Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

qkm.exe causing trouble! [Solved]

Started by Mack Cockburn , Jan 17 2012 02:21 AM

  • This topic is locked This topic is locked

#1
Mack Cockburn
Posted 17 January 2012 - 02:21 AM

Mack Cockburn

    New Member

  • Member
  • Pip
  • 8 posts
Tonight as I was online my browser shut down and up pops "XP home security 2012" stating I have soooo many viruses. It suddenly took over and wouldn't let me open anything- no internet browser, no antivirus. I figured out which process to close to get online and found this topic on this forum- http://www.geekstogo...on-my-computer/ and I have been trying to follow said instructions.

RogueKiller crashes when it begins to copy to quarantine, and does not create a report.
OTL just finished scanning but neither did it open any sort of log file. What do I do now??
  • 0

Advertisements

#2
maliprog
Posted 19 January 2012 - 12:58 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Mack Cockburn and welcome to my office here at G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

We need to disable malware processes on your system first
  • Download TheKiller.scr to your Desktop
  • Run it by double click
  • Press OK button after program finish
  • Do not restart your system after this step
NOTE: If malware blocks TheKiller from running please try to run it several more times

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
It would be helpful if you could post each log in separate post
  • 0

#3
Mack Cockburn
Posted 21 January 2012 - 06:49 PM

Mack Cockburn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hey, thanks for getting back to me on this issue! The same night I posted, I managed to eventually install and run Malwarebytes to quarantine the problem, not without some difficulty. Some program was telling me (perhaps avast?) that anything I tried to run was trying to access qkm.exe- and if I denied access, it could not "find" the files, and if I allowed it, it would tell me not to open that because it was terribly infected. To get around this I had to either "run as administator" (on XP) or click, well, I think it said just "run," too but now the option seems to have disappeared, lol maybe it had been put there by the malware specifically as a way around the bug... Anyhoo...

This TheKiller.scr, how long is it supposed to take to run? I left it for two hours and it seems to have been stuck at "fixing windows update," for that entire time. I'm now running OTL and I'll post the logs once that is finished. Thanks for your input.
  • 0

#4
Mack Cockburn
Posted 21 January 2012 - 07:02 PM

Mack Cockburn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL logfile created on: 1/21/2012 4:39:39 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 37.71% Memory free
5.85 Gb Paging File | 5.14 Gb Available in Paging File | 87.83% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.85 Gb Total Space | 123.31 Gb Free Space | 67.81% Space Free | Partition Type: NTFS
Drive D: | 4.44 Gb Total Space | 2.71 Gb Free Space | 61.04% Space Free | Partition Type: FAT32
Drive G: | 232.88 Gb Total Space | 50.02 Gb Free Space | 21.48% Space Free | Partition Type: NTFS

Computer Name: LOVELY-LIN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 23:09:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/01/05 01:02:20 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012/01/05 01:02:19 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/28 10:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/08/14 09:27:01 | 000,800,768 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/01/31 12:01:28 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2010/09/28 15:06:04 | 000,185,688 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/09/28 14:30:20 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/07/28 18:11:10 | 000,327,472 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/07/26 23:28:18 | 002,383,952 | ---- | M] (Alexey Semenov) -- C:\Program Files\Semagic\LiveJournalU.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/03 14:29:15 | 000,165,784 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
PRC - [2006/05/11 05:23:31 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2005/12/09 17:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2005/07/15 13:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2004/12/08 16:57:36 | 000,550,912 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2003/12/04 16:00:34 | 000,634,880 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2003/12/04 15:48:40 | 000,077,824 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2002/08/30 17:08:50 | 000,438,272 | ---- | M] (bradfitz.com, inc. (original) | liquified.visions (current)) -- C:\Program Files\LiveJournal\LiveJournal.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/21 08:05:13 | 001,681,920 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12012101\algo.dll
MOD - [2012/01/05 01:04:16 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2012/01/05 01:04:02 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2012/01/05 00:49:16 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/12/23 07:12:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/12/05 12:55:56 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/12/05 12:54:51 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/11/03 07:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/08/09 09:57:46 | 000,004,096 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\Detour32.dll
MOD - [2010/01/31 22:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2010/01/31 22:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/04/04 16:27:06 | 000,007,680 | ---- | M] () -- C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll
MOD - [2006/04/04 17:43:08 | 000,364,544 | ---- | M] () -- C:\Program Files\Semagic\tidy.dll
MOD - [2004/12/08 16:57:36 | 000,550,912 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
MOD - [2003/05/16 19:09:32 | 000,011,776 | ---- | M] () -- C:\WINDOWS\HIDMNT.dll
MOD - [2001/07/02 19:36:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\HKNTDLL.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/05 01:02:19 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/31 12:01:28 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/09/28 14:30:20 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2006/05/11 05:23:31 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2003/12/04 16:00:34 | 000,634,880 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/23 07:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/12/23 07:12:10 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/28 09:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 09:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 09:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 09:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/09/22 11:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/05/28 10:19:00 | 000,065,382 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/12/01 14:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/08/01 17:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 17:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/09/07 12:07:25 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/09/07 12:07:25 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/06/17 02:40:08 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/03/08 19:05:32 | 001,466,624 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbVM305.sys -- (ZSMC0305)
DRV - [2007/02/27 13:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/02/02 21:38:22 | 000,474,368 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vvftav.sys -- (vvftav)
DRV - [2006/12/14 09:27:18 | 000,040,832 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2006/04/10 14:02:00 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt25usbap.sys -- (RT25USBAP)
DRV - [2005/09/23 17:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/07/22 10:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 10:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 10:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/07 16:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/01/10 13:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 12:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [2001/04/09 11:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PenClass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...Sys=DTP&M=T6534
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...Sys=DTP&M=T6534
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...Sys=DTP&M=T6534
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...Sys=DTP&M=T6534
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://ca.yahoo.com/ [binary data]
IE - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/?ref=hp"
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.8.0.8
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.4: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/30 21:50:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/02 14:06:57 | 000,000,000 | ---D | M]

[2009/12/13 15:11:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/12/13 15:11:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2012/01/20 13:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn8f02ux.default\extensions
[2010/06/04 19:32:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn8f02ux.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/11 10:02:25 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn8f02ux.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2012/01/20 13:14:42 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn8f02ux.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/08/01 08:01:02 | 000,000,000 | ---D | M] (Facebook Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn8f02ux.default\extensions\[email protected]
[2011/12/02 14:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VN8F02UX.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
[2011/12/30 21:50:14 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/30 21:50:09 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/30 21:50:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/30 21:50:09 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/30 21:50:09 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/30 21:50:09 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/02/21 22:30:59 | 000,429,988 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14803 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\..\Toolbar\ShellBrowser: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O3 - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKU\.DEFAULT..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-18..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-1198101916-2928258585-112741002-1003..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKU\S-1-5-21-1198101916-2928258585-112741002-1003..\Run: [EPSON NX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1198101916-2928258585-112741002-1003..\Run: [Semagic] C:\Program Files\Semagic\LiveJournalU.exe (Alexey Semenov)
O4 - HKU\S-1-5-21-1198101916-2928258585-112741002-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LiveJournal.lnk = C:\Program Files\LiveJournal\LiveJournal.exe (bradfitz.com, inc. (original) | liquified.visions (current))
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = [binary data]
O7 - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = [binary data]
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta File not found
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai...cat-no-eula.cab (Citrix ICA Client)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinn...d/bejeweled.cab (Bejeweled Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://luckynugget....get/FlashAX.cab (FlashXControl Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://bl116fd.blu11...ex/HMAtchmt.ocx (Hotmail Attachments Control)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zon...wn.cab31267.cab (Solitaire Showdown Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{840BDF8B-554A-4908-A863-9F743D542068}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1038EEC-8F3A-4525-A984-F85F87662323}: NameServer = 192.168.1.254,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A11E6FFF-DDF5-4993-92D6-BD13BCACEC97}: NameServer = 64.59.144.17
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 10:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | --S- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | --S- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O33 - MountPoints2\{5ee81ac1-e0f0-11da-8f12-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{5ee81ac1-e0f0-11da-8f12-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5ee81ac1-e0f0-11da-8f12-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/21 14:22:31 | 000,751,581 | ---- | C] (maliprog @ Geekstogo) -- C:\Documents and Settings\Owner\Desktop\TheKiller.scr
[2012/01/18 11:53:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/01/17 01:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RK_Quarantine
[2012/01/17 00:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/17 00:41:00 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/17 00:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/17 00:38:46 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/16 23:58:46 | 000,000,000 | ---D | C] -- C:\RK_Quarantine
[2012/01/16 23:09:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/01/13 22:45:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\All The Right Type 3 Demo
[2012/01/13 22:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\All The Right Type 3 Demo
[2012/01/05 01:05:02 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/01/05 00:47:06 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2012/01/05 00:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2009/06/21 15:24:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/21 16:48:07 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/21 16:36:01 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/21 16:35:48 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/21 16:35:32 | 000,000,329 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2012/01/21 16:35:22 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/21 16:35:19 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2012/01/21 16:34:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/21 16:34:39 | 1610,010,624 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/21 14:22:33 | 000,751,581 | ---- | M] (maliprog @ Geekstogo) -- C:\Documents and Settings\Owner\Desktop\TheKiller.scr
[2012/01/20 22:50:32 | 000,241,664 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/20 22:37:07 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit_.INI
[2012/01/19 03:00:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2012/01/19 00:48:24 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/19 00:48:24 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/17 00:41:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/17 00:38:46 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/17 00:30:55 | 000,009,537 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\acc8512b
[2012/01/17 00:30:54 | 000,009,588 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\3f9945d3
[2012/01/17 00:30:54 | 000,009,465 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\4a4b23e3
[2012/01/16 23:09:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/01/16 23:08:38 | 000,787,456 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RogueKiller.exe
[2012/01/16 22:39:56 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/13 23:21:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/13 22:45:51 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\All The Right Type 3 Demo.lnk
[2012/01/11 03:04:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/06 03:05:25 | 000,502,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/06 03:05:25 | 000,086,704 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/05 01:04:48 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/01/05 01:04:31 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2012/01/05 00:47:11 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/01/05 00:10:43 | 000,000,420 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\01.12.lnk
[2011/12/23 07:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/17 00:41:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 23:41:24 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2012/01/16 23:08:34 | 000,787,456 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RogueKiller.exe
[2012/01/16 22:51:44 | 1610,010,624 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/16 20:58:40 | 000,009,588 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\3f9945d3
[2012/01/16 20:58:40 | 000,009,537 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\acc8512b
[2012/01/16 20:58:40 | 000,009,465 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\4a4b23e3
[2012/01/13 22:45:51 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\All The Right Type 3 Demo.lnk
[2012/01/05 00:47:48 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/05 00:47:48 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/05 00:47:26 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/05 00:47:11 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/01/05 00:10:43 | 000,000,420 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\01.12.lnk
[2011/12/15 15:32:01 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/04/14 02:30:32 | 000,400,920 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/25 10:38:24 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/09/25 10:38:21 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/09/25 10:38:21 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/06/21 23:07:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/05 01:06:33 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\WavCodec.wff
[2010/05/11 17:32:57 | 000,000,088 | R-S- | C] () -- C:\Documents and Settings\All Users\Application Data\B68968CD0C.sys
[2010/05/11 17:32:56 | 000,002,828 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/12/13 12:09:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/25 17:28:43 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/09/27 15:12:22 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/09/19 16:00:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/06/21 15:24:44 | 000,001,176 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2009/06/21 15:24:09 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2009/06/21 15:24:09 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2009/06/21 15:24:09 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2009/05/21 20:43:10 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/05/21 17:40:36 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/05/20 22:07:01 | 000,000,090 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/05/19 18:44:46 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/03/27 20:35:43 | 000,004,882 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nmpmeswb.lkq
[2009/01/20 00:45:37 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/01/20 00:37:56 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/01/10 15:03:31 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/01/10 15:03:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/01/10 15:03:30 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/01/10 15:03:30 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/01/10 15:03:30 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/01/10 15:03:30 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/01/10 15:03:30 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/01/10 15:03:30 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/01/10 15:03:30 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/01/10 15:03:30 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/01/10 15:03:30 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/01/10 15:03:30 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/01/10 15:03:30 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/01/10 15:03:30 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/01/10 15:03:30 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/01/10 15:03:30 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/01/10 15:02:33 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPNX100.ini
[2009/01/01 17:50:37 | 000,122,880 | ---- | C] () -- C:\WINDOWS\rm305.exe
[2009/01/01 17:50:37 | 000,000,900 | ---- | C] () -- C:\WINDOWS\rm305.ini
[2008/12/01 12:11:21 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/12/01 12:11:21 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/12/01 12:11:21 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/10/30 06:45:42 | 000,180,720 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/08/12 19:02:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/02/20 17:40:05 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2007/11/08 14:25:10 | 000,000,769 | ---- | C] () -- C:\WINDOWS\unvpeye.ini
[2007/11/08 14:15:38 | 000,102,400 | ---- | C] () -- C:\WINDOWS\japi.dll
[2007/11/08 14:15:38 | 000,053,248 | ---- | C] () -- C:\WINDOWS\rmvpeye.exe
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/10 19:43:14 | 000,000,082 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2007/07/25 13:24:30 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/08 22:22:50 | 000,077,895 | ---- | C] () -- C:\WINDOWS\System32\unibus_tcutil.dll
[2007/06/02 16:37:35 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/06/02 16:37:35 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/06/02 16:37:35 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/06/02 10:26:26 | 000,000,216 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/11/21 14:27:49 | 000,000,009 | ---- | C] () -- C:\WINDOWS\nfsc_patch.ini
[2006/08/29 11:55:36 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/17 15:26:01 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2006/08/11 01:51:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TabUnst.dll
[2006/08/11 01:51:51 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\wintab.dll
[2006/08/11 01:51:51 | 000,000,329 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2006/08/11 01:51:39 | 000,013,408 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2006/08/11 01:51:39 | 000,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2006/08/08 14:09:28 | 000,000,139 | ---- | C] () -- C:\WINDOWS\_vmtxp.INI
[2006/08/08 14:06:00 | 000,241,664 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/08 12:39:16 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/05/11 05:36:23 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/11 05:33:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/05/11 05:33:18 | 000,550,912 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2006/05/11 05:33:18 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006/05/11 05:33:18 | 000,042,040 | ---- | C] () -- C:\WINDOWS\PatchWnd.exe
[2006/05/11 05:33:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2006/05/11 05:33:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2006/05/11 05:33:18 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2006/05/11 05:32:35 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/05/11 05:29:24 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
[2006/05/11 05:27:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/11 05:08:43 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/11 05:08:43 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/26 14:08:28 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/08/27 02:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 01:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 10:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 10:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 08:12:43 | 000,001,426 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 08:12:43 | 000,000,486 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 08:12:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/26 08:12:10 | 000,502,238 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 08:12:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/26 08:12:10 | 000,086,704 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 08:12:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/26 08:12:08 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/26 08:12:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/26 08:12:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/26 08:12:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/26 08:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/26 08:11:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/26 08:11:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/26 02:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 02:54:01 | 000,224,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2010/10/23 14:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/22 21:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2011/12/15 15:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\diego
[2006/09/30 01:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2009/01/10 15:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/12/15 15:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go, Diego, Go Snapshots
[2009/12/25 13:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2010/03/30 20:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2006/09/16 13:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/06/24 11:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/06/26 21:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
[2006/09/30 01:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/05/20 22:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/03/31 05:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/08/11 23:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2008/06/02 14:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TELUS
[2010/09/24 19:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/10 15:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2006/12/27 16:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/06/21 17:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/06/01 18:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006/05/11 05:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2007/01/02 16:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Neopets Toolbar
[2006/08/22 14:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.ABC
[2009/04/30 02:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Camfrog
[2011/02/17 20:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Downloaded Installations
[2006/09/30 01:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EA
[2009/01/13 12:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2010/09/23 14:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2010/06/22 20:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FUJIFILM
[2006/10/06 00:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2008/09/05 23:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2007/08/13 17:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IMVU
[2009/01/10 15:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/09/24 22:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MotionDSP
[2008/06/24 11:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2009/04/06 19:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Neopets Toolbar
[2009/04/01 15:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PgcEdit
[2010/08/22 16:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Research In Motion
[2006/05/11 05:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2007/05/20 17:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Screenshot Sender
[2010/06/22 21:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smilebox
[2008/06/02 14:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TELUS
[2007/08/10 19:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Temp
[2006/12/27 16:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems
[2010/11/15 11:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uniblue
[2012/01/21 16:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/11/27 13:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2008/08/12 19:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2009/01/01 18:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2012/01/21 16:35:48 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/01/21 16:35:19 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2012/01/19 03:00:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2005/10/31 07:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 03:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 11:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 11:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 11:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 11:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/30 21:50:09 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/30 21:50:09 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/30 21:50:09 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/30 21:50:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/30 21:50:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/30 21:50:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/30 21:50:09 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/30 21:50:09 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/30 21:50:09 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/30 21:50:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/30 21:50:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/30 21:50:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 966 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24721E3C
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27EEEB5C

< End of report >
  • 0

#5
Mack Cockburn
Posted 21 January 2012 - 07:03 PM

Mack Cockburn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL Extras logfile created on: 1/17/2012 1:26:44 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.46 Gb Available Physical Memory | 30.74% Memory free
5.85 Gb Paging File | 5.21 Gb Available in Paging File | 89.18% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.85 Gb Total Space | 124.20 Gb Free Space | 68.30% Space Free | Partition Type: NTFS
Drive D: | 4.44 Gb Total Space | 2.71 Gb Free Space | 61.04% Space Free | Partition Type: FAT32
Drive G: | 232.88 Gb Total Space | 51.38 Gb Free Space | 22.06% Space Free | Partition Type: NTFS

Computer Name: LOVELY-LIN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1198101916-2928258585-112741002-1003\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- ()
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe" = C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector -- ()
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Documents and Settings\Owner\Local Settings\Temp\Update_d8a9.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\Update_d8a9.exe:*:Enabled:InstallCore™ -- (Yuna Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 26
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{4E9B398A-8F39-410C-8200-7F5289CD7B02}_is1" = The Sims 3 Ultimate Bundle
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{598420E8-E9F9-4FAE-9B6C-599FDF2F611A}" = BlackBerry App World Browser Plugin
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.4.1
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193j
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C5B62D2-F779-482F-A4DC-A0636B06BCD7}" = LeapFrog Connect
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8A83AE5F-F59B-4E1F-BF2A-49185A42ED1B}" = LeapFrog My Pals Plugin
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD37EE3-50A7-45DB-97B9-1C8B900E9E8B}" = Movavi Video Converter 7
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0305}" = USB PC Camera VC305
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8550C86-A712-4219-AD4C-038C9FD1D149}" = Ulead PhotoImpact 11
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"26062_2010_0930_1114_is1" = Uninstall Dual Mode Camera (26062)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"All The Right Type 3 Demo" = All The Right Type 3 Demo
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON NX100 Series" = EPSON NX100 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Go, Diego, Go Snapshots" = Go, Diego, Go Snapshots
"HaaliMkx" = Haali Media Splitter
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"LiveJournal" = LiveJournal 1.4.7-BETA2WA3 (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"RealAlt_is1" = Real Alternative 1.51
"RegCure" = RegCure 1.5.0.0
"Semagic" = Semagic (remove only)
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"UPCShell" = LeapFrog Connect
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"Wacom Tablet Driver" = Wacom Tablet Driver
"WavePad" = WavePad Uninstall
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WiFiConnector" = Nintendo Wi-Fi USB Connector Registration Tool
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WORD" = Microsoft Office Word 2007
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1198101916-2928258585-112741002-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f9598aeafb0efd18" = BabySmash!
"Facebook Plug-In" = Facebook Plug-In
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 10/28/2009 12:28:46 AM | Computer Name = LOVELY-LIN | Source = avast! | ID = 33554522
Description =

Error - 10/28/2009 12:28:54 AM | Computer Name = LOVELY-LIN | Source = avast! | ID = 33554522
Description =

Error - 11/4/2009 9:19:20 PM | Computer Name = LOVELY-LIN | Source = avast! | ID = 33554522
Description =

Error - 11/5/2009 1:37:30 AM | Computer Name = LOVELY-LIN | Source = avast! | ID = 33554522
Description =

Error - 11/5/2009 5:59:53 PM | Computer Name = LOVELY-LIN | Source = avast! | ID = 33554522
Description =

Error - 11/6/2009 1:45:30 PM | Computer Name = LOVELY-LIN | Source = avast! | ID = 33554522
Description =

Error - 11/7/2009 3:41:00 PM | Computer Name = LOVELY-LIN | Source = avast! | ID = 33554522
Description =

Error - 11/7/2009 7:35:21 PM | Computer Name = LOVELY-LIN | Source = avast! | ID = 33554522
Description =

Error - 11/9/2009 4:47:05 PM | Computer Name = LOVELY-LIN | Source = avast! | ID = 33554522
Description =

Error - 11/21/2009 3:02:58 PM | Computer Name = LOVELY-LIN | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 1/11/2012 7:21:41 AM | Computer Name = LOVELY-LIN | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 1/11/2012 11:23:00 PM | Computer Name = LOVELY-LIN | Source = Application Error | ID = 1000
Description = Faulting application iedit_.exe, version 11.0.0.0, faulting module
iedit_.exe, version 11.0.0.0, fault address 0x002793e1.

Error - 1/12/2012 3:34:30 PM | Computer Name = LOVELY-LIN | Source = Application Error | ID = 1000
Description = Faulting application iedit_.exe, version 11.0.0.0, faulting module
iedit_.exe, version 11.0.0.0, fault address 0x002793e1.

Error - 1/17/2012 4:00:01 AM | Computer Name = LOVELY-LIN | Source = Application Error | ID = 1000
Description = Faulting application roguekiller.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 1/17/2012 4:01:50 AM | Computer Name = LOVELY-LIN | Source = Application Error | ID = 1000
Description = Faulting application roguekiller.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 1/17/2012 4:04:14 AM | Computer Name = LOVELY-LIN | Source = Application Error | ID = 1000
Description = Faulting application roguekiller.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 1/17/2012 4:05:08 AM | Computer Name = LOVELY-LIN | Source = Application Error | ID = 1000
Description = Faulting application roguekiller.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 1/17/2012 4:06:09 AM | Computer Name = LOVELY-LIN | Source = Application Error | ID = 1000
Description = Faulting application roguekiller.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 1/17/2012 4:09:00 AM | Computer Name = LOVELY-LIN | Source = Application Error | ID = 1000
Description = Faulting application roguekiller.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 1/17/2012 4:17:38 AM | Computer Name = LOVELY-LIN | Source = Application Error | ID = 1000
Description = Faulting application roguekiller.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 1/5/2012 5:04:58 AM | Computer Name = LOVELY-LIN | Source = Service Control Manager | ID = 7034
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 1/13/2012 8:20:51 PM | Computer Name = LOVELY-LIN | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.10 for the Network Card with network
address 0016175F813A has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/17/2012 2:42:21 AM | Computer Name = LOVELY-LIN | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 1/17/2012 2:42:21 AM | Computer Name = LOVELY-LIN | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 1/17/2012 2:42:21 AM | Computer Name = LOVELY-LIN | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 1/17/2012 2:42:21 AM | Computer Name = LOVELY-LIN | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 1/17/2012 2:42:21 AM | Computer Name = LOVELY-LIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD AmdK8 aswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 1/17/2012 2:42:37 AM | Computer Name = LOVELY-LIN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/17/2012 2:50:47 AM | Computer Name = LOVELY-LIN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/17/2012 4:56:58 AM | Computer Name = LOVELY-LIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde


< End of report >
  • 0

#6
maliprog
Posted 23 January 2012 - 12:48 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Mack Cockburn,

TheKiller only takes few minutes. Please restart your system once.

Let's try to remove leftovers from your system.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    O33 - MountPoints2\{5ee81ac1-e0f0-11da-8f12-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{5ee81ac1-e0f0-11da-8f12-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{5ee81ac1-e0f0-11da-8f12-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
    O37 - HKU\S-1-5-21-1198101916-2928258585-112741002-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found
    [2012/01/17 00:30:54 | 000,009,588 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\3f9945d3
    [2012/01/17 00:30:54 | 000,009,465 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\4a4b23e3
    [2012/01/16 20:58:40 | 000,009,588 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\3f9945d3
    [2012/01/16 20:58:40 | 000,009,537 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\acc8512b
    [2012/01/16 20:58:40 | 000,009,465 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\4a4b23e3
    [2010/05/11 17:32:57 | 000,000,088 | R-S- | C] () -- C:\Documents and Settings\All Users\Application Data\B68968CD0C.sys
    [2009/03/27 20:35:43 | 000,004,882 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nmpmeswb.lkq
    2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.


  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#7
Mack Cockburn
Posted 26 January 2012 - 05:05 PM

Mack Cockburn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1198101916-2928258585-112741002-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ee81ac1-e0f0-11da-8f12-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ee81ac1-e0f0-11da-8f12-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ee81ac1-e0f0-11da-8f12-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ee81ac1-e0f0-11da-8f12-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ee81ac1-e0f0-11da-8f12-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ee81ac1-e0f0-11da-8f12-806d6172696f}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 not found.
Registry key HKEY_USERS\S-1-5-21-1198101916-2928258585-112741002-1003_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1198101916-2928258585-112741002-1003_Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\Owner\Application Data\3f9945d3 moved successfully.
C:\Documents and Settings\All Users\Application Data\4a4b23e3 moved successfully.
File C:\Documents and Settings\Owner\Application Data\3f9945d3 not found.
C:\Documents and Settings\Owner\Local Settings\Application Data\acc8512b moved successfully.
File C:\Documents and Settings\All Users\Application Data\4a4b23e3 not found.
C:\Documents and Settings\All Users\Application Data\B68968CD0C.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\nmpmeswb.lkq moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 01262012_145159
  • 0

#8
Mack Cockburn
Posted 26 January 2012 - 05:06 PM

Mack Cockburn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
15:03:06.0031 1852 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
15:03:06.0687 1852 ============================================================
15:03:06.0687 1852 Current date / time: 2012/01/26 15:03:06.0687
15:03:06.0687 1852 SystemInfo:
15:03:06.0687 1852
15:03:06.0687 1852 OS Version: 5.1.2600 ServicePack: 3.0
15:03:06.0687 1852 Product type: Workstation
15:03:06.0687 1852 ComputerName: LOVELY-LIN
15:03:06.0687 1852 UserName: Owner
15:03:06.0687 1852 Windows directory: C:\WINDOWS
15:03:06.0687 1852 System windows directory: C:\WINDOWS
15:03:06.0687 1852 Processor architecture: Intel x86
15:03:06.0687 1852 Number of processors: 1
15:03:06.0687 1852 Page size: 0x1000
15:03:06.0687 1852 Boot type: Normal boot
15:03:06.0687 1852 ============================================================
15:03:09.0609 1852 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:03:09.0640 1852 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:03:09.0875 1852 Initialize success
15:03:13.0156 3524 ============================================================
15:03:13.0156 3524 Scan started
15:03:13.0156 3524 Mode: Manual;
15:03:13.0156 3524 ============================================================
15:03:14.0031 3524 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
15:03:14.0046 3524 Aavmker4 - ok
15:03:14.0296 3524 Abiosdsk - ok
15:03:14.0375 3524 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:03:14.0375 3524 abp480n5 - ok
15:03:14.0515 3524 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:03:14.0546 3524 ACPI - ok
15:03:14.0609 3524 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:03:14.0609 3524 ACPIEC - ok
15:03:14.0750 3524 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:03:14.0765 3524 adpu160m - ok
15:03:14.0828 3524 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:03:14.0843 3524 aec - ok
15:03:14.0984 3524 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:03:14.0984 3524 AFD - ok
15:03:15.0359 3524 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:03:15.0375 3524 agp440 - ok
15:03:15.0515 3524 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:03:15.0531 3524 agpCPQ - ok
15:03:15.0578 3524 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:03:15.0578 3524 Aha154x - ok
15:03:15.0625 3524 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:03:15.0625 3524 aic78u2 - ok
15:03:15.0734 3524 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:03:15.0828 3524 aic78xx - ok
15:03:15.0875 3524 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:03:15.0906 3524 AliIde - ok
15:03:15.0968 3524 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:03:16.0000 3524 alim1541 - ok
15:03:16.0031 3524 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:03:16.0031 3524 amdagp - ok
15:03:16.0234 3524 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
15:03:16.0250 3524 AmdK8 - ok
15:03:16.0312 3524 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:03:16.0312 3524 amsint - ok
15:03:16.0406 3524 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:03:16.0421 3524 asc - ok
15:03:16.0625 3524 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:03:16.0625 3524 asc3350p - ok
15:03:16.0843 3524 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:03:16.0843 3524 asc3550 - ok
15:03:16.0984 3524 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:03:16.0984 3524 aswFsBlk - ok
15:03:17.0109 3524 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
15:03:17.0125 3524 aswMon2 - ok
15:03:17.0281 3524 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
15:03:17.0296 3524 aswRdr - ok
15:03:17.0609 3524 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
15:03:17.0625 3524 aswSnx - ok
15:03:17.0703 3524 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
15:03:17.0750 3524 aswSP - ok
15:03:17.0828 3524 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
15:03:17.0828 3524 aswTdi - ok
15:03:17.0937 3524 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:03:17.0937 3524 AsyncMac - ok
15:03:18.0078 3524 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:03:18.0093 3524 atapi - ok
15:03:18.0187 3524 Atdisk - ok
15:03:19.0046 3524 ati2mtag (15b2fe76e2eceb98c49ed52311a6f26f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:03:20.0734 3524 ati2mtag - ok
15:03:21.0296 3524 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:03:21.0328 3524 Atmarpc - ok
15:03:22.0531 3524 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:03:22.0562 3524 audstub - ok
15:03:23.0421 3524 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:03:23.0437 3524 Beep - ok
15:03:24.0875 3524 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:03:24.0890 3524 cbidf - ok
15:03:26.0500 3524 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:03:26.0500 3524 cbidf2k - ok
15:03:27.0437 3524 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:03:27.0484 3524 CCDECODE - ok
15:03:29.0265 3524 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:03:29.0281 3524 cd20xrnt - ok
15:03:30.0890 3524 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:03:30.0921 3524 Cdaudio - ok
15:03:32.0593 3524 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:03:32.0640 3524 Cdfs - ok
15:03:33.0750 3524 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:03:34.0000 3524 Cdrom - ok
15:03:34.0796 3524 Changer - ok
15:03:36.0312 3524 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:03:36.0453 3524 CmdIde - ok
15:03:36.0984 3524 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:03:37.0203 3524 Cpqarray - ok
15:03:37.0875 3524 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:03:37.0906 3524 dac2w2k - ok
15:03:38.0343 3524 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:03:38.0359 3524 dac960nt - ok
15:03:39.0062 3524 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:03:39.0109 3524 Disk - ok
15:03:40.0843 3524 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:03:41.0109 3524 dmboot - ok
15:03:41.0406 3524 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:03:41.0515 3524 dmio - ok
15:03:41.0765 3524 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:03:41.0781 3524 dmload - ok
15:03:42.0078 3524 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:03:42.0156 3524 DMusic - ok
15:03:42.0531 3524 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:03:42.0546 3524 dpti2o - ok
15:03:42.0671 3524 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:03:42.0687 3524 drmkaud - ok
15:03:42.0843 3524 dtscsi - ok
15:03:42.0937 3524 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:03:42.0984 3524 Fastfat - ok
15:03:43.0359 3524 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:03:43.0390 3524 Fdc - ok
15:03:43.0578 3524 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:03:43.0609 3524 Fips - ok
15:03:43.0734 3524 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:03:43.0750 3524 Flpydisk - ok
15:03:44.0093 3524 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:03:44.0093 3524 FltMgr - ok
15:03:44.0328 3524 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:03:44.0343 3524 Fs_Rec - ok
15:03:44.0640 3524 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:03:44.0671 3524 Ftdisk - ok
15:03:44.0734 3524 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:03:44.0750 3524 GEARAspiWDM - ok
15:03:44.0984 3524 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:03:44.0984 3524 Gpc - ok
15:03:45.0375 3524 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
15:03:45.0406 3524 HdAudAddService - ok
15:03:45.0593 3524 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:03:45.0687 3524 HDAudBus - ok
15:03:45.0781 3524 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:03:45.0796 3524 HidUsb - ok
15:03:46.0171 3524 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:03:46.0187 3524 hpn - ok
15:03:46.0437 3524 HSFHWBS2 (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
15:03:46.0468 3524 HSFHWBS2 - ok
15:03:46.0921 3524 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
15:03:46.0968 3524 HSF_DPV - ok
15:03:47.0484 3524 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:03:47.0562 3524 HTTP - ok
15:03:47.0812 3524 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:03:47.0906 3524 i2omgmt - ok
15:03:48.0062 3524 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:03:48.0125 3524 i2omp - ok
15:03:48.0312 3524 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:03:48.0328 3524 i8042prt - ok
15:03:48.0515 3524 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:03:48.0609 3524 Imapi - ok
15:03:48.0828 3524 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:03:48.0843 3524 ini910u - ok
15:03:49.0687 3524 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:03:50.0625 3524 IntcAzAudAddService - ok
15:03:51.0015 3524 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:03:51.0015 3524 IntelIde - ok
15:03:51.0250 3524 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:03:51.0265 3524 Ip6Fw - ok
15:03:51.0609 3524 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:03:51.0671 3524 IpFilterDriver - ok
15:03:51.0750 3524 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:03:51.0843 3524 IpInIp - ok
15:03:52.0203 3524 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:03:52.0265 3524 IpNat - ok
15:03:52.0453 3524 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:03:52.0453 3524 IPSec - ok
15:03:52.0671 3524 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:03:52.0687 3524 IRENUM - ok
15:03:52.0812 3524 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:03:52.0843 3524 isapnp - ok
15:03:53.0015 3524 JL2005C (25d8ad30dd9f3ead620f1953a97b6959) C:\WINDOWS\system32\Drivers\jl2005c.sys
15:03:53.0078 3524 JL2005C - ok
15:03:53.0500 3524 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:03:53.0531 3524 Kbdclass - ok
15:03:53.0796 3524 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:03:53.0843 3524 kmixer - ok
15:03:54.0046 3524 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:03:54.0062 3524 KSecDD - ok
15:03:54.0171 3524 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
15:03:54.0171 3524 Lavasoft Kernexplorer - ok
15:03:54.0312 3524 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
15:03:54.0312 3524 Lbd - ok
15:03:54.0359 3524 lbrtfdc - ok
15:03:54.0421 3524 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
15:03:54.0421 3524 MBAMProtector - ok
15:03:54.0453 3524 mcdbus - ok
15:03:54.0500 3524 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:03:54.0500 3524 mdmxsdk - ok
15:03:54.0734 3524 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:03:54.0781 3524 mnmdd - ok
15:03:54.0968 3524 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:03:55.0031 3524 Modem - ok
15:03:55.0296 3524 MotDev (a54abbda4ee2fdae15d4e1ee7ab788a1) C:\WINDOWS\system32\DRIVERS\motodrv.sys
15:03:55.0390 3524 MotDev - ok
15:03:55.0671 3524 motmodem (5023875a94b0766d98a62a72bc4cb055) C:\WINDOWS\system32\DRIVERS\motmodem.sys
15:03:55.0750 3524 motmodem - ok
15:03:55.0953 3524 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:03:56.0093 3524 Mouclass - ok
15:03:56.0421 3524 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:03:56.0437 3524 mouhid - ok
15:03:56.0625 3524 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:03:56.0750 3524 MountMgr - ok
15:03:56.0875 3524 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:03:56.0937 3524 mraid35x - ok
15:03:57.0140 3524 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
15:03:57.0140 3524 MREMP50 - ok
15:03:57.0218 3524 MREMP50a64 - ok
15:03:57.0234 3524 MREMPR5 - ok
15:03:57.0234 3524 MRENDIS5 - ok
15:03:57.0265 3524 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
15:03:57.0265 3524 MRESP50 - ok
15:03:57.0281 3524 MRESP50a64 - ok
15:03:57.0437 3524 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:03:57.0453 3524 MRxDAV - ok
15:03:57.0531 3524 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:03:57.0531 3524 MRxSmb - ok
15:03:57.0593 3524 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:03:57.0593 3524 Msfs - ok
15:03:57.0890 3524 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:03:57.0906 3524 MSKSSRV - ok
15:03:58.0218 3524 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:03:58.0250 3524 MSPCLOCK - ok
15:03:58.0593 3524 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:03:58.0687 3524 MSPQM - ok
15:03:59.0140 3524 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:03:59.0203 3524 mssmbios - ok
15:03:59.0546 3524 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:03:59.0562 3524 MSTEE - ok
15:03:59.0765 3524 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:03:59.0890 3524 Mup - ok
15:04:00.0359 3524 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
15:04:00.0390 3524 mxnic - ok
15:04:00.0515 3524 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:04:00.0640 3524 NABTSFEC - ok
15:04:01.0125 3524 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:04:01.0171 3524 NDIS - ok
15:04:01.0421 3524 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:04:01.0437 3524 NdisIP - ok
15:04:01.0484 3524 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:04:01.0500 3524 NdisTapi - ok
15:04:01.0515 3524 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:04:01.0515 3524 Ndisuio - ok
15:04:01.0546 3524 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:04:01.0546 3524 NdisWan - ok
15:04:01.0609 3524 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:04:01.0609 3524 NDProxy - ok
15:04:01.0750 3524 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:04:01.0765 3524 NetBIOS - ok
15:04:01.0812 3524 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:04:01.0812 3524 NetBT - ok
15:04:01.0890 3524 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:04:01.0890 3524 Npfs - ok
15:04:01.0937 3524 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:04:01.0937 3524 Ntfs - ok
15:04:02.0046 3524 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
15:04:02.0046 3524 NuidFltr - ok
15:04:02.0250 3524 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:04:02.0312 3524 Null - ok
15:04:03.0781 3524 nv (5e640f37801f2d4152d11595218915cd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:04:04.0437 3524 nv - ok
15:04:04.0593 3524 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:04:04.0609 3524 NVENETFD - ok
15:04:04.0671 3524 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:04:04.0671 3524 nvnetbus - ok
15:04:04.0734 3524 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:04:04.0734 3524 NwlnkFlt - ok
15:04:05.0000 3524 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:04:05.0000 3524 NwlnkFwd - ok
15:04:05.0171 3524 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
15:04:05.0171 3524 P3 - ok
15:04:05.0437 3524 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:04:05.0562 3524 Parport - ok
15:04:05.0687 3524 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:04:05.0781 3524 PartMgr - ok
15:04:05.0921 3524 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:04:06.0062 3524 ParVdm - ok
15:04:06.0296 3524 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:04:06.0750 3524 PCI - ok
15:04:07.0937 3524 PCIDump - ok
15:04:08.0109 3524 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:04:08.0203 3524 PCIIde - ok
15:04:08.0359 3524 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:04:08.0468 3524 Pcmcia - ok
15:04:08.0671 3524 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
15:04:08.0796 3524 pcouffin - ok
15:04:08.0843 3524 PDCOMP - ok
15:04:09.0000 3524 PDFRAME - ok
15:04:09.0125 3524 PDRELI - ok
15:04:09.0343 3524 PDRFRAME - ok
15:04:09.0484 3524 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys
15:04:09.0578 3524 PenClass - ok
15:04:09.0875 3524 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:04:09.0921 3524 perc2 - ok
15:04:10.0312 3524 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:04:10.0312 3524 perc2hib - ok
15:04:10.0437 3524 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:04:10.0437 3524 PptpMiniport - ok
15:04:10.0609 3524 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:04:10.0609 3524 Processor - ok
15:04:10.0703 3524 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:04:10.0718 3524 PSched - ok
15:04:10.0906 3524 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:04:10.0921 3524 Ptilink - ok
15:04:11.0375 3524 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:04:11.0390 3524 PxHelp20 - ok
15:04:11.0703 3524 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:04:11.0718 3524 ql1080 - ok
15:04:12.0046 3524 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:04:12.0109 3524 Ql10wnt - ok
15:04:12.0406 3524 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:04:12.0500 3524 ql12160 - ok
15:04:12.0968 3524 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:04:13.0000 3524 ql1240 - ok
15:04:13.0421 3524 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:04:13.0437 3524 ql1280 - ok
15:04:13.0890 3524 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:04:14.0218 3524 RasAcd - ok
15:04:14.0640 3524 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:04:14.0781 3524 Rasl2tp - ok
15:04:14.0890 3524 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:04:15.0015 3524 RasPppoe - ok
15:04:15.0328 3524 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:04:15.0375 3524 Raspti - ok
15:04:15.0609 3524 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:04:15.0671 3524 Rdbss - ok
15:04:16.0031 3524 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:04:16.0125 3524 RDPCDD - ok
15:04:16.0562 3524 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:04:16.0593 3524 rdpdr - ok
15:04:16.0718 3524 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:04:16.0828 3524 RDPWD - ok
15:04:17.0359 3524 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:04:17.0390 3524 redbook - ok
15:04:17.0562 3524 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
15:04:17.0578 3524 Revoflt - ok
15:04:17.0890 3524 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
15:04:17.0937 3524 RimUsb - ok
15:04:18.0359 3524 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
15:04:18.0375 3524 RimVSerPort - ok
15:04:18.0687 3524 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
15:04:18.0718 3524 ROOTMODEM - ok
15:04:19.0125 3524 RT25USBAP (9c377dbf9d2d19098db935dc1e8361a3) C:\WINDOWS\system32\DRIVERS\rt25usbap.sys
15:04:19.0171 3524 RT25USBAP - ok
15:04:19.0609 3524 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:04:19.0656 3524 Secdrv - ok
15:04:19.0984 3524 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:04:20.0000 3524 serenum - ok
15:04:20.0281 3524 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:04:20.0765 3524 Serial - ok
15:04:21.0140 3524 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:04:21.0359 3524 Sfloppy - ok
15:04:21.0421 3524 Simbad - ok
15:04:21.0812 3524 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:04:21.0921 3524 sisagp - ok
15:04:22.0281 3524 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:04:22.0312 3524 SLIP - ok
15:04:22.0875 3524 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:04:22.0921 3524 Sparrow - ok
15:04:23.0484 3524 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:04:23.0500 3524 splitter - ok
15:04:23.0953 3524 sptd (befb28c491a7f2f0e40f9c4dd964b323) C:\WINDOWS\system32\Drivers\sptd.sys
15:04:23.0953 3524 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: befb28c491a7f2f0e40f9c4dd964b323
15:04:23.0968 3524 sptd ( LockedFile.Multi.Generic ) - warning
15:04:23.0968 3524 sptd - detected LockedFile.Multi.Generic (1)
15:04:24.0250 3524 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:04:24.0343 3524 sr - ok
15:04:24.0703 3524 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:04:24.0781 3524 Srv - ok
15:04:24.0875 3524 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:04:24.0875 3524 streamip - ok
15:04:25.0125 3524 SUNPLUS - ok
15:04:25.0265 3524 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:04:25.0296 3524 swenum - ok
15:04:25.0859 3524 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:04:26.0187 3524 swmidi - ok
15:04:26.0390 3524 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:04:26.0421 3524 symc810 - ok
15:04:26.0671 3524 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:04:26.0968 3524 symc8xx - ok
15:04:27.0218 3524 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:04:27.0328 3524 sym_hi - ok
15:04:28.0000 3524 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:04:28.0203 3524 sym_u3 - ok
15:04:28.0875 3524 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:04:28.0906 3524 sysaudio - ok
15:04:29.0203 3524 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
15:04:29.0312 3524 taphss - ok
15:04:29.0812 3524 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:04:29.0921 3524 Tcpip - ok
15:04:30.0437 3524 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:04:30.0453 3524 TDPIPE - ok
15:04:30.0812 3524 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:04:30.0953 3524 TDTCP - ok
15:04:31.0250 3524 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:04:31.0265 3524 TermDD - ok
15:04:31.0687 3524 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:04:31.0765 3524 TosIde - ok
15:04:32.0109 3524 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:04:32.0203 3524 Udfs - ok
15:04:32.0703 3524 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:04:32.0765 3524 ultra - ok
15:04:33.0421 3524 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:04:33.0468 3524 Update - ok
15:04:33.0875 3524 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:04:33.0921 3524 USBAAPL - ok
15:04:34.0125 3524 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:04:34.0140 3524 usbccgp - ok
15:04:34.0343 3524 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:04:34.0343 3524 usbehci - ok
15:04:34.0625 3524 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:04:34.0703 3524 usbhub - ok
15:04:34.0968 3524 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:04:35.0093 3524 usbohci - ok
15:04:35.0312 3524 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:04:35.0437 3524 usbprint - ok
15:04:35.0687 3524 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:04:35.0875 3524 usbscan - ok
15:04:35.0984 3524 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:04:36.0000 3524 USBSTOR - ok
15:04:36.0375 3524 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:04:36.0406 3524 usbuhci - ok
15:04:37.0546 3524 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:04:37.0593 3524 VgaSave - ok
15:04:38.0015 3524 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:04:38.0031 3524 viaagp - ok
15:04:38.0125 3524 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:04:38.0140 3524 ViaIde - ok
15:04:38.0359 3524 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:04:38.0406 3524 VolSnap - ok
15:04:38.0843 3524 vvftav (090da253a1ad35c9c333a1d3bb6aaf7e) C:\WINDOWS\system32\drivers\vvftav.sys
15:04:38.0937 3524 vvftav - ok
15:04:39.0515 3524 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:04:39.0562 3524 Wanarp - ok
15:04:40.0062 3524 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
15:04:40.0109 3524 wanatw - ok
15:04:40.0562 3524 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:04:41.0296 3524 Wdf01000 - ok
15:04:41.0796 3524 WDICA - ok
15:04:42.0140 3524 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:04:42.0343 3524 wdmaud - ok
15:04:42.0656 3524 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:04:42.0812 3524 winachsf - ok
15:04:43.0250 3524 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:04:43.0312 3524 WpdUsb - ok
15:04:43.0406 3524 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:04:43.0421 3524 WSTCODEC - ok
15:04:43.0609 3524 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:04:43.0609 3524 WudfPf - ok
15:04:43.0984 3524 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:04:44.0093 3524 WudfRd - ok
15:04:44.0500 3524 ZSMC0305 (400193c446f539134273ab9b88e837dc) C:\WINDOWS\system32\Drivers\usbVM305.sys
15:04:44.0937 3524 ZSMC0305 - ok
15:04:44.0984 3524 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
15:04:45.0015 3524 \Device\Harddisk0\DR0 - ok
15:04:45.0062 3524 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
15:04:45.0078 3524 \Device\Harddisk1\DR1 - ok
15:04:45.0093 3524 Boot (0x1200) (5633d000a1771ee657b1b3e009d1354b) \Device\Harddisk0\DR0\Partition0
15:04:45.0125 3524 \Device\Harddisk0\DR0\Partition0 - ok
15:04:45.0125 3524 Boot (0x1200) (74a28fedaad34c131323951384e7097c) \Device\Harddisk0\DR0\Partition1
15:04:45.0125 3524 \Device\Harddisk0\DR0\Partition1 - ok
15:04:45.0140 3524 Boot (0x1200) (81c1940b674034bfd35c0227eab889b9) \Device\Harddisk1\DR1\Partition0
15:04:45.0140 3524 \Device\Harddisk1\DR1\Partition0 - ok
15:04:45.0187 3524 ============================================================
15:04:45.0187 3524 Scan finished
15:04:45.0187 3524 ============================================================
15:04:45.0265 0164 Detected object count: 1
15:04:45.0265 0164 Actual detected object count: 1
15:05:02.0109 0164 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:05:02.0109 0164 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
  • 0

#9
Mack Cockburn
Posted 26 January 2012 - 06:23 PM

Mack Cockburn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-26 15:08:01
-----------------------------
15:08:01.468 OS Version: Windows 5.1.2600 Service Pack 3
15:08:01.468 Number of processors: 1 586 0x3702
15:08:01.468 ComputerName: LOVELY-LIN UserName: Owner
15:08:03.421 Initialize success
15:08:06.734 AVAST engine defs: 12012602
15:08:14.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-13
15:08:14.656 Disk 0 Vendor: HDT722520DLAT80 V44OA96A Size: 190782MB BusType: 3
15:08:14.671 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-1b
15:08:14.671 Disk 1 Vendor: ST3250620A 3.AAE Size: 238475MB BusType: 3
15:08:14.703 Disk 0 MBR read successfully
15:08:14.703 Disk 0 MBR scan
15:08:14.703 Disk 0 unknown MBR code
15:08:14.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 186214 MB offset 9333765
15:08:14.734 Disk 0 Partition 2 00 0B FAT32 RECOVERY 4557 MB offset 63
15:08:14.750 Disk 0 scanning sectors +390700800
15:08:14.796 Disk 0 scanning C:\WINDOWS\system32\drivers
15:08:27.046 Service scanning
15:08:27.562 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
15:08:28.265 Modules scanning
15:08:37.296 Disk 0 trace - called modules:
15:08:37.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8a4018ac]<<
15:08:37.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2d5ab8]
15:08:37.343 3 CLASSPNP.SYS[b8168fd7] -> nt!IofCallDriver -> \Device\00000091[0x8a32f9e8]
15:08:37.359 5 ACPI.sys[b7e7d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-13[0x8a2d9940]
15:08:37.875 AVAST engine scan C:\WINDOWS
15:08:57.406 AVAST engine scan C:\WINDOWS\system32
15:11:42.031 AVAST engine scan C:\WINDOWS\system32\drivers
15:12:04.328 AVAST engine scan C:\Documents and Settings\Owner
16:03:06.593 AVAST engine scan C:\Documents and Settings\All Users
16:08:05.703 Scan finished successfully
16:18:16.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
16:18:16.625 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   559bytes   91 downloads

  • 0

#10
maliprog
Posted 27 January 2012 - 12:00 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Mack Cockburn,

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#11
Mack Cockburn
Posted 29 January 2012 - 12:33 AM

Mack Cockburn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks. Everything seems to be running as per usual.




ComboFix 12-01-29.01 - Owner 01/28/2012 22:13:41.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.934 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\Application Data\inst.exe
c:\documents and settings\Owner\Application Data\vso_ts_preview.xml
c:\documents and settings\Owner\WINDOWS
C:\Install.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\SET8F.tmp
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET11E.tmp
c:\windows\system32\SET120.tmp
c:\windows\system32\SET12C.tmp
c:\windows\system32\SETB5.tmp
c:\windows\system32\SETB7.tmp
c:\windows\system32\SETBB.tmp
c:\windows\system32\SETBD.tmp
c:\windows\system32\SETCD.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\SETD1.tmp
c:\windows\system32\SETD5.tmp
c:\windows\system32\SETD7.tmp
c:\windows\Update.bat
c:\windows\VM305Cap.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 )))))))))))))))))))))))))))))))
.
.
2012-01-26 22:51 . 2012-01-26 22:51 -------- d-----w- C:\_OTL
2012-01-17 08:41 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-17 08:40 . 2012-01-17 08:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-17 07:58 . 2012-01-17 07:59 -------- d-----w- C:\RK_Quarantine
2012-01-17 07:41 . 2012-01-05 09:04 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-01-14 06:45 . 2012-01-14 06:46 -------- d-----w- c:\program files\All The Right Type 3 Demo
2012-01-05 09:05 . 2012-01-05 09:04 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-05 08:47 . 2011-12-23 15:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-12-31 05:50 . 2011-12-31 05:50 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-31 05:50 . 2011-12-31 05:50 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-31 05:50 . 2011-12-31 05:50 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-31 05:50 . 2011-12-31 05:50 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 04:23 . 2011-07-11 17:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2010-10-23 22:22 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2009-02-22 01:51 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-05-18 17:12 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2009-02-22 01:51 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2009-02-22 01:51 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2009-02-22 01:51 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2009-02-22 01:51 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2009-02-22 01:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2009-02-22 01:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2009-02-22 01:51 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-25 21:57 . 2004-08-26 16:12 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-26 16:12 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-26 16:12 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-26 16:12 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-26 16:12 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2004-08-26 16:12 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-26 16:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-26 16:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-26 16:11 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-26 16:12 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-26 16:12 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-26 16:12 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-12-31 05:50 . 2011-12-02 22:06 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Semagic"="c:\program files\Semagic\LiveJournalU.exe" [2008-07-27 2383952]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-07-29 327472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"CHotkey"="zHotkey.exe" [2004-12-09 550912]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-14 14820864]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-09-28 185688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-02-23 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-02-23 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-08-14 800768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
"BigDog305"="c:\windows\VM305_STI.EXE" [2007-01-05 61440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
LiveJournal.lnk - c:\program files\LiveJournal\LiveJournal.exe [2002-8-30 438272]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/5/2012 12:47 AM 64512]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/13/2006 2:00 PM 685816]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/18/2011 9:12 AM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/21/2009 5:51 PM 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/21/2009 5:51 PM 20568]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/17/2012 12:41 AM 652872]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [1/31/2011 12:01 PM 68928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/17/2012 12:41 AM 20464]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6/21/2009 3:24 PM 47360]
R3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys [1/1/2009 5:50 PM 474368]
R3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\drivers\usbVM305.sys [1/1/2009 5:50 PM 1466624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/31/2009 4:30 PM 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/23/2011 7:12 AM 2152152]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/31/2009 4:30 PM 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [10/26/2007 6:52 PM 40832]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [9/24/2010 11:31 PM 27064]
S3 SUNPLUS;SightCAM PC-100p;c:\windows\system32\Drivers\SPIXNEW.SYS --> c:\windows\system32\Drivers\SPIXNEW.SYS [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/26/2004 8:12 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 38467058
*NewlyCreated* - ASWMBR
*Deregistered* - 38467058
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 09:03]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 00:30]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 00:30]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1198101916-2928258585-112741002-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-23 00:24]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1198101916-2928258585-112741002-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-23 00:24]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://ca.search.yahoo.com
IE: Copy to Semagic - c:\program files\Semagic\copy.htm
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: Semagic - c:\program files\Semagic\link.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A1038EEC-8F3A-4525-A984-F85F87662323}: NameServer = 192.168.1.254,192.168.1.1
TCP: Interfaces\{A11E6FFF-DDF5-4993-92D6-BD13BCACEC97}: NameServer = 64.59.144.17
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn8f02ux.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-NWEReboot - (no file)
AddRemove-Go, Diego, Go Snapshots - c:\program files\Go
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-28 22:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1198101916-2928258585-112741002-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-01-28 22:29:23
ComboFix-quarantined-files.txt 2012-01-29 06:29
.
Pre-Run: 130,914,369,536 bytes free
Post-Run: 131,357,511,680 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - BC14CEF7E302798ACED5318112B602C6
  • 0

#12
maliprog
Posted 29 January 2012 - 12:44 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
How is your system now? Any problems?
  • 0

#13
maliprog
Posted 08 February 2012 - 11:49 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP