Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Security Alerts

Started by eMoRTaL , Dec 22 2011 07:42 PM

  • Please log in to reply

#1
eMoRTaL
Posted 22 December 2011 - 07:42 PM

eMoRTaL

    Member

  • Member
  • PipPip
  • 29 posts
The other night I was hit with this FakeAlert virus, but was able to detect it quickly before anything was done. I ran MBAM and seemed to have cleaned it all out...however the icon still appears in my taskbar items. There seems to be nothing happening with it, but obviously there's still something that got left behind. MBAM shows no infection even after a full scan. I've DL'd OTL and have the logs:

OTL logfile created on: 12/22/2011 8:11:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\KRISTIN VERA\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.98 Mb Total Physical Memory | 212.86 Mb Available Physical Memory | 27.79% Memory free
1.83 Gb Paging File | 1.20 Gb Available in Paging File | 65.28% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 14.40 Gb Free Space | 38.63% Space Free | Partition Type: NTFS

Computer Name: KR15-WG5N33V3R4 | User Name: KRISTIN VERA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\KRISTIN VERA\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe (Yahoo! Inc.)
PRC - C:\Program Files\Yahoo!\Companion\att0\ToolbarSvr.exe (AT&T Inc.)
PRC - c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
PRC - c:\Program Files\Zune\ZuneBusEnum.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\WINDOWS\system32\dlcxcoms.exe ( )
PRC - C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
PRC - C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Yahoo!\Companion\att0\zlib1.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcxdrpp.dll ()
MOD - C:\Program Files\Sygate\SPF\tse.dll ()
MOD - C:\Program Files\Sygate\SPF\SyLink.dll ()
MOD - C:\Program Files\Sygate\SPF\SpNet.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc) -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (ZuneBusEnum) -- c:\Program Files\Zune\ZuneBusEnum.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (dlcx_device) -- C:\WINDOWS\System32\dlcxcoms.exe ( )
SRV - (Adobe Version Cue CS2) -- c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)
SRV - (SmcService) -- C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)


========== Driver Services (SafeList) ==========

DRV - (MpKsl18f9d07a) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D6390C-FE8F-4023-AE45-F78EA59AF196}\MpKsl18f9d07a.sys (Microsoft Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (stdriver) -- C:\WINDOWS\system32\drivers\stdriver32.sys (NCH Software)
DRV - (Apowersoft_AudioDevice) -- C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (wg6n) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys (Sygate Technologies, Inc.)
DRV - (wg5n) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys (Sygate Technologies, Inc.)
DRV - (wg4n) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys (Sygate Technologies, Inc.)
DRV - (wg3n) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys (Sygate Technologies, Inc.)
DRV - (wpsdrvnt) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)
DRV - (Teefer) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys (Sygate Technologies, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (ALCXWDM) Service for Avance AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Avance Logic, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems)
DRV - (USRpdA) -- C:\WINDOWS\system32\drivers\USRpdA.sys (U.S. Robotics Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17160

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.net
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25547

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\KRISTIN VERA\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\CompuServe 7.0\Extensions\\:
FF - HKEY_LOCAL_MACHINE\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2011/09/28 11:18:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2011/09/28 11:18:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/06/09 19:39:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/07/15 02:00:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 6 6.2.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2002/11/01 11:20:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 6 6.2.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2011/09/28 11:18:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\CompuServe 7.0\Extensions\\:
FF - HKEY_CURRENT_USER\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2011/09/28 11:18:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2011/09/28 11:18:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2002/11/01 11:20:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2011/09/28 11:18:25 | 000,000,000 | ---D | M]

[2011/06/15 20:36:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\KRISTIN VERA\Application Data\Mozilla\Extensions
[2011/07/31 16:51:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\KRISTIN VERA\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (Reg Error: Value error.) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Version Cue CS2] c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\irprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA File not found
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.myheritag...geUploader5.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EAFDB5F-E698-4A12-AE83-6FCDE56B5152}: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\KRISTIN VERA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\KRISTIN VERA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/11/01 16:40:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/22 20:07:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KRISTIN VERA\Desktop\OTL.exe
[2011/12/13 10:47:07 | 000,000,000 | ---D | C] -- C:\Program Files\DailyBibleGuideEI
[2011/12/05 19:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KRISTIN VERA\Desktop\cd
[2006/11/03 16:07:06 | 000,385,928 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxih.exe
[2006/11/03 16:07:04 | 000,537,480 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcoms.exe
[2006/11/03 16:07:02 | 000,381,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcfg.exe
[2006/10/11 17:01:40 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2006/10/11 16:59:56 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2006/10/11 16:54:10 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2006/10/11 16:52:34 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2006/10/11 16:51:16 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2006/10/11 16:48:58 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2006/10/11 16:48:14 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2006/10/11 16:47:42 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2006/10/11 16:41:42 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2006/10/11 16:41:04 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2006/10/11 16:37:14 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/22 20:07:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KRISTIN VERA\Desktop\OTL.exe
[2011/12/21 04:59:40 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/21 04:53:14 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/12/21 04:52:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/21 04:52:37 | 803,262,464 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/20 20:56:50 | 000,001,298 | -HS- | M] () -- C:\Documents and Settings\KRISTIN VERA\Local Settings\Application Data\dmyib3jr58pr237op308dq2c28y2k
[2011/12/20 20:56:50 | 000,001,298 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\dmyib3jr58pr237op308dq2c28y2k
[2011/12/19 18:00:29 | 003,021,153 | ---- | M] () -- C:\Documents and Settings\KRISTIN VERA\Desktop\We Fall Down.mp3
[2011/12/15 03:25:23 | 000,152,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 03:08:27 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/05 20:40:08 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/11/23 08:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2011/11/23 08:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/20 20:56:50 | 000,001,298 | -HS- | C] () -- C:\Documents and Settings\KRISTIN VERA\Local Settings\Application Data\dmyib3jr58pr237op308dq2c28y2k
[2011/12/20 20:56:50 | 000,001,298 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\dmyib3jr58pr237op308dq2c28y2k
[2011/12/19 17:35:16 | 003,021,153 | ---- | C] () -- C:\Documents and Settings\KRISTIN VERA\Desktop\We Fall Down.mp3
[2011/12/05 20:02:04 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\KRISTIN VERA\Desktop\Track01.cda
[2011/08/02 16:54:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/06/24 19:31:57 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\KRISTIN VERA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/22 16:18:11 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2011/06/16 10:09:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/23 22:05:38 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/10/28 09:31:44 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2006/10/20 19:07:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2006/10/20 19:06:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2006/10/20 19:03:28 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2006/10/20 18:57:40 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2006/10/20 18:56:52 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2006/10/20 18:55:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2006/10/20 18:54:42 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2006/10/20 18:48:38 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2006/10/20 18:46:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2006/09/06 05:13:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcfg.dll
[2006/04/24 14:09:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2004/10/15 17:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2004/08/04 02:56:42 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 02:56:42 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 02:56:42 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 02:56:42 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 02:56:42 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2002/11/02 05:11:30 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2002/11/02 05:11:04 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2002/11/02 05:11:03 | 000,000,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2002/11/01 16:44:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/11/01 16:37:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/11/01 15:22:23 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2002/11/01 15:22:13 | 000,001,022 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/11/01 15:22:13 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2002/11/01 15:21:26 | 000,433,032 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/11/01 15:21:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/11/01 15:21:26 | 000,067,862 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/11/01 15:21:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/11/01 15:21:24 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/11/01 15:21:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/11/01 15:21:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/11/01 15:21:11 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/11/01 15:21:09 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/11/01 15:20:57 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/11/01 15:20:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/11/01 11:55:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/11/01 11:21:37 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2002/11/01 11:20:56 | 000,074,896 | ---- | C] () -- C:\WINDOWS\N6Uninst.exe
[2002/11/01 11:20:54 | 000,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2002/11/01 11:20:47 | 000,010,047 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2002/11/01 08:27:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/11/01 08:26:29 | 000,152,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/06/18 14:03:21 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\2e06c9
[2011/12/22 20:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTYToolbar
[2011/05/29 22:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/07/12 15:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/06/18 14:02:41 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SSCTICGS
[2011/10/25 17:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KRISTIN VERA\Application Data\Amazon
[2011/06/26 15:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KRISTIN VERA\Application Data\Apowersoft
[2011/12/05 20:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KRISTIN VERA\Application Data\Audacity
[2011/06/27 15:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KRISTIN VERA\Application Data\BabylonToolbar
[2011/06/27 16:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KRISTIN VERA\Application Data\bsbandmltbpi
[2011/06/21 10:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KRISTIN VERA\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/20 21:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KRISTIN VERA\Application Data\FrostWire
[2011/05/25 21:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KRISTIN VERA\Application Data\GetRightToGo
[2002/11/01 11:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KRISTIN VERA\Application Data\InterTrust
[2011/07/12 15:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KRISTIN VERA\Application Data\NCH Swift Sound
[2011/09/28 16:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KRISTIN VERA\Application Data\SoftGrid Client
[2011/06/13 09:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KRISTIN VERA\Application Data\Template
[2011/06/26 09:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KRISTIN VERA\Application Data\Toolbar4
[2011/08/02 15:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KRISTIN VERA\Application Data\TP
[2011/12/21 04:59:40 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/10/04 16:07:06 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\soundtapShakeIcon.job
[2011/12/05 20:40:08 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 2972 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc

< End of report >

OTL Extras logfile created on: 12/22/2011 8:11:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\KRISTIN VERA\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.98 Mb Total Physical Memory | 212.86 Mb Available Physical Memory | 27.79% Memory free
1.83 Gb Paging File | 1.20 Gb Available in Paging File | 65.28% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 14.40 Gb Free Space | 38.63% Space Free | Partition Type: NTFS

Computer Name: KR15-WG5N33V3R4 | User Name: KRISTIN VERA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® 82845G Graphics Driver Software
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Avance AC'97 Audio
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"America Online us" = America Online
"AOL Instant Messenger (SM)" = AOL Instant Messenger (SM)
"AolCoach" = AOL Coach Version 1.0(Build:20020823.1)
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"CompuServe us" = CompuServe
"FrostWire" = FrostWire 4.21.8
"ICQ" = ICQ
"ie8" = Windows Internet Explorer 8
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape 6 (6.2.1)" = Netscape 6 (6.2.1)
"RealPlayer 6.0" = RealPlayer Basic
"SoundTap" = SoundTap Streaming Audio Recorder
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"WavePad" = WavePad Sound Editor
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = att.net Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/4/2011 3:16:06 PM | Computer Name = KR15-WG5N33V3R4 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/9/2011 4:42:54 PM | Computer Name = KR15-WG5N33V3R4 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19154, fault address 0x00067a38.

Error - 12/12/2011 11:34:18 AM | Computer Name = KR15-WG5N33V3R4 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/12/2011 11:34:33 AM | Computer Name = KR15-WG5N33V3R4 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 12/16/2011 8:55:15 PM | Computer Name = KR15-WG5N33V3R4 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/16/2011 8:55:15 PM | Computer Name = KR15-WG5N33V3R4 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/20/2011 6:39:15 PM | Computer Name = KR15-WG5N33V3R4 | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 10.1.1.33, faulting module
acrord32.dll, version 10.1.1.33, fault address 0x00021a55.

Error - 12/21/2011 6:05:06 AM | Computer Name = KR15-WG5N33V3R4 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 12/22/2011 5:59:47 AM | Computer Name = KR15-WG5N33V3R4 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 12/22/2011 6:05:14 AM | Computer Name = KR15-WG5N33V3R4 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 11/30/2011 11:04:01 PM | Computer Name = KR15-WG5N33V3R4 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00085432635C. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 11/30/2011 11:08:36 PM | Computer Name = KR15-WG5N33V3R4 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.15.2 on
the Network Card with network address 00085432635C.

Error - 12/2/2011 9:25:40 PM | Computer Name = KR15-WG5N33V3R4 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 12/12/2011 10:10:33 AM | Computer Name = KR15-WG5N33V3R4 | Source = Print | ID = 6161
Description = The document Flash owned by KRISTIN VERA failed to print on printer
Dell Photo AIO Printer 926. Data type: LEMF. Size of the spool file in bytes: 2029922.
Number of bytes printed: 2029922. Total number of pages in the document: 1. Number
of pages printed: 0. Client machine: \\KR15-WG5N33V3R4. Win32 error code returned
by the print processor: 0 (0x0).

Error - 12/20/2011 11:12:58 PM | Computer Name = KR15-WG5N33V3R4 | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 12/21/2011 12:14:35 AM | Computer Name = KR15-WG5N33V3R4 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 12/21/2011 5:54:16 AM | Computer Name = KR15-WG5N33V3R4 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 12/21/2011 6:05:05 AM | Computer Name = KR15-WG5N33V3R4 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.1411.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 12/22/2011 5:59:47 AM | Computer Name = KR15-WG5N33V3R4 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.1411.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 12/22/2011 6:05:10 AM | Computer Name = KR15-WG5N33V3R4 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.1411.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 23 December 2011 - 12:47 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17160
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25547
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA File not found
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[2011/12/20 20:56:50 | 000,001,298 | -HS- | C] () -- C:\Documents and Settings\KRISTIN VERA\Local Settings\Application Data\dmyib3jr58pr237op308dq2c28y2k
[2011/12/20 20:56:50 | 000,001,298 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\dmyib3jr58pr237op308dq2c28y2k
[2011/06/18 14:03:21 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\2e06c9
[2011/06/18 14:02:41 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SSCTICGS
@Alternate Data Stream - 2972 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
:Commands
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Ron
  • 0

#3
eMoRTaL
Posted 23 December 2011 - 09:00 PM

eMoRTaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hey Ron, I've followed your instructions and here are the logs (after all the scans/fixes the Windows Security Alerts icon still appears on the taskbar:

ComboFix 11-12-23.01 - KRISTIN VERA 12/23/2011 21:07:18.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.506 [GMT -5:00]
Running from: c:\documents and settings\KRISTIN VERA\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Sygate Personal Firewall *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\SPL168.tmp
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\KRISTIN VERA\Application Data\Microsoft\~DFK605fef.tmp
c:\documents and settings\KRISTIN VERA\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\KRISTIN VERA\Application Data\Microsoft\bass.dll
c:\documents and settings\KRISTIN VERA\Application Data\Microsoft\engine_vx.dll
c:\documents and settings\KRISTIN VERA\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\KRISTIN VERA\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\KRISTIN VERA\Application Data\Microsoft\peaadje.dll
c:\documents and settings\KRISTIN VERA\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\KRISTIN VERA\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\KRISTIN VERA\Application Data\Toolbar4
c:\documents and settings\KRISTIN VERA\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\27c746d432b7a753a0af8d7c033b46fe
c:\documents and settings\KRISTIN VERA\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2cc60d08b36af576b11419505050cc6e
c:\documents and settings\KRISTIN VERA\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\36edbd9cd1d972f7b815c3c429d9e778
c:\documents and settings\KRISTIN VERA\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\39a1f14c835badc083b748bd5fdc645e
c:\documents and settings\KRISTIN VERA\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\498f449612f564221a965c79614832bb
c:\documents and settings\KRISTIN VERA\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\757a20d7a75ae93435ac64a6095eab39
c:\documents and settings\KRISTIN VERA\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9d810aab3f7bcbacb07c241f8d726714
c:\documents and settings\KRISTIN VERA\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\bdcf0ed363b85538f740c9b718bf611c
c:\documents and settings\KRISTIN VERA\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c594d37e13c887da6ddc9975fa9aae82
c:\documents and settings\KRISTIN VERA\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\fc57bf3aee1b4ac0db547af3a4f4a1b1
c:\documents and settings\KRISTIN VERA\Recent\ANTIGEN.tmp
c:\documents and settings\KRISTIN VERA\Recent\CLSV.sys
c:\documents and settings\KRISTIN VERA\Recent\DBOLE.dll
c:\documents and settings\KRISTIN VERA\Recent\ddv.tmp
c:\documents and settings\KRISTIN VERA\Recent\energy.drv
c:\documents and settings\KRISTIN VERA\Recent\exec.drv
c:\documents and settings\KRISTIN VERA\Recent\fix.sys
c:\documents and settings\KRISTIN VERA\Recent\FS.dll
c:\documents and settings\KRISTIN VERA\Recent\FS.drv
c:\documents and settings\KRISTIN VERA\Recent\kernel32.tmp
c:\documents and settings\KRISTIN VERA\Recent\sld.exe
c:\documents and settings\KRISTIN VERA\Recent\sld.tmp
c:\documents and settings\KRISTIN VERA\Recent\snl2w.sys
c:\documents and settings\KRISTIN VERA\Recent\std.exe
c:\documents and settings\KRISTIN VERA\Templates\dmyib3jr58pr237op308dq2c28y2k
c:\documents and settings\KRISTIN VERA\WINDOWS
c:\program files\DailyBibleGuideEI
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\oobe\isperror
c:\windows\system32\oobe\isperror\ispcnerr.htm
c:\windows\system32\oobe\isperror\ispdtone.htm
c:\windows\system32\oobe\isperror\isphdshk.htm
c:\windows\system32\oobe\isperror\ispins.htm
c:\windows\system32\oobe\isperror\ispnoanw.htm
c:\windows\system32\oobe\isperror\isppberr.htm
c:\windows\system32\oobe\isperror\ispphbsy.htm
c:\windows\system32\oobe\isperror\ispsbusy.htm
c:\windows\system32\SET39.tmp
c:\windows\system32\SET45.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-11-24 to 2011-12-24 )))))))))))))))))))))))))))))))
.
.
2011-12-24 01:44 . 2011-12-24 01:44 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D6390C-FE8F-4023-AE45-F78EA59AF196}\MpKsld7eddeae.sys
2011-12-24 01:43 . 2011-12-24 01:43 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D6390C-FE8F-4023-AE45-F78EA59AF196}\offreg.dll
2011-12-24 01:20 . 2011-12-24 02:17 -------- d-----w- c:\documents and settings\Administrator
2011-12-23 20:08 . 2011-12-23 20:08 -------- d-----w- C:\_OTL
2011-12-21 09:54 . 2011-12-21 09:54 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D6390C-FE8F-4023-AE45-F78EA59AF196}\MpKsl18f9d07a.sys
2011-12-20 08:33 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D6390C-FE8F-4023-AE45-F78EA59AF196}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2002-11-01 20:21 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2011-05-27 16:02 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-04 19:20 . 2006-06-23 15:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2002-11-01 20:21 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2002-11-01 20:21 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2005-07-26 04:31 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2002-11-01 20:20 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2002-11-01 20:21 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2002-08-29 01:04 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2002-11-01 20:20 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2002-11-01 21:37 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-04 21:08 . 2011-05-24 01:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-28 07:06 . 2002-11-01 20:20 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2002-11-01 20:21 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2002-11-01 20:21 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA" [X]
"BluetoothAuthenticationAgent"="irprops.cpl" [2008-04-14 380416]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-09-09 114688]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2011-6-22 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 MpKsl18f9d07a;MpKsl18f9d07a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D6390C-FE8F-4023-AE45-F78EA59AF196}\MpKsl18f9d07a.sys [12/21/2011 4:54 AM 29904]
R1 MpKsld7eddeae;MpKsld7eddeae;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D6390C-FE8F-4023-AE45-F78EA59AF196}\MpKsld7eddeae.sys [12/23/2011 8:44 PM 29904]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/18/2011 4:26 PM 22216]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [6/29/2011 8:42 PM 49240]
S1 MpKsl340e5b96;MpKsl340e5b96;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65D1716E-3703-43CA-A65E-08900F453C17}\MpKsl340e5b96.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65D1716E-3703-43CA-A65E-08900F453C17}\MpKsl340e5b96.sys [?]
S1 MpKsl4119d620;MpKsl4119d620;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D345C94-5AC2-4606-B95C-E73B81AE1672}\MpKsl4119d620.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D345C94-5AC2-4606-B95C-E73B81AE1672}\MpKsl4119d620.sys [?]
S1 MpKsl71b46d76;MpKsl71b46d76;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{49CE56BF-F087-49FC-BFB5-0BACD5622BC4}\MpKsl71b46d76.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{49CE56BF-F087-49FC-BFB5-0BACD5622BC4}\MpKsl71b46d76.sys [?]
S1 MpKsld476ec3c;MpKsld476ec3c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FB4D0AC-07EC-4138-8F2D-CF46EFB13FA9}\MpKsld476ec3c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FB4D0AC-07EC-4138-8F2D-CF46EFB13FA9}\MpKsld476ec3c.sys [?]
S1 MpKslf7bf6c11;MpKslf7bf6c11;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55361D16-E67E-4E58-95AF-E29FC81C557C}\MpKslf7bf6c11.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55361D16-E67E-4E58-95AF-E29FC81C557C}\MpKslf7bf6c11.sys [?]
S1 MpKslfaad1de2;MpKslfaad1de2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F4706FC-11CD-4D61-B61B-7F45B279D6F9}\MpKslfaad1de2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F4706FC-11CD-4D61-B61B-7F45B279D6F9}\MpKslfaad1de2.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/18/2011 4:27 PM 366152]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [6/26/2011 3:30 PM 16640]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11/11/2010 12:57 PM 268528]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLD7EDDEAE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2011-10-04 c:\windows\Tasks\soundtapShakeIcon.job
- c:\program files\NCH Swift Sound\SoundTap\soundtap.exe [2011-06-30 01:42]
.
2011-12-06 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-06-26 14:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.net
uInternet Settings,ProxyServer = http=127.0.0.1:25547
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-23 21:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2011-12-23 21:25:41
ComboFix-quarantined-files.txt 2011-12-24 02:25
.
Pre-Run: 15,944,417,280 bytes free
Post-Run: 16,356,814,848 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 6F1BD2FFBBE3D76F8FAC5D841E8B5E49

******************************************************************************************************

21:28:53.0609 2244 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
21:28:53.0921 2244 ============================================================
21:28:53.0921 2244 Current date / time: 2011/12/23 21:28:53.0921
21:28:53.0921 2244 SystemInfo:
21:28:53.0921 2244
21:28:53.0921 2244 OS Version: 5.1.2600 ServicePack: 3.0
21:28:53.0921 2244 Product type: Workstation
21:28:53.0921 2244 ComputerName: KR15-WG5N33V3R4
21:28:53.0953 2244 UserName: KRISTIN VERA
21:28:53.0953 2244 Windows directory: C:\WINDOWS
21:28:53.0953 2244 System windows directory: C:\WINDOWS
21:28:53.0953 2244 Processor architecture: Intel x86
21:28:53.0953 2244 Number of processors: 1
21:28:53.0953 2244 Page size: 0x1000
21:28:53.0953 2244 Boot type: Normal boot
21:28:53.0953 2244 ============================================================
21:28:56.0203 2244 Initialize success
21:29:31.0500 3992 ============================================================
21:29:31.0500 3992 Scan started
21:29:31.0500 3992 Mode: Manual;
21:29:31.0500 3992 ============================================================
21:29:32.0578 3992 Abiosdsk - ok
21:29:32.0656 3992 abp480n5 - ok
21:29:32.0796 3992 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:29:32.0796 3992 ACPI - ok
21:29:32.0921 3992 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:29:32.0921 3992 ACPIEC - ok
21:29:33.0015 3992 adpu160m - ok
21:29:33.0156 3992 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:29:33.0156 3992 aec - ok
21:29:33.0296 3992 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:29:33.0312 3992 AFD - ok
21:29:33.0375 3992 Aha154x - ok
21:29:33.0437 3992 aic78u2 - ok
21:29:33.0484 3992 aic78xx - ok
21:29:33.0656 3992 ALCXWDM (bcd805eec4f621cbda15b33053d83ac7) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:29:33.0671 3992 ALCXWDM - ok
21:29:33.0750 3992 AliIde - ok
21:29:33.0812 3992 amsint - ok
21:29:33.0937 3992 Apowersoft_AudioDevice (85ece26f326c2d07ba77a60343468272) C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys
21:29:33.0937 3992 Apowersoft_AudioDevice - ok
21:29:34.0031 3992 asc - ok
21:29:34.0093 3992 asc3350p - ok
21:29:34.0156 3992 asc3550 - ok
21:29:34.0265 3992 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
21:29:34.0265 3992 ASCTRM - ok
21:29:34.0390 3992 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:29:34.0390 3992 AsyncMac - ok
21:29:34.0500 3992 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:29:34.0500 3992 atapi - ok
21:29:34.0546 3992 Atdisk - ok
21:29:34.0640 3992 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:29:34.0640 3992 Atmarpc - ok
21:29:34.0796 3992 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:29:34.0796 3992 audstub - ok
21:29:34.0921 3992 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:29:34.0921 3992 Beep - ok
21:29:35.0046 3992 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
21:29:35.0046 3992 Bridge - ok
21:29:35.0078 3992 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
21:29:35.0078 3992 BridgeMP - ok
21:29:35.0281 3992 catchme - ok
21:29:35.0437 3992 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:29:35.0437 3992 cbidf2k - ok
21:29:35.0531 3992 cd20xrnt - ok
21:29:35.0656 3992 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:29:35.0656 3992 Cdaudio - ok
21:29:35.0765 3992 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:29:35.0781 3992 Cdfs - ok
21:29:35.0906 3992 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:29:35.0906 3992 Cdrom - ok
21:29:35.0968 3992 Changer - ok
21:29:36.0062 3992 CmdIde - ok
21:29:36.0156 3992 Cpqarray - ok
21:29:36.0234 3992 dac2w2k - ok
21:29:36.0281 3992 dac960nt - ok
21:29:36.0421 3992 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:29:36.0437 3992 Disk - ok
21:29:36.0578 3992 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:29:36.0593 3992 dmboot - ok
21:29:36.0718 3992 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:29:36.0718 3992 dmio - ok
21:29:36.0843 3992 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:29:36.0859 3992 dmload - ok
21:29:36.0984 3992 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:29:37.0000 3992 DMusic - ok
21:29:37.0078 3992 dpti2o - ok
21:29:37.0125 3992 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:29:37.0140 3992 drmkaud - ok
21:29:37.0265 3992 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:29:37.0265 3992 Fastfat - ok
21:29:37.0343 3992 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:29:37.0343 3992 Fdc - ok
21:29:37.0421 3992 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:29:37.0421 3992 Fips - ok
21:29:37.0484 3992 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:29:37.0484 3992 Flpydisk - ok
21:29:37.0640 3992 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:29:37.0640 3992 FltMgr - ok
21:29:37.0781 3992 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:29:37.0781 3992 Fs_Rec - ok
21:29:37.0906 3992 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:29:37.0921 3992 Ftdisk - ok
21:29:38.0031 3992 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:29:38.0031 3992 gameenum - ok
21:29:38.0093 3992 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:29:38.0093 3992 Gpc - ok
21:29:38.0187 3992 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:29:38.0187 3992 HidUsb - ok
21:29:38.0265 3992 hpn - ok
21:29:38.0375 3992 HSFHWBS2 (2e218fe7c528ef9671fb5544092a6679) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
21:29:38.0375 3992 HSFHWBS2 - ok
21:29:38.0546 3992 HSF_DP (08e4a38abcf2af10079b94e550e82bb3) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
21:29:38.0562 3992 HSF_DP - ok
21:29:38.0718 3992 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:29:38.0734 3992 HTTP - ok
21:29:38.0796 3992 i2omgmt - ok
21:29:38.0843 3992 i2omp - ok
21:29:38.0968 3992 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:29:38.0968 3992 i8042prt - ok
21:29:39.0078 3992 ialm (3046f83c8a6acebb9eaa834c2cd7105c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:29:39.0078 3992 ialm - ok
21:29:39.0218 3992 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:29:39.0218 3992 Imapi - ok
21:29:39.0296 3992 ini910u - ok
21:29:39.0375 3992 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:29:39.0375 3992 IntelIde - ok
21:29:39.0437 3992 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:29:39.0437 3992 intelppm - ok
21:29:39.0531 3992 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:29:39.0531 3992 ip6fw - ok
21:29:39.0656 3992 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:29:39.0656 3992 IpFilterDriver - ok
21:29:39.0796 3992 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:29:39.0796 3992 IpInIp - ok
21:29:39.0890 3992 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:29:39.0906 3992 IpNat - ok
21:29:39.0968 3992 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:29:39.0968 3992 IPSec - ok
21:29:40.0046 3992 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:29:40.0046 3992 IRENUM - ok
21:29:40.0156 3992 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:29:40.0156 3992 isapnp - ok
21:29:40.0234 3992 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:29:40.0234 3992 Kbdclass - ok
21:29:40.0468 3992 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:29:40.0484 3992 kmixer - ok
21:29:40.0609 3992 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:29:40.0609 3992 KSecDD - ok
21:29:40.0687 3992 lbrtfdc - ok
21:29:40.0859 3992 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
21:29:40.0859 3992 MBAMProtector - ok
21:29:40.0984 3992 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:29:40.0984 3992 mdmxsdk - ok
21:29:41.0125 3992 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:29:41.0125 3992 mnmdd - ok
21:29:41.0234 3992 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:29:41.0234 3992 Modem - ok
21:29:41.0328 3992 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:29:41.0328 3992 Mouclass - ok
21:29:41.0390 3992 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:29:41.0390 3992 MountMgr - ok
21:29:41.0515 3992 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:29:41.0531 3992 MpFilter - ok
21:29:41.0734 3992 MpKsl18f9d07a (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D6390C-FE8F-4023-AE45-F78EA59AF196}\MpKsl18f9d07a.sys
21:29:41.0734 3992 MpKsl18f9d07a - ok
21:29:41.0750 3992 MpKsl340e5b96 - ok
21:29:41.0781 3992 MpKsl4119d620 - ok
21:29:41.0812 3992 MpKsl71b46d76 - ok
21:29:41.0828 3992 MpKsld476ec3c - ok
21:29:41.0875 3992 MpKsld7eddeae (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D6390C-FE8F-4023-AE45-F78EA59AF196}\MpKsld7eddeae.sys
21:29:41.0875 3992 MpKsld7eddeae - ok
21:29:41.0906 3992 MpKslf7bf6c11 - ok
21:29:41.0921 3992 MpKslfaad1de2 - ok
21:29:42.0031 3992 mraid35x - ok
21:29:42.0171 3992 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:29:42.0171 3992 MRxDAV - ok
21:29:42.0343 3992 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:29:42.0359 3992 MRxSmb - ok
21:29:42.0500 3992 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:29:42.0500 3992 Msfs - ok
21:29:42.0609 3992 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:29:42.0609 3992 MSKSSRV - ok
21:29:42.0734 3992 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:29:42.0734 3992 MSPCLOCK - ok
21:29:42.0859 3992 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:29:42.0859 3992 MSPQM - ok
21:29:42.0953 3992 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:29:42.0953 3992 mssmbios - ok
21:29:43.0078 3992 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
21:29:43.0078 3992 ms_mpu401 - ok
21:29:43.0203 3992 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:29:43.0203 3992 Mup - ok
21:29:43.0359 3992 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:29:43.0359 3992 NDIS - ok
21:29:43.0468 3992 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:29:43.0484 3992 NdisTapi - ok
21:29:43.0578 3992 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:29:43.0593 3992 Ndisuio - ok
21:29:43.0671 3992 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:29:43.0671 3992 NdisWan - ok
21:29:43.0796 3992 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:29:43.0812 3992 NDProxy - ok
21:29:43.0921 3992 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:29:43.0937 3992 NetBIOS - ok
21:29:44.0000 3992 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:29:44.0015 3992 NetBT - ok
21:29:44.0140 3992 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:29:44.0140 3992 Npfs - ok
21:29:44.0250 3992 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:29:44.0250 3992 Ntfs - ok
21:29:44.0390 3992 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:29:44.0390 3992 Null - ok
21:29:44.0500 3992 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:29:44.0500 3992 NwlnkFlt - ok
21:29:44.0578 3992 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:29:44.0578 3992 NwlnkFwd - ok
21:29:44.0703 3992 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:29:44.0718 3992 Parport - ok
21:29:44.0781 3992 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:29:44.0796 3992 PartMgr - ok
21:29:44.0921 3992 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:29:44.0921 3992 ParVdm - ok
21:29:45.0031 3992 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:29:45.0031 3992 PCI - ok
21:29:45.0093 3992 PCIDump - ok
21:29:45.0187 3992 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:29:45.0187 3992 PCIIde - ok
21:29:45.0328 3992 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:29:45.0328 3992 Pcmcia - ok
21:29:45.0421 3992 PDCOMP - ok
21:29:45.0484 3992 PDFRAME - ok
21:29:45.0546 3992 PDRELI - ok
21:29:45.0593 3992 PDRFRAME - ok
21:29:45.0656 3992 perc2 - ok
21:29:45.0718 3992 perc2hib - ok
21:29:45.0890 3992 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:29:45.0906 3992 PptpMiniport - ok
21:29:45.0968 3992 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:29:45.0968 3992 Processor - ok
21:29:46.0062 3992 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:29:46.0062 3992 PSched - ok
21:29:46.0156 3992 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:29:46.0171 3992 Ptilink - ok
21:29:46.0250 3992 ql1080 - ok
21:29:46.0312 3992 Ql10wnt - ok
21:29:46.0359 3992 ql12160 - ok
21:29:46.0421 3992 ql1240 - ok
21:29:46.0484 3992 ql1280 - ok
21:29:46.0609 3992 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:29:46.0609 3992 RasAcd - ok
21:29:46.0765 3992 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:29:46.0765 3992 Rasl2tp - ok
21:29:46.0843 3992 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:29:46.0859 3992 RasPppoe - ok
21:29:46.0968 3992 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:29:46.0968 3992 Raspti - ok
21:29:47.0093 3992 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:29:47.0109 3992 Rdbss - ok
21:29:47.0234 3992 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:29:47.0234 3992 RDPCDD - ok
21:29:47.0375 3992 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:29:47.0375 3992 RDPWD - ok
21:29:47.0531 3992 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:29:47.0546 3992 redbook - ok
21:29:47.0703 3992 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:29:47.0703 3992 rtl8139 - ok
21:29:47.0859 3992 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:29:47.0859 3992 Secdrv - ok
21:29:47.0968 3992 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:29:47.0968 3992 serenum - ok
21:29:48.0062 3992 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:29:48.0078 3992 Serial - ok
21:29:48.0203 3992 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:29:48.0203 3992 Sfloppy - ok
21:29:48.0281 3992 Simbad - ok
21:29:48.0359 3992 Sparrow - ok
21:29:48.0484 3992 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:29:48.0500 3992 splitter - ok
21:29:48.0578 3992 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:29:48.0578 3992 sr - ok
21:29:48.0734 3992 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:29:48.0750 3992 Srv - ok
21:29:48.0890 3992 stdriver (5c031c715e14f10dfc9395004f54ee21) C:\WINDOWS\system32\DRIVERS\stdriver32.sys
21:29:48.0890 3992 stdriver - ok
21:29:49.0015 3992 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:29:49.0015 3992 swenum - ok
21:29:49.0078 3992 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:29:49.0093 3992 swmidi - ok
21:29:49.0171 3992 symc810 - ok
21:29:49.0234 3992 symc8xx - ok
21:29:49.0281 3992 sym_hi - ok
21:29:49.0343 3992 sym_u3 - ok
21:29:49.0468 3992 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:29:49.0468 3992 sysaudio - ok
21:29:49.0640 3992 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:29:49.0640 3992 Tcpip - ok
21:29:49.0765 3992 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:29:49.0765 3992 TDPIPE - ok
21:29:49.0875 3992 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:29:49.0875 3992 TDTCP - ok
21:29:50.0046 3992 Teefer (99336d4da97b4eeaafab46a4f8e512e6) C:\WINDOWS\system32\Drivers\Teefer.sys
21:29:50.0046 3992 Teefer - ok
21:29:50.0187 3992 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:29:50.0187 3992 TermDD - ok
21:29:50.0281 3992 TosIde - ok
21:29:50.0390 3992 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:29:50.0390 3992 Udfs - ok
21:29:50.0468 3992 ultra - ok
21:29:50.0843 3992 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:29:50.0843 3992 Update - ok
21:29:51.0078 3992 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:29:51.0078 3992 usbccgp - ok
21:29:51.0265 3992 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:29:51.0265 3992 usbehci - ok
21:29:51.0390 3992 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:29:51.0390 3992 usbhub - ok
21:29:51.0468 3992 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:29:51.0468 3992 usbprint - ok
21:29:51.0546 3992 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:29:51.0546 3992 USBSTOR - ok
21:29:51.0625 3992 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:29:51.0625 3992 usbuhci - ok
21:29:51.0734 3992 USRpdA (497f2190e87d58fd68e559e083796edc) C:\WINDOWS\system32\DRIVERS\USRpdA.sys
21:29:51.0750 3992 USRpdA - ok
21:29:51.0890 3992 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:29:51.0890 3992 VgaSave - ok
21:29:51.0953 3992 ViaIde - ok
21:29:52.0078 3992 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:29:52.0078 3992 VolSnap - ok
21:29:52.0140 3992 vsdatant - ok
21:29:52.0234 3992 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:29:52.0234 3992 Wanarp - ok
21:29:52.0390 3992 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:29:52.0390 3992 Wdf01000 - ok
21:29:52.0453 3992 WDICA - ok
21:29:52.0593 3992 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:29:52.0593 3992 wdmaud - ok
21:29:52.0734 3992 wg3n (a67340b874df9eaf5b226e5f3473b9da) C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
21:29:52.0750 3992 wg3n - ok
21:29:52.0812 3992 wg4n (851216e2816b7b7e74b5f7ef1d4acfb7) C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys
21:29:52.0828 3992 wg4n - ok
21:29:52.0906 3992 wg5n (aedd1fe0df660411d15da3c57cfc2402) C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys
21:29:52.0906 3992 wg5n - ok
21:29:52.0968 3992 wg6n (dd0d719a58df79086462bd5fc972a908) C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys
21:29:52.0968 3992 wg6n - ok
21:29:53.0109 3992 winachsf (43c5d443900d263af3fb44af4c122599) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:29:53.0125 3992 winachsf - ok
21:29:53.0406 3992 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:29:53.0406 3992 WpdUsb - ok
21:29:53.0531 3992 wpsdrvnt (93c145dceb13156322423efd62d4549a) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
21:29:53.0531 3992 wpsdrvnt - ok
21:29:53.0687 3992 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:29:53.0687 3992 WudfPf - ok
21:29:53.0765 3992 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:29:53.0765 3992 WudfRd - ok
21:29:53.0937 3992 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
21:29:53.0937 3992 zumbus - ok
21:29:54.0125 3992 {6080A529-897E-4629-A488-ABA0C29B635E} (f0890825e7a9f4a808190a781c480568) C:\WINDOWS\system32\drivers\ialmsbw.sys
21:29:54.0125 3992 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
21:29:54.0218 3992 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (8854f5453cce4c5831538e935f92f73b) C:\WINDOWS\system32\drivers\ialmkchw.sys
21:29:54.0218 3992 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
21:29:54.0265 3992 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:29:54.0500 3992 \Device\Harddisk0\DR0 - ok
21:29:54.0515 3992 Boot (0x1200) (d28d8bf9448b8a0dd33eaa67fc9f93f4) \Device\Harddisk0\DR0\Partition0
21:29:54.0515 3992 \Device\Harddisk0\DR0\Partition0 - ok
21:29:54.0515 3992 ============================================================
21:29:54.0531 3992 Scan finished
21:29:54.0531 3992 ============================================================
21:29:54.0562 3032 Detected object count: 0
21:29:54.0562 3032 Actual detected object count: 0
21:31:10.0265 2180 ============================================================
21:31:10.0265 2180 Scan started
21:31:10.0265 2180 Mode: Manual; SigCheck; TDLFS;
21:31:10.0265 2180 ============================================================
21:31:10.0875 2180 Abiosdsk - ok
21:31:10.0953 2180 abp480n5 - ok
21:31:11.0078 2180 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:31:11.0750 2180 ACPI - ok
21:31:11.0921 2180 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:31:12.0203 2180 ACPIEC - ok
21:31:12.0312 2180 adpu160m - ok
21:31:12.0453 2180 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:31:12.0734 2180 aec - ok
21:31:12.0890 2180 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:31:12.0968 2180 AFD - ok
21:31:13.0062 2180 Aha154x - ok
21:31:13.0140 2180 aic78u2 - ok
21:31:13.0203 2180 aic78xx - ok
21:31:13.0359 2180 ALCXWDM (bcd805eec4f621cbda15b33053d83ac7) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:31:13.0609 2180 ALCXWDM - ok
21:31:13.0718 2180 AliIde - ok
21:31:13.0781 2180 amsint - ok
21:31:13.0906 2180 Apowersoft_AudioDevice (85ece26f326c2d07ba77a60343468272) C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys
21:31:13.0937 2180 Apowersoft_AudioDevice ( UnsignedFile.Multi.Generic ) - warning
21:31:13.0937 2180 Apowersoft_AudioDevice - detected UnsignedFile.Multi.Generic (1)
21:31:14.0015 2180 asc - ok
21:31:14.0078 2180 asc3350p - ok
21:31:14.0125 2180 asc3550 - ok
21:31:14.0250 2180 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
21:31:14.0296 2180 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
21:31:14.0296 2180 ASCTRM - detected UnsignedFile.Multi.Generic (1)
21:31:14.0453 2180 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:31:14.0703 2180 AsyncMac - ok
21:31:14.0812 2180 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:31:15.0078 2180 atapi - ok
21:31:15.0156 2180 Atdisk - ok
21:31:15.0265 2180 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:31:15.0515 2180 Atmarpc - ok
21:31:15.0671 2180 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:31:15.0937 2180 audstub - ok
21:31:16.0078 2180 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:31:16.0375 2180 Beep - ok
21:31:16.0515 2180 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
21:31:16.0796 2180 Bridge - ok
21:31:16.0812 2180 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
21:31:17.0062 2180 BridgeMP - ok
21:31:17.0265 2180 catchme - ok
21:31:17.0406 2180 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:31:17.0687 2180 cbidf2k - ok
21:31:17.0781 2180 cd20xrnt - ok
21:31:17.0921 2180 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:31:18.0203 2180 Cdaudio - ok
21:31:18.0343 2180 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:31:18.0953 2180 Cdfs - ok
21:31:19.0125 2180 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:31:19.0187 2180 Cdrom - ok
21:31:19.0265 2180 Changer - ok
21:31:19.0343 2180 CmdIde - ok
21:31:19.0437 2180 Cpqarray - ok
21:31:19.0500 2180 dac2w2k - ok
21:31:19.0562 2180 dac960nt - ok
21:31:19.0703 2180 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:31:19.0968 2180 Disk - ok
21:31:20.0125 2180 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:31:20.0453 2180 dmboot - ok
21:31:20.0578 2180 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:31:20.0828 2180 dmio - ok
21:31:20.0968 2180 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:31:21.0234 2180 dmload - ok
21:31:21.0375 2180 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:31:21.0640 2180 DMusic - ok
21:31:21.0734 2180 dpti2o - ok
21:31:21.0859 2180 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:31:22.0109 2180 drmkaud - ok
21:31:22.0250 2180 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:31:22.0531 2180 Fastfat - ok
21:31:22.0640 2180 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:31:22.0906 2180 Fdc - ok
21:31:23.0000 2180 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:31:23.0281 2180 Fips - ok
21:31:23.0359 2180 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:31:23.0640 2180 Flpydisk - ok
21:31:23.0734 2180 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:31:24.0031 2180 FltMgr - ok
21:31:24.0187 2180 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:31:24.0468 2180 Fs_Rec - ok
21:31:24.0625 2180 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:31:24.0921 2180 Ftdisk - ok
21:31:25.0078 2180 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:31:25.0343 2180 gameenum - ok
21:31:25.0453 2180 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:31:25.0718 2180 Gpc - ok
21:31:25.0828 2180 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:31:26.0109 2180 HidUsb - ok
21:31:26.0203 2180 hpn - ok
21:31:26.0328 2180 HSFHWBS2 (2e218fe7c528ef9671fb5544092a6679) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
21:31:26.0390 2180 HSFHWBS2 - ok
21:31:26.0578 2180 HSF_DP (08e4a38abcf2af10079b94e550e82bb3) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
21:31:26.0812 2180 HSF_DP - ok
21:31:26.0968 2180 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:31:27.0046 2180 HTTP - ok
21:31:27.0140 2180 i2omgmt - ok
21:31:27.0218 2180 i2omp - ok
21:31:27.0343 2180 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:31:27.0609 2180 i8042prt - ok
21:31:27.0765 2180 ialm (3046f83c8a6acebb9eaa834c2cd7105c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:31:27.0875 2180 ialm - ok
21:31:28.0093 2180 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:31:28.0359 2180 Imapi - ok
21:31:28.0453 2180 ini910u - ok
21:31:28.0578 2180 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:31:28.0859 2180 IntelIde - ok
21:31:28.0953 2180 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:31:29.0203 2180 intelppm - ok
21:31:29.0312 2180 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:31:29.0578 2180 ip6fw - ok
21:31:29.0703 2180 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:31:29.0968 2180 IpFilterDriver - ok
21:31:30.0078 2180 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:31:30.0328 2180 IpInIp - ok
21:31:30.0484 2180 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:31:30.0765 2180 IpNat - ok
21:31:30.0875 2180 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:31:31.0156 2180 IPSec - ok
21:31:31.0250 2180 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:31:31.0515 2180 IRENUM - ok
21:31:31.0609 2180 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:31:31.0890 2180 isapnp - ok
21:31:31.0984 2180 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:31:32.0250 2180 Kbdclass - ok
21:31:32.0359 2180 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:31:32.0625 2180 kmixer - ok
21:31:32.0781 2180 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:31:32.0859 2180 KSecDD - ok
21:31:32.0984 2180 lbrtfdc - ok
21:31:33.0156 2180 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
21:31:33.0250 2180 MBAMProtector - ok
21:31:33.0406 2180 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:31:33.0656 2180 mdmxsdk - ok
21:31:33.0812 2180 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:31:34.0078 2180 mnmdd - ok
21:31:34.0250 2180 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:31:34.0515 2180 Modem - ok
21:31:34.0609 2180 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:31:34.0859 2180 Mouclass - ok
21:31:34.0953 2180 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:31:35.0234 2180 MountMgr - ok
21:31:35.0468 2180 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:31:35.0562 2180 MpFilter - ok
21:31:35.0765 2180 MpKsl18f9d07a (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D6390C-FE8F-4023-AE45-F78EA59AF196}\MpKsl18f9d07a.sys
21:31:35.0796 2180 MpKsl18f9d07a - ok
21:31:35.0812 2180 MpKsl340e5b96 - ok
21:31:35.0843 2180 MpKsl4119d620 - ok
21:31:35.0859 2180 MpKsl71b46d76 - ok
21:31:35.0890 2180 MpKsld476ec3c - ok
21:31:35.0937 2180 MpKsld7eddeae (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D6390C-FE8F-4023-AE45-F78EA59AF196}\MpKsld7eddeae.sys
21:31:35.0953 2180 MpKsld7eddeae - ok
21:31:35.0968 2180 MpKslf7bf6c11 - ok
21:31:36.0000 2180 MpKslfaad1de2 - ok
21:31:36.0187 2180 mraid35x - ok
21:31:36.0328 2180 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:31:36.0593 2180 MRxDAV - ok
21:31:36.0781 2180 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:31:37.0015 2180 MRxSmb - ok
21:31:37.0187 2180 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:31:37.0453 2180 Msfs - ok
21:31:37.0593 2180 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:31:37.0843 2180 MSKSSRV - ok
21:31:37.0968 2180 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:31:38.0234 2180 MSPCLOCK - ok
21:31:38.0343 2180 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:31:38.0609 2180 MSPQM - ok
21:31:38.0703 2180 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:31:38.0953 2180 mssmbios - ok
21:31:39.0078 2180 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
21:31:39.0343 2180 ms_mpu401 - ok
21:31:39.0500 2180 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:31:39.0546 2180 Mup - ok
21:31:39.0734 2180 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:31:40.0000 2180 NDIS - ok
21:31:40.0171 2180 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:31:40.0250 2180 NdisTapi - ok
21:31:40.0390 2180 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:31:40.0656 2180 Ndisuio - ok
21:31:40.0765 2180 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:31:41.0031 2180 NdisWan - ok
21:31:41.0187 2180 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:31:41.0265 2180 NDProxy - ok
21:31:41.0406 2180 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:31:41.0656 2180 NetBIOS - ok
21:31:41.0765 2180 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:31:42.0031 2180 NetBT - ok
21:31:42.0171 2180 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:31:42.0421 2180 Npfs - ok
21:31:42.0546 2180 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:31:42.0906 2180 Ntfs - ok
21:31:43.0078 2180 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:31:43.0343 2180 Null - ok
21:31:43.0468 2180 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:31:43.0750 2180 NwlnkFlt - ok
21:31:43.0843 2180 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:31:44.0140 2180 NwlnkFwd - ok
21:31:44.0281 2180 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:31:44.0531 2180 Parport - ok
21:31:44.0625 2180 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:31:44.0890 2180 PartMgr - ok
21:31:45.0031 2180 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:31:45.0312 2180 ParVdm - ok
21:31:45.0437 2180 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:31:45.0687 2180 PCI - ok
21:31:45.0781 2180 PCIDump - ok
21:31:45.0906 2180 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:31:46.0203 2180 PCIIde - ok
21:31:46.0343 2180 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:31:46.0578 2180 Pcmcia - ok
21:31:46.0656 2180 PDCOMP - ok
21:31:46.0734 2180 PDFRAME - ok
21:31:46.0796 2180 PDRELI - ok
21:31:46.0859 2180 PDRFRAME - ok
21:31:46.0921 2180 perc2 - ok
21:31:47.0000 2180 perc2hib - ok
21:31:47.0187 2180 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:31:47.0437 2180 PptpMiniport - ok
21:31:47.0546 2180 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:31:47.0812 2180 Processor - ok
21:31:47.0921 2180 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:31:48.0187 2180 PSched - ok
21:31:48.0312 2180 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:31:48.0578 2180 Ptilink - ok
21:31:48.0656 2180 ql1080 - ok
21:31:48.0718 2180 Ql10wnt - ok
21:31:48.0781 2180 ql12160 - ok
21:31:48.0843 2180 ql1240 - ok
21:31:48.0921 2180 ql1280 - ok
21:31:49.0046 2180 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:31:49.0343 2180 RasAcd - ok
21:31:49.0484 2180 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:31:49.0750 2180 Rasl2tp - ok
21:31:49.0843 2180 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:31:50.0078 2180 RasPppoe - ok
21:31:50.0203 2180 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:31:50.0484 2180 Raspti - ok
21:31:50.0656 2180 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:31:50.0906 2180 Rdbss - ok
21:31:51.0046 2180 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:31:51.0328 2180 RDPCDD - ok
21:31:51.0468 2180 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:31:51.0531 2180 RDPWD - ok
21:31:51.0687 2180 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:31:51.0953 2180 redbook - ok
21:31:52.0140 2180 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:31:52.0359 2180 rtl8139 - ok
21:31:52.0531 2180 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:31:52.0781 2180 Secdrv - ok
21:31:52.0906 2180 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:31:53.0156 2180 serenum - ok
21:31:53.0281 2180 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:31:53.0531 2180 Serial - ok
21:31:53.0640 2180 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:31:53.0906 2180 Sfloppy - ok
21:31:53.0984 2180 Simbad - ok
21:31:54.0062 2180 Sparrow - ok
21:31:54.0203 2180 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:31:54.0468 2180 splitter - ok
21:31:54.0562 2180 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:31:54.0812 2180 sr - ok
21:31:54.0984 2180 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:31:55.0156 2180 Srv - ok
21:31:55.0343 2180 stdriver (5c031c715e14f10dfc9395004f54ee21) C:\WINDOWS\system32\DRIVERS\stdriver32.sys
21:31:55.0375 2180 stdriver - ok
21:31:55.0515 2180 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:31:55.0781 2180 swenum - ok
21:31:55.0890 2180 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:31:56.0125 2180 swmidi - ok
21:31:56.0234 2180 symc810 - ok
21:31:56.0296 2180 symc8xx - ok
21:31:56.0359 2180 sym_hi - ok
21:31:56.0421 2180 sym_u3 - ok
21:31:56.0562 2180 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:31:56.0812 2180 sysaudio - ok
21:31:57.0000 2180 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:31:57.0171 2180 Tcpip - ok
21:31:57.0296 2180 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:31:57.0546 2180 TDPIPE - ok
21:31:57.0656 2180 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:31:57.0890 2180 TDTCP - ok
21:31:58.0046 2180 Teefer (99336d4da97b4eeaafab46a4f8e512e6) C:\WINDOWS\system32\Drivers\Teefer.sys
21:31:58.0093 2180 Teefer ( UnsignedFile.Multi.Generic ) - warning
21:31:58.0093 2180 Teefer - detected UnsignedFile.Multi.Generic (1)
21:31:58.0250 2180 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:31:58.0500 2180 TermDD - ok
21:31:58.0625 2180 TosIde - ok
21:31:58.0765 2180 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:31:59.0015 2180 Udfs - ok
21:31:59.0093 2180 ultra - ok
21:31:59.0265 2180 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:31:59.0593 2180 Update - ok
21:31:59.0750 2180 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:32:00.0015 2180 usbccgp - ok
21:32:00.0156 2180 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:32:00.0406 2180 usbehci - ok
21:32:00.0562 2180 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:32:00.0828 2180 usbhub - ok
21:32:00.0937 2180 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:32:01.0187 2180 usbprint - ok
21:32:01.0281 2180 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:32:01.0531 2180 USBSTOR - ok
21:32:01.0625 2180 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:32:01.0890 2180 usbuhci - ok
21:32:02.0031 2180 USRpdA (497f2190e87d58fd68e559e083796edc) C:\WINDOWS\system32\DRIVERS\USRpdA.sys
21:32:02.0312 2180 USRpdA - ok
21:32:02.0468 2180 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:32:02.0718 2180 VgaSave - ok
21:32:02.0796 2180 ViaIde - ok
21:32:02.0921 2180 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:32:03.0171 2180 VolSnap - ok
21:32:03.0265 2180 vsdatant - ok
21:32:03.0421 2180 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:32:03.0671 2180 Wanarp - ok
21:32:03.0828 2180 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:32:03.0937 2180 Wdf01000 - ok
21:32:04.0031 2180 WDICA - ok
21:32:04.0156 2180 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:32:04.0406 2180 wdmaud - ok
21:32:04.0609 2180 wg3n (a67340b874df9eaf5b226e5f3473b9da) C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
21:32:04.0640 2180 wg3n - ok
21:32:04.0703 2180 wg4n (851216e2816b7b7e74b5f7ef1d4acfb7) C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys
21:32:04.0734 2180 wg4n - ok
21:32:04.0828 2180 wg5n (aedd1fe0df660411d15da3c57cfc2402) C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys
21:32:04.0843 2180 wg5n - ok
21:32:04.0921 2180 wg6n (dd0d719a58df79086462bd5fc972a908) C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys
21:32:04.0937 2180 wg6n - ok
21:32:05.0109 2180 winachsf (43c5d443900d263af3fb44af4c122599) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:32:05.0265 2180 winachsf - ok
21:32:05.0531 2180 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:32:05.0625 2180 WpdUsb - ok
21:32:05.0812 2180 wpsdrvnt (93c145dceb13156322423efd62d4549a) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
21:32:05.0859 2180 wpsdrvnt ( UnsignedFile.Multi.Generic ) - warning
21:32:05.0859 2180 wpsdrvnt - detected UnsignedFile.Multi.Generic (1)
21:32:06.0031 2180 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:32:06.0109 2180 WudfPf - ok
21:32:06.0281 2180 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:32:06.0312 2180 WudfRd - ok
21:32:06.0500 2180 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
21:32:06.0609 2180 zumbus - ok
21:32:06.0796 2180 {6080A529-897E-4629-A488-ABA0C29B635E} (f0890825e7a9f4a808190a781c480568) C:\WINDOWS\system32\drivers\ialmsbw.sys
21:32:06.0859 2180 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
21:32:06.0984 2180 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (8854f5453cce4c5831538e935f92f73b) C:\WINDOWS\system32\drivers\ialmkchw.sys
21:32:07.0015 2180 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
21:32:07.0062 2180 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:32:07.0390 2180 \Device\Harddisk0\DR0 - ok
21:32:07.0406 2180 Boot (0x1200) (d28d8bf9448b8a0dd33eaa67fc9f93f4) \Device\Harddisk0\DR0\Partition0
21:32:07.0406 2180 \Device\Harddisk0\DR0\Partition0 - ok
21:32:07.0406 2180 ============================================================
21:32:07.0406 2180 Scan finished
21:32:07.0406 2180 ============================================================
21:32:07.0546 3908 Detected object count: 4
21:32:07.0546 3908 Actual detected object count: 4
21:34:22.0250 3908 Apowersoft_AudioDevice ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:22.0250 3908 Apowersoft_AudioDevice ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:22.0250 3908 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:22.0250 3908 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:22.0250 3908 Teefer ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:22.0250 3908 Teefer ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:22.0250 3908 wpsdrvnt ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:22.0250 3908 wpsdrvnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:30.0406 3500 Deinitialize success

******************************************************************************************************

btw - the FIX button on the aswMBR scan was never enabled

aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-23 21:34:58
-----------------------------
21:34:58.781 OS Version: Windows 5.1.2600 Service Pack 3
21:34:58.781 Number of processors: 1 586 0x103
21:34:58.781 ComputerName: KR15-WG5N33V3R4 UserName: KRISTIN VERA
21:34:59.890 Initialize success
21:40:07.625 AVAST engine defs: 11122301
21:40:24.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:40:24.171 Disk 0 Vendor: ST340810A 3.39 Size: 38166MB BusType: 3
21:40:26.187 Disk 0 MBR read successfully
21:40:26.187 Disk 0 MBR scan
21:40:26.250 Disk 0 Windows XP default MBR code
21:40:26.250 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38162 MB offset 63
21:40:26.265 Disk 0 scanning sectors +78156225
21:40:26.312 Disk 0 scanning C:\WINDOWS\system32\drivers
21:40:49.156 Service scanning
21:40:51.140 Modules scanning
21:41:02.843 AVAST engine scan C:\WINDOWS
21:41:28.812 AVAST engine scan C:\WINDOWS\system32
21:44:58.453 AVAST engine scan C:\WINDOWS\system32\drivers
21:45:24.343 AVAST engine scan C:\Documents and Settings\KRISTIN VERA
21:53:27.609 AVAST engine scan C:\Documents and Settings\All Users
21:54:39.890 Scan finished successfully
21:54:56.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\KRISTIN VERA\Desktop\MBR.dat"
21:54:56.562 The log file has been saved successfully to "C:\Documents and Settings\KRISTIN VERA\Desktop\aswMBR.txt"

Edited by eMoRTaL, 23 December 2011 - 09:03 PM.

  • 0

#4
RKinner
Posted 23 December 2011 - 10:01 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I don't see the icon in any of the scans. Can you right click on it and Delete?

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#5
eMoRTaL
Posted 24 December 2011 - 11:53 AM

eMoRTaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ron, after the event viewer and reboot, the icon was no longer there. I ran VEW as u said and the log looks clean:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 24/12/2011 12:49:21 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thank God for this site and people like you who make keeping an older computer worth saving. Take care and God Bless you and your family. Merry Christmas :)
-eric-
  • 0

#6
RKinner
Posted 24 December 2011 - 12:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
That's about all I see so I think we can clean up now.

We need to clean up System Restore (If we haven't already).

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 29 or 7 update 1). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP