616
00:49:41.872 Disk 0 scanning C:\Windows\system32\drivers
00:49:53.090 Service scanning
00:49:55.158 Modules scanning
00:50:02.470 Disk 0 trace - called modules:
00:50:02.498 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS
00:50:02.508 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86bc93a8]
00:50:02.516 3 CLASSPNP.SYS[807128b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86309b98]
00:50:04.228 AVAST engine scan C:\Windows
00:50:08.888 AVAST engine scan C:\Windows\system32
00:52:44.159 AVAST engine scan C:\Windows\system32\drivers
00:52:59.064 AVAST engine scan C:\Users\Chris
01:21:43.399 AVAST engine scan C:\ProgramData
01:30:19.235 Scan finished successfully
01:31:01.958 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
01:31:01.968 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   546bytes   109 downloads

  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Time to test. How is your system now? Any problems?
  • 0

Advertisements


#11
y2kfroguy

y2kfroguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Still encountering Vista Home Security 2012
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Very strange... Let's see where we stand now.

Step 1

Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the "Scan All User" checkbox
  • Change "Extra Registry" option to "SafeList"
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows OTL.txt and Extra.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this files, and post it with your next reply.

  • 0

#13
y2kfroguy

y2kfroguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
OTL logfile created on: 12/23/2011 20:26:18 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 67.94% Memory free
6.06 Gb Paging File | 5.20 Gb Available in Paging File | 85.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.21 Gb Total Space | 122.63 Gb Free Space | 42.70% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.82 Gb Free Space | 16.72% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/14 17:08:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 10:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - File not found [Auto | Stopped] -- -- (freenet)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/04 13:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 13:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/10/06 10:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)


========== Driver Services (SafeList) ==========

DRV - [2010/08/12 06:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/09/02 03:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/05/19 14:52:20 | 001,166,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/04/10 22:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/29 08:52:26 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/01/20 20:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/20 20:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/10/17 17:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3528557333-1276884114-130164159-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = About:Blank
IE - HKU\S-1-5-21-3528557333-1276884114-130164159-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3528557333-1276884114-130164159-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3528557333-1276884114-130164159-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:4.60
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}:4.1.0.00
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "http://search.bearsh...&systemid=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Chris\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/24 23:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/18 11:03:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/18 11:03:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 23:43:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/22 23:43:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Chris\AppData\Roaming\Move Networks [2009/09/12 12:15:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/24 23:06:12 | 000,000,000 | ---D | M]

[2011/04/14 20:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2009/05/18 21:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/11/19 01:01:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rk4i2as6.default\extensions
[2009/06/25 11:36:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rk4i2as6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/14 13:08:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rk4i2as6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(12)
[2011/04/14 20:47:05 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rk4i2as6.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
[2011/07/28 16:53:55 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rk4i2as6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/10/17 11:10:48 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rk4i2as6.default\extensions\vshare@toolbar
[2010/09/14 06:48:25 | 000,002,506 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rk4i2as6.default\searchplugins\BearShareWebSearch.xml
[2009/05/21 22:52:07 | 000,004,140 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rk4i2as6.default\searchplugins\youtube.xml
[2011/12/10 10:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RK4I2AS6.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RK4I2AS6.DEFAULT\EXTENSIONS\[email protected]
[2011/11/25 20:40:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/03 16:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Program Files\mozilla firefox\plugins\NPDFusionWebFirefox.dll
[2010/09/14 06:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2011/10/04 16:15:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/25 20:40:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/12/22 20:58:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3528557333-1276884114-130164159-1000..\Run: [Advanced SystemCare 4] "C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe" File not found
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_56415290.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3528557333-1276884114-130164159-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3528557333-1276884114-130164159-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3528557333-1276884114-130164159-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8D0B5FF-1D4E-4081-8815-705F9E568C30}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\Pictures\Mazatlan\PICT0148.JPG
O24 - Desktop BackupWallPaper: C:\Users\Chris\Pictures\Mazatlan\PICT0148.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/22 21:38:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/22 21:02:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2011/12/22 00:48:28 | 001,917,952 | ---- | C] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR(1).exe
[2011/12/22 00:46:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\tds
[2011/12/21 20:34:47 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/12/21 19:52:29 | 000,693,545 | ---- | C] (maliprog @ Geekstogo) -- C:\Users\Chris\Desktop\ClickShoot.exe
[2011/12/21 17:48:48 | 004,347,226 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
[2011/12/21 16:09:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Hail
[2011/12/21 16:09:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Duplex
[2011/12/21 15:54:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\pics
[2011/12/19 19:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/12/19 18:36:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/14 17:56:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/14 17:28:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\current
[2011/12/14 17:13:02 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2011/12/14 17:08:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/12/14 01:51:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/14 01:51:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/14 01:51:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/14 01:50:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/10 23:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/10 23:03:58 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/10 23:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/01 17:49:14 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/12/23 20:33:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D3D9B8B4-E29C-47D8-BDC9-D29EFDBAE505}.job
[2011/12/23 20:23:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/23 00:30:21 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/12/23 00:28:01 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 00:28:00 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 00:27:47 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/22 23:55:29 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/22 23:55:18 | 000,617,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/22 23:55:18 | 000,108,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/22 20:58:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/22 19:08:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/12/22 19:08:20 | 000,002,786 | -HS- | M] () -- C:\Users\Chris\AppData\Local\hpymvn0d5qgg3vgn7qps5c318q5p
[2011/12/22 19:08:20 | 000,002,786 | -HS- | M] () -- C:\ProgramData\hpymvn0d5qgg3vgn7qps5c318q5p
[2011/12/22 19:07:18 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/22 01:37:09 | 000,000,546 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.zip
[2011/12/22 01:34:38 | 000,000,535 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.rar
[2011/12/22 01:31:01 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat
[2011/12/22 00:48:32 | 001,917,952 | ---- | M] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR(1).exe
[2011/12/22 00:45:39 | 001,557,791 | ---- | M] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/12/21 21:38:34 | 000,000,170 | -HS- | M] () -- C:\Windows\2326259drv.spi
[2011/12/21 20:39:09 | 000,014,824 | -HS- | M] () -- C:\Users\Chris\AppData\Local\eaobxq8b3hgh6kfp1iyw6q758a4y
[2011/12/21 20:39:09 | 000,014,824 | -HS- | M] () -- C:\ProgramData\eaobxq8b3hgh6kfp1iyw6q758a4y
[2011/12/21 19:54:11 | 000,310,783 | ---- | M] () -- C:\Users\Chris\Desktop\ClickShoot_195411.jpg
[2011/12/21 19:52:40 | 000,693,545 | ---- | M] (maliprog @ Geekstogo) -- C:\Users\Chris\Desktop\ClickShoot.exe
[2011/12/21 17:48:56 | 004,347,226 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
[2011/12/20 20:12:59 | 404,393,270 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/19 19:50:47 | 000,000,803 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_56415290.lnk
[2011/12/19 19:48:43 | 107,372,952 | ---- | M] () -- C:\Users\Chris\Desktop\setup_11.0.0.1245.x01_2011_12_20_04_26.exe
[2011/12/19 18:47:19 | 000,302,592 | ---- | M] () -- C:\Users\Chris\Desktop\hyqimxlv.exe
[2011/12/19 18:40:47 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/12/19 18:40:47 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/12/17 20:39:00 | 000,095,744 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/17 14:56:51 | 000,015,468 | -HS- | M] () -- C:\Users\Chris\AppData\Local\6n52nt1d48d174
[2011/12/17 14:56:51 | 000,015,468 | -HS- | M] () -- C:\ProgramData\6n52nt1d48d174
[2011/12/14 18:56:59 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/14 17:13:11 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2011/12/14 17:08:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/12/14 16:10:56 | 000,337,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 22:38:56 | 000,007,728 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/12/12 23:43:26 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChris.job
[2011/12/08 00:01:58 | 000,205,194 | ---- | M] () -- C:\Windows\hpoins46.dat
[2011/12/07 23:33:14 | 000,205,843 | ---- | M] () -- C:\Windows\hpoins46.dat.temp
[2011/12/04 10:17:01 | 000,042,809 | ---- | M] () -- C:\Users\Chris\Desktop\https___www.usaa.com_inet_gas_pc_pas_GyRenderIDCardServlet_appsessionkey=PS_GYPROOFINSCARD_1322956573444&cards_persisted=true&context_ts=20111203175613091073&filename=_AutoInsuranceIDCard.pdf

========== Files Created - No Company Name ==========

[2011/12/22 19:07:18 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/22 19:04:54 | 000,002,786 | -HS- | C] () -- C:\Users\Chris\AppData\Local\hpymvn0d5qgg3vgn7qps5c318q5p
[2011/12/22 19:04:54 | 000,002,786 | -HS- | C] () -- C:\ProgramData\hpymvn0d5qgg3vgn7qps5c318q5p
[2011/12/22 01:37:09 | 000,000,546 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.zip
[2011/12/22 01:34:38 | 000,000,535 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.rar
[2011/12/22 00:45:37 | 001,557,791 | ---- | C] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/12/21 21:38:34 | 000,000,170 | -HS- | C] () -- C:\Windows\2326259drv.spi
[2011/12/21 20:34:57 | 000,014,824 | -HS- | C] () -- C:\Users\Chris\AppData\Local\eaobxq8b3hgh6kfp1iyw6q758a4y
[2011/12/21 20:34:57 | 000,014,824 | -HS- | C] () -- C:\ProgramData\eaobxq8b3hgh6kfp1iyw6q758a4y
[2011/12/21 19:54:11 | 000,310,783 | ---- | C] () -- C:\Users\Chris\Desktop\ClickShoot_195411.jpg
[2011/12/20 00:43:01 | 404,393,270 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/19 19:50:47 | 000,000,803 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_56415290.lnk
[2011/12/19 19:47:18 | 107,372,952 | ---- | C] () -- C:\Users\Chris\Desktop\setup_11.0.0.1245.x01_2011_12_20_04_26.exe
[2011/12/19 18:47:19 | 000,302,592 | ---- | C] () -- C:\Users\Chris\Desktop\hyqimxlv.exe
[2011/12/17 14:53:47 | 000,015,468 | -HS- | C] () -- C:\Users\Chris\AppData\Local\6n52nt1d48d174
[2011/12/17 14:53:47 | 000,015,468 | -HS- | C] () -- C:\ProgramData\6n52nt1d48d174
[2011/12/14 18:51:53 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat
[2011/12/14 17:57:45 | 3149,078,528 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/14 01:51:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/14 01:51:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/14 01:51:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/14 01:51:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/14 01:51:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/10 23:04:06 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/07 23:43:10 | 000,205,843 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2011/12/07 23:43:10 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011/12/04 10:17:01 | 000,042,809 | ---- | C] () -- C:\Users\Chris\Desktop\https___www.usaa.com_inet_gas_pc_pas_GyRenderIDCardServlet_appsessionkey=PS_GYPROOFINSCARD_1322956573444&cards_persisted=true&context_ts=20111203175613091073&filename=_AutoInsuranceIDCard.pdf
[2011/10/23 13:24:53 | 000,000,565 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\myMPQ.ini
[2011/10/19 14:02:19 | 000,000,022 | ---- | C] () -- C:\Users\Chris\AppData\Local\kodakpcd.ini
[2011/08/01 17:49:14 | 000,007,887 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2011/08/01 17:49:14 | 000,001,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
[2011/04/22 19:15:05 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/22 19:15:05 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/09/12 14:36:16 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/08/23 17:50:28 | 000,205,194 | ---- | C] () -- C:\Windows\hpoins46.dat
[2010/04/26 19:55:19 | 000,161,414 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\video-20100426T205518.wmv
[2010/02/23 20:43:30 | 000,008,794 | -HS- | C] () -- C:\Users\Chris\AppData\Local\iHFx3
[2010/01/29 15:21:20 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2009/09/26 03:20:52 | 000,007,728 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2009/09/23 23:22:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/23 23:22:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/01 22:22:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/28 22:26:35 | 000,001,160 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\wklnhst.dat
[2009/05/17 20:15:53 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/17 20:15:53 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/17 17:17:03 | 000,095,744 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/27 09:17:04 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/10/23 03:56:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/06 14:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2008/07/06 14:14:06 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/06/29 08:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,337,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,617,702 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,108,772 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 03:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 20:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 20:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 20:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 20:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 20:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/25 20:40:53 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/25 20:40:53 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/25 20:40:53 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/25 20:40:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/09/30 15:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/09/30 15:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/09/30 15:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/09/30 17:07:49 | 000,638,216 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/09/30 17:07:49 | 000,638,216 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/25 20:40:53 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/25 20:40:53 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/25 20:40:53 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/25 20:40:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/09/30 15:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/09/30 15:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/09/30 15:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/09/30 17:07:49 | 000,638,216 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/09/30 17:07:49 | 000,638,216 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >
  • 0

#14
y2kfroguy

y2kfroguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
OTL Extras logfile created on: 12/23/2011 20:26:18 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 67.94% Memory free
6.06 Gb Paging File | 5.20 Gb Available in Paging File | 85.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.21 Gb Total Space | 122.63 Gb Free Space | 42.70% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.82 Gb Free Space | 16.72% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3528557333-1276884114-130164159-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04502DCD-F36E-4664-8DA4-66E344545CA6}" = lport=3390 | protocol=6 | dir=in | app=system |
"{0A63C1AB-051B-4A2F-AAB0-2B644DEDC9D2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0E45879C-31DC-41C8-849C-6D9D9410596C}" = lport=137 | protocol=17 | dir=in | app=system |
"{1BFB27C0-6D62-4A90-9799-F0D0C22979AD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1C2DE3FE-81D4-4D74-A4EF-0B94BB47AA17}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1F6F69F5-10D1-40DB-8B37-B7E594A690B5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{21AFD410-6435-4799-92D2-AFFA6DCCA261}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CA43D3C-3535-417B-AD8C-8AF04101BBE5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47D39645-4429-4E38-818A-BF2FC35A8D07}" = lport=3390 | protocol=6 | dir=in | app=system |
"{48023C4D-5AEE-4203-9E01-B490EC924AEA}" = rport=445 | protocol=6 | dir=out | app=system |
"{4C35A512-9E59-4501-8785-082EDA440675}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E70CB99-B905-4C99-A6C5-4EF4A61CB80A}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{4EAF1729-4117-4A96-940D-81E11AD326CA}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{5106B973-4A73-43DE-A5B4-D8544E8867FE}" = rport=137 | protocol=17 | dir=out | app=system |
"{52B1ECA7-97CA-48E6-A44E-DCB304BBFFE5}" = lport=10244 | protocol=6 | dir=in | app=system |
"{58A8BA45-6AEC-4F80-8FAA-233C090F7B22}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{621E24EC-24EF-4BA5-848F-42C980287639}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6DAA1686-C313-4E2A-B389-FAB59C196450}" = rport=10244 | protocol=6 | dir=out | app=system |
"{72151F33-60ED-414A-9512-1538F40BB59F}" = lport=33317 | protocol=17 | dir=in | name=utorrent |
"{7A71EFEA-0245-4BA9-B811-76B49EE10A7A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87BC971B-E4A3-4A84-A4D4-8F9112CEB501}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8803DA00-11EB-4D7F-89F6-3C14CB1249BE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89A0E6B3-397C-41FC-8F76-D3D861B5773D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8BA83D91-589A-4058-86A2-33AAD934379F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{96BC7AA1-77F6-4332-B93C-238DB82FC386}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A63D7A0-87EC-4653-A377-CD0076430183}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9BF9A60A-C88F-4272-956E-D5C9872FC0F0}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{A01836C5-B955-4C1D-A1CF-EAA680FA1159}" = rport=10244 | protocol=6 | dir=out | app=system |
"{A0DDAF2D-1914-4373-9D20-52F0F504CA79}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF203C5C-6737-4FFA-8E09-2558952E7D26}" = lport=138 | protocol=17 | dir=in | app=system |
"{AF27D075-7376-4650-AC6B-A413CE1E682A}" = lport=445 | protocol=6 | dir=in | app=system |
"{B0B6373A-E5A9-40EE-8DC4-3691F2CDC26B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C2A665BE-7771-4F55-8AED-9DB65A9E50E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6239FD4-D841-41F1-92E0-811384DBEE3C}" = rport=139 | protocol=6 | dir=out | app=system |
"{CD88CAAD-3A29-42CF-9454-DD99B43C53D7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D02C4165-AFB1-4D88-808A-F1668C80BFC9}" = lport=139 | protocol=6 | dir=in | app=system |
"{D74AFEB2-B365-4560-8AFA-6A0F22F841E4}" = lport=33317 | protocol=6 | dir=in | name=utorrent |
"{DC730A36-FCE9-451D-BFB9-50E490FFD8FA}" = rport=138 | protocol=17 | dir=out | app=system |
"{E101D8BA-EE31-41D2-AA5D-77A837803BE8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E3EA14F5-8ECE-47A1-A6F1-2277A94FD35A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E5F31BC7-B135-487F-B97B-AF29838EF338}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ED89CBB3-AFC5-4E00-906B-2636CEE0B0D1}" = lport=10244 | protocol=6 | dir=in | app=system |
"{EF1C65B6-BE6B-4CC1-9EAF-B6586C7576FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF6116CB-0ED5-4315-8A48-A8D6E0AFA00C}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11CD9DF6-C1AA-4C3A-8E74-B4B73EF961DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{12DBFE89-B2E4-4183-824C-27B81038FD9D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1E98EE33-726F-4B1B-999D-D34A93B84C04}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{1FAC0389-49E8-4C62-9185-CA0AB162A8F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{281F734E-443D-4903-92C1-633903C8676B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{29769A35-306D-4F83-B054-4AB2111EC655}" = protocol=1 | dir=in | [email protected],-28543 |
"{2B6B00A2-CB5C-42A2-A2A7-E31B5F157F0F}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{3053D97C-241E-4AC5-9170-CB3FF8399023}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{3BEF99E6-67E1-4BCA-901A-C13C7E054D37}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{41EC2DF4-80E4-44EA-A53D-76BCE468BBF7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44A52D6D-CBE0-4A18-8EC5-CFCAE7DE82D4}" = protocol=1 | dir=out | [email protected],-28544 |
"{451BBDC0-3A28-4875-8A3B-6431F85241B9}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{45ECCC67-6892-466F-8C78-181198910A22}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{469477A3-6D00-4B21-A5DD-FE10DC77B1FF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{47351493-27BC-43E6-8F41-10CCE765AC76}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{49DC20A1-6C95-48AD-938D-393A2BCFC1EE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{4A32EE95-4788-4B00-BE85-2618789A4FB1}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{4AF3CBB0-108B-400B-BF3A-4294950C82B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4B932609-8B8E-4F2D-AD39-4010FE218156}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{54E3E2C2-1A4A-4E03-AF11-B11A61CC78C4}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5986901D-DDD1-466B-B0CB-3FAF83BC43AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60D56ADE-572B-4EA5-8D44-6915755309D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{6488101D-70EA-4629-8042-C5282E5D84F6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6792AC5F-253B-4977-9CDB-9E07841C054A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6A02D7A7-C1A4-4BD0-91A9-8C88064A43C5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{6C17B219-1AC3-44BB-BFE3-D86D3B887079}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{73EAB0A2-C55F-4A6A-8434-B0BE6450C6E7}" = protocol=6 | dir=in | app=c:\users\chris\desktop\airprint activator.exe |
"{755AC4F1-15F1-454A-B940-094DBCED79B3}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{7AD0B919-0FA4-4B82-9663-E43377161FEE}" = protocol=17 | dir=in | app=c:\users\chris\desktop\airprint activator.exe |
"{7AED2C2D-3073-49DA-811D-7A89D03A188C}" = dir=in | app=e:\setup\hpznui01.exe |
"{7EFA7EF4-A517-450F-9A95-E57C67E6BB52}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{805ED070-D729-4DB4-ACDE-E6A8E66F0EA7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81A292CC-1FBA-430D-A946-A375C5C36263}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{83766235-776A-44E7-A9D3-8B63EA8C4A18}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{85AF7193-4571-45C9-B033-E2020B423369}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8B45510A-61DA-4980-A862-2085AEA060CE}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8C1D512C-EECF-4C5A-B418-956C150987A7}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{93AD25C9-FDAA-4A2A-8E90-30905D255C41}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{9427B57F-6B79-4774-83E3-43A91D32F1C4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{96F19291-280B-461F-B1A5-B709C92F27D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{974B57BB-F2A6-4B5F-B83C-C3A713EC0A7D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{A54A08E2-1C40-487A-B6CA-E247CDCFFBAB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AA3A9850-79F7-4619-A586-AAAA7EE9D6C8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{AA9E6F40-FC2F-4455-9B2D-232FB5BBBF8E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B2DB5C23-86A5-4E9E-9598-4D657FC7B0F2}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{B5B4369C-F529-4C14-A4C5-098C1263DA05}" = protocol=58 | dir=out | [email protected],-28546 |
"{B95B88FB-6871-44BB-BEE6-C65F34BB208D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{BB732FA2-5B32-4738-84BF-2EA8358FEA88}" = protocol=58 | dir=in | [email protected],-28545 |
"{BF6A9955-4D64-4B02-A406-B4208D82DBAA}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C94A3A2E-F0CF-44BD-9F02-D2347E6FFB16}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{CB731400-9F93-49B5-804A-EE4B065816D4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CD9F580F-7B7B-46BF-AE73-01E6C74C265B}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{CF259296-65E3-42EC-B56F-DA4763DFCAE7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{D3D7D5D6-0FDE-47ED-9A09-14CE587409EF}" = protocol=6 | dir=out | app=system |
"{D634EDCB-133C-44A8-B09E-CA6633F80BF9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DABAFB9F-DDEB-4CBA-9424-5DF6F822B15B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{DF27F851-6398-4F9A-8BC3-F68A39A35861}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{E6EB9657-47D3-4CC6-A996-244F45B9BA8F}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{EDFA4141-BD9F-4B28-8710-FF9660D1F88D}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{EE03CDDF-B2A9-4179-A211-9DCC34A5E21B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{F019D79B-3C3A-4843-86BA-1F82681F33EE}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F7025D52-0503-4FEE-BBED-716F3DCB3CF5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FCBC85C8-15C8-462F-8864-626756DBBF3B}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"TCP Query User{0597BA4A-D209-4901-B642-5EA471FC8B60}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{20B5ACAB-1A30-4E9B-BC13-102D777851A8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{6F1467B5-047D-42A0-B15D-C55A7D8F4032}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{74DF3799-F0D4-424D-8096-DCD7C5EC3FA1}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{8A9C10D7-0A0A-42C4-93B6-CC6CCEC90FC7}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{D0FFA47E-373F-4BDC-9E21-3BF8762D3C58}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{D2EC2805-60E7-415B-908A-0291EBCEA2FD}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{E170F2CD-E156-425C-BFFE-8170DE257F14}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{02CE4508-D7E5-4BD1-94ED-B7AC9DC30D44}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{22AB1B43-2ECA-4A50-8A90-04F1A69D9AB1}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{71D547AE-7032-40D8-96EC-55BF4230EC59}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A3F2C5EB-3ED1-4BF9-89BA-45DD3FB4B014}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{A6DED306-C11B-43BF-B7EE-31A1E2310D0A}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{CF345761-5C3F-4433-824B-E9EE4E5F921B}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{E0C318E2-129D-4344-A851-6FBBC402AAB0}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{FB82BC40-8322-42E1-BF00-A1278663B8D1}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376AAB2-F4D9-48D7-A42B-4E80B8967A8B}" = F4500
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26471DA3-CCAD-40C4-8B30-64A91A6F7A73}" = Jing
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.9
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Camfrog 5.5" = Camfrog Video Chat 5.5
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"FrostWire" = FrostWire 4.21.5
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Matroska Pack" = Matroska Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"Shop for HP Supplies" = Shop for HP Supplies
"StarCraft II" = StarCraft II
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.18
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3528557333-1276884114-130164159-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"UltimateBet" = UltimateBet
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/27/2011 18:15:43 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/27/2011 18:15:43 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16297159

Error - 7/27/2011 18:15:43 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16297159

Error - 7/27/2011 18:15:45 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_HPSLPSVC, version 6.0.6001.18000,
time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x00000000, process id 0xf28, application
start time 0x01cc4b1994937266.

Error - 7/27/2011 18:15:45 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/27/2011 18:15:45 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16298860

Error - 7/27/2011 18:15:45 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16298860

Error - 7/27/2011 18:15:46 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/27/2011 18:15:46 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16300061

Error - 7/27/2011 18:15:46 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16300061

[ Media Center Events ]
Error - 7/23/2009 21:39:54 | Computer Name = Chris-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 7/23/2009 21:43:27 | Computer Name = Chris-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 8/6/2009 15:34:29 | Computer Name = Chris-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 12/23/2011 02:30:20 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 12/23/2011 02:30:20 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 12/23/2011 02:30:20 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/23/2011 02:30:20 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/23/2011 02:30:20 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/23/2011 02:30:20 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/23/2011 02:30:20 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/23/2011 02:30:20 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/23/2011 02:30:20 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 12/23/2011 02:32:14 | Computer Name = Chris-PC | Source = WMPNetworkSvc | ID = 866293
Description =


< End of report >
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Test your system after these steps and see if infection is still there.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_56415290.lnk = File not found
    [2011/12/22 19:08:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2011/12/22 19:08:20 | 000,002,786 | -HS- | M] () -- C:\Users\Chris\AppData\Local\hpymvn0d5qgg3vgn7qps5c318q5p
    [2011/12/22 19:08:20 | 000,002,786 | -HS- | M] () -- C:\ProgramData\hpymvn0d5qgg3vgn7qps5c318q5p
    [2011/12/21 20:39:09 | 000,014,824 | -HS- | M] () -- C:\Users\Chris\AppData\Local\eaobxq8b3hgh6kfp1iyw6q758a4y
    [2011/12/21 20:39:09 | 000,014,824 | -HS- | M] () -- C:\ProgramData\eaobxq8b3hgh6kfp1iyw6q758a4y
    [2011/12/19 19:50:47 | 000,000,803 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_56415290.lnk
    [2011/12/17 14:56:51 | 000,015,468 | -HS- | M] () -- C:\Users\Chris\AppData\Local\6n52nt1d48d174
    [2011/12/17 14:56:51 | 000,015,468 | -HS- | M] () -- C:\ProgramData\6n52nt1d48d174

    :Files
    C:\Users\Chris\AppData\Local\hpymvn0d5qgg3vgn7qps5c318q5p
    C:\ProgramData\hpymvn0d5qgg3vgn7qps5c318q5p
    C:\Users\Chris\AppData\Local\eaobxq8b3hgh6kfp1iyw6q758a4y
    C:\ProgramData\eaobxq8b3hgh6kfp1iyw6q758a4y
    C:\Users\Chris\AppData\Local\6n52nt1d48d174
    C:\ProgramData\6n52nt1d48d174

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Update Malwareybtes and do Quick Scan. Post log after the scan.

Step 3


Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
It would be helpful if you could post each log in separate post
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP