ComboFix 12-02-03.02 - Lauras 03/02/2012 15:23:48.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.111 [GMT -5:00]
Running from: c:\documents and settings\Lauras\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Lauras\Desktop\ebooks\7_SUPE~1\7SUPER~1\7SE136~1.exe
c:\documents and settings\All Users\Application Data\agrqaaa.tmp
c:\documents and settings\All Users\Application Data\boxpaaa.tmp
c:\documents and settings\All Users\Application Data\cgrqaaa.tmp
c:\documents and settings\All Users\Application Data\cjdraaa.tmp
c:\documents and settings\All Users\Application Data\dgrqaaa.tmp
c:\documents and settings\All Users\Application Data\djdraaa.tmp
c:\documents and settings\All Users\Application Data\doxpaaa.tmp
c:\documents and settings\All Users\Application Data\egrqaaa.tmp
c:\documents and settings\All Users\Application Data\eoxpaaa.tmp
c:\documents and settings\All Users\Application Data\erjqaaa.tmp
c:\documents and settings\All Users\Application Data\euvqaaa.tmp
c:\documents and settings\All Users\Application Data\fuvqaaa.tmp
c:\documents and settings\All Users\Application Data\gjdraaa.tmp
c:\documents and settings\All Users\Application Data\grjqaaa.tmp
c:\documents and settings\All Users\Application Data\guvqaaa.tmp
c:\documents and settings\All Users\Application Data\huvqaaa.tmp
c:\documents and settings\All Users\Application Data\ifoqaaa.tmp
c:\documents and settings\All Users\Application Data\imslaaa.tmp
c:\documents and settings\All Users\Application Data\iuvqaaa.tmp
c:\documents and settings\All Users\Application Data\jmslaaa.tmp
c:\documents and settings\All Users\Application Data\ktsqaaa.tmp
c:\documents and settings\All Users\Application Data\liaraaa.tmp
c:\documents and settings\All Users\Application Data\ltsqaaa.tmp
c:\documents and settings\All Users\Application Data\mlmraaa.tmp
c:\documents and settings\All Users\Application Data\mmrpaaa.tmp
c:\documents and settings\All Users\Application Data\mtsqaaa.tmp
c:\documents and settings\All Users\Application Data\nlmraaa.tmp
c:\documents and settings\All Users\Application Data\nmrpaaa.tmp
c:\documents and settings\All Users\Application Data\ntsqaaa.tmp
c:\documents and settings\All Users\Application Data\olmraaa.tmp
c:\documents and settings\All Users\Application Data\omrpaaa.tmp
c:\documents and settings\All Users\Application Data\otsqaaa.tmp
c:\documents and settings\All Users\Application Data\pmrpaaa.tmp
c:\documents and settings\All Users\Application Data\ppdqaaa.tmp
c:\documents and settings\All Users\Application Data\qmrpaaa.tmp
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\zddebaa.tmp
c:\documents and settings\Lauras\g2mdlhlpx.exe
c:\documents and settings\Lauras\Local Settings\Application Data\assembly\tmp
c:\program files\Internet Explorer\SETE4.tmp
c:\windows\$NtUninstallKB19978$
c:\windows\$NtUninstallKB19978$\1712049141
c:\windows\$NtUninstallKB19978$\4103322265\@
c:\windows\$NtUninstallKB19978$\4103322265\cfg.ini
c:\windows\$NtUninstallKB19978$\4103322265\Desktop.ini
c:\windows\$NtUninstallKB19978$\4103322265\L\raciboqm
c:\windows\$NtUninstallKB19978$\4103322265\oemid
c:\windows\$NtUninstallKB19978$\4103322265\U\00000001.@
c:\windows\$NtUninstallKB19978$\4103322265\U\00000002.@
c:\windows\$NtUninstallKB19978$\4103322265\U\00000004.@
c:\windows\$NtUninstallKB19978$\4103322265\U\80000000.@
c:\windows\$NtUninstallKB19978$\4103322265\U\80000004.@
c:\windows\$NtUninstallKB19978$\4103322265\U\80000032.@
c:\windows\$NtUninstallKB19978$\4103322265\version
c:\windows\system32\Packet.dll
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET102.tmp
c:\windows\system32\SET103.tmp
c:\windows\system32\SET104.tmp
c:\windows\system32\SET105.tmp
c:\windows\system32\SET106.tmp
c:\windows\system32\SET73.tmp
c:\windows\system32\SET74.tmp
c:\windows\system32\SET75.tmp
c:\windows\system32\SET76.tmp
c:\windows\system32\SET7C.tmp
c:\windows\system32\SET7D.tmp
c:\windows\system32\SET7E.tmp
c:\windows\system32\SET82.tmp
c:\windows\system32\SET84.tmp
c:\windows\system32\SET86.tmp
c:\windows\system32\SET8B.tmp
c:\windows\system32\SET8E.tmp
c:\windows\system32\SET92.tmp
c:\windows\system32\SET9A.tmp
c:\windows\system32\SETCC.tmp
c:\windows\system32\SETCD.tmp
c:\windows\system32\SETCE.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\SETD0.tmp
c:\windows\system32\SETD4.tmp
c:\windows\system32\SETD5.tmp
c:\windows\system32\SETD6.tmp
c:\windows\system32\SETD7.tmp
c:\windows\system32\SETDB.tmp
c:\windows\system32\SETDD.tmp
c:\windows\system32\SETDE.tmp
c:\windows\system32\SETDF.tmp
c:\windows\system32\SETE1.tmp
c:\windows\system32\SETE5.tmp
c:\windows\system32\SETE7.tmp
c:\windows\system32\SETE8.tmp
c:\windows\system32\SETEB.tmp
c:\windows\system32\SETF0.tmp
c:\windows\system32\SETF3.tmp
c:\windows\system32\SETF4.tmp
c:\windows\system32\SETF5.tmp
c:\windows\system32\SETF7.tmp
c:\windows\system32\SETFB.tmp
c:\windows\system32\SETFC.tmp
c:\windows\system32\SETFD.tmp
c:\windows\system32\SETFE.tmp
c:\windows\system32\wpcap.dll
.
c:\windows\system32\winlogon.exe . . . is infected!!
.
c:\windows\system32\svchost.exe . . . is infected!!
.
c:\windows\explorer.exe . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))
.
.
2012-02-03 20:46 . 2012-02-03 20:47 864 ----a-w- c:\documents and settings\All Users\Application Data\yklpaaa.tmp
2012-01-31 04:29 . 2012-01-31 04:29 -------- d-----w- c:\program files\EMCO
2012-01-31 04:28 . 2012-01-31 04:28 -------- d-----w- C:\install
2012-01-30 00:06 . 2012-01-30 00:06 -------- d-sh--w- c:\documents and settings\Testing\IETldCache
2012-01-29 15:31 . 2012-01-29 15:31 -------- d-----w- c:\documents and settings\Lauras\Application Data\ElevatedDiagnostics
2012-01-27 14:39 . 2012-01-27 14:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-01-27 14:25 . 2012-01-27 14:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-01-27 14:24 . 2012-01-27 14:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-01-27 14:10 . 2012-01-27 14:10 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2012-01-27 13:29 . 2012-01-27 13:29 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2012-01-25 22:55 . 2012-01-25 22:55 -------- d-----w- c:\documents and settings\Lauras\Application Data\PC-FAX TX
2012-01-25 20:49 . 2012-01-25 21:01 -------- d-----w- c:\documents and settings\Lauras\Application Data\ControlCenter4
2012-01-25 20:22 . 2004-08-09 06:42 77824 ----a-w- c:\windows\system32\BRLMW03A.DLL
2012-01-25 20:22 . 2005-01-17 07:10 45056 ----a-w- c:\windows\system32\BRTCPCON.DLL
2012-01-25 20:22 . 2010-04-02 05:33 25299 ----a-w- c:\windows\system32\BRLM03A.DLL
2012-01-25 20:22 . 2010-10-14 02:37 103792 ----a-w- c:\windows\system32\BRRBI110.EXE
2012-01-25 20:22 . 2010-03-15 16:20 50176 ----a-w- c:\windows\system32\BRPRTINK.DLL
2012-01-25 20:22 . 2009-11-03 03:06 11520 ----a-w- c:\windows\system32\drivers\BrUsbSib.sys
2012-01-25 20:22 . 2009-11-03 03:06 71424 ----a-w- c:\windows\system32\drivers\BrSerIb.sys
2012-01-25 20:22 . 2010-09-14 10:07 55808 ----a-w- c:\windows\system32\BrUsi11a.dll
2012-01-25 20:22 . 2010-12-21 00:47 1481216 ----a-w- c:\windows\system32\BrWia11a.dll
2012-01-25 20:22 . 2010-04-01 10:28 217088 ----a-w- c:\windows\system32\BrJDec.dll
2012-01-25 20:22 . 2004-10-15 03:50 15295 ----a-w- c:\windows\system32\drivers\BrScnUsb.sys
2012-01-25 20:21 . 2012-01-25 20:21 -------- d-----w- C:\Brother
2012-01-25 20:21 . 2006-07-07 17:40 73728 ------w- c:\windows\system32\BRCrypt.dll
2012-01-25 20:21 . 2012-01-25 20:21 -------- d-----w- c:\program files\Browny02
2012-01-25 20:21 . 2012-01-25 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ControlCenter4
2012-01-25 20:20 . 2012-01-25 20:21 -------- d-----w- c:\program files\ControlCenter4
2012-01-25 20:20 . 2011-03-01 23:53 118784 ------w- c:\windows\system32\BrMfNt.dll
2012-01-25 20:20 . 2009-10-13 21:59 180224 ------w- c:\windows\system32\BrMuSNMP.dll
2012-01-25 20:20 . 2009-12-08 21:17 225280 ------w- c:\windows\system32\BrfxD05c.dll
2012-01-25 20:19 . 2011-04-08 00:04 3072 ------w- c:\windows\system32\BrDctF2S.dll
2012-01-25 20:19 . 2011-01-27 18:24 217088 ------w- c:\windows\system32\NSSearch.dll
2012-01-25 20:19 . 2010-03-16 00:45 73728 ------w- c:\windows\system32\BrDctF2.dll
2012-01-25 20:19 . 2007-12-14 03:16 5120 ------w- c:\windows\system32\BrDctF2L.dll
2012-01-25 20:19 . 2010-02-05 02:42 180224 ----a-w- c:\windows\system32\BROSNMP.DLL
2012-01-25 20:17 . 2012-01-25 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2012-01-25 20:16 . 2012-01-25 20:16 -------- d-----w- c:\documents and settings\Lauras\Application Data\InstallShield
2012-01-25 20:02 . 2012-01-25 20:06 -------- d-----w- c:\program files\MFCJ625D
2012-01-25 14:50 . 2012-01-25 14:50 -------- d-----w- c:\program files\Starfield
2012-01-25 14:50 . 2012-01-25 14:50 -------- d-----w- c:\documents and settings\Lauras\Local Settings\Application Data\Workspace
2012-01-25 14:50 . 2012-01-25 14:51 -------- d-----w- c:\program files\Workspace
2012-01-12 21:59 . 2012-01-12 21:59 -------- d-sh--w- c:\documents and settings\Lauras\IECompatCache
2012-01-12 21:48 . 2012-01-12 21:48 -------- d-sh--w- c:\documents and settings\Lauras\PrivacIE
2012-01-12 21:45 . 2012-01-12 21:45 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-01-12 21:45 . 2012-01-12 21:45 -------- d-sh--w- c:\documents and settings\Lauras\IETldCache
2012-01-12 21:42 . 2012-01-12 21:42 -------- d--h--w- c:\windows\msdownld.tmp
2012-01-12 21:25 . 2012-01-12 21:30 -------- dc-h--w- c:\windows\ie8
2012-01-12 21:17 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-01-12 21:17 . 2011-11-04 19:20 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-01-12 21:17 . 2011-11-04 19:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-01-12 21:17 . 2011-11-04 19:20 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-01-10 20:28 . 2012-01-10 20:29 -------- d-----w- c:\documents and settings\Lauras\Application Data\MobileBlogX
2012-01-10 20:28 . 2012-01-10 20:28 -------- d-----w- c:\program files\MobileBlogX
2012-01-09 19:59 . 2012-01-10 03:09 -------- d-----w- c:\documents and settings\Lauras\Application Data\FileZilla
2012-01-09 19:58 . 2012-01-09 19:58 -------- d-----w- c:\program files\FileZilla FTP Client
2012-01-07 16:29 . 2012-01-07 16:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-04-27 17:44 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-14 03:42 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-04-13 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 03:42 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-14 03:42 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-14 03:42 152064 ----a-w- c:\windows\system32\schannel.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Lauras\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DiamondView"="c:\program files\Manulife Financial\Diamond View\Diamondview.exe" [2008-01-11 949248]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-01-30 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2011-08-23 20:03 50592 ----a-w- c:\documents and settings\Lauras\Application Data\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter4]
2011-04-20 22:53 139264 ----a-w- c:\program files\ControlCenter4\BrCcBoot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starfield Updater]
2012-01-25 14:50 34496 ----a-w- c:\program files\Workspace\workspaceupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\vbuzzer\\VBuzzer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Documents and Settings\\Lauras\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\Bell\\Internet Service Advisor\\ServicepointService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:*:Disabled:mail
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\Drivers\Brfilt.sys [2001-08-17 2944]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-11-03 71424]
R3 BrSerWDM;Brother Serial driver;c:\windows\system32\Drivers\BrSerWdm.sys [2003-03-14 61952]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\Drivers\BrUsbMdm.sys [2001-08-17 11008]
R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\Drivers\BrUsbScn.sys [2001-08-17 10368]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-11-03 11520]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 File Backup;File Backup Service;c:\program files\Workspace\offSyncService.exe [2012-01-05 1187600]
R3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
R4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
R4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2012-01-30 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2012-01-30 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-01-30 116608]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2011-01-06 689464]
.
.
Contents of the 'Scheduled Tasks' folder
.
2010-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:59]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:59]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-813497703-1177238915-1003Core.job
- c:\documents and settings\Lauras\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-02 14:37]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-813497703-1177238915-1003UA.job
- c:\documents and settings\Lauras\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-02 14:37]
.
2012-01-12 c:\windows\Tasks\User_Feed_Synchronization-{A255B638-3B36-492C-A237-EB049335EE79}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
2011-06-17 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: salesforce.com\na6
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 206.248.154.22
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-dplaysvr - c:\documents and settings\Lauras\Application Data\dplaysvr.exe
MSConfigStartUp-TrueImageMonitor - c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-03 15:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,86,d2,b0,8c,c4,42,4e,a4,b0,eb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,86,d2,b0,8c,c4,42,4e,a4,b0,eb,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="FC12EA6D08AA9ED6A50A9AE77F75F1639D329EC9F059C3A4B74BA4384D5215344FBE6DF63B1CBCF86B4BC86A932012AD26C1E922BA7D60F56C4903F64196B6080B41B8C0DC3779DE8625E30A2944CF05CF8C9F663CFE58E6363129D08F5AB4BC3E8D15942E596280B40348CF3E84DDF1A498D004D16AA2AF8CC0FE3090B2EC5C6CB9DB00A4C158D624F3E50D85EA44FEA18C222B0CB00A0B5658FDC7D01A8FF30C02FE56E81492E17A2D41D3E6635CBCB7B64E4F2B28313DF480348B106FA1148943FE2E5A561B234E05F2FA7BBD55BDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A9C6AECB7A5D1407C038D530D6EB34522A36039169EA5106F8D42C9A049C475C3BEB37A0124430EC6514134E36191B665A64AC19420C808DC4E839FD0075A8824A923D5145DB669D04C9F09B59C69C4DC904F10CA69E1A94526FC1F0BF1DC00C9CB0974A39597C79ADA600E8C34D0E7B9CCA4C98AC81A0B5729AD5E3973F3722CE8F8D5F1BCC6060EC2BDA86A145BF9E6A944CB19C7AE890E8BB1B8A0DE506F6F19AF72152AB4F31407EAE0B532F56E83EDE948C762F1D48ECCA48DAD8827B3D0C6444EA72515FCF19E9BFCD6E6BCB1015CDDB22E8AB3A81ABE4A910EBE8BB2B96A172D64879F6A65D5A62ED3A426C4DE3276F345BDE92E8C4C920A9E7D1BC7E7BAA1AC4D4C4D122E663814AB35C58DE11D62CC0669D4CACCBDC9F6BA2DA49761F7D625ACABA01B1053A9B8A0CC98505776B0711D71D617EC82631DB288180D5D439097F9043E64BF9B84296A67C3B876697862EB1791F94B8516F46362C546465A3605F43ABBB6679DC9D1B1C4A97AE21B2C66529B226AB0BAE0D39BFA20D6F8FA5CB6BB1268B802FC8E50A3A6D8A48DE38F4C928ACED8124324C886992C3C3034D4756DF48B69AB8C16A188005D8A5C8C456324AACBF58DAF286CB108A68386449DD99840BEEB828B10DBE23139C1E001E4337E3E0B9F67D2EA75D42803DA24E7031F08B4BBD620428443A0B7EC08897A82338F8564D2849422FDBBF4CD8DD4C3A775C144B7E26C5541A8D559007C59471F856C20240BAF33533AC0229274BDFC4781FF2B06194DB0EAD7BD1F88434F325D6F8AFBAAB0225AC5AF33239E54EFE4F93C22E83E9C0274F308F8549A1BC251962C8603C7ED2F876619FAF00A74D914138930332EFC47F346816A8F81AC608C25935AB2579890080195D8C6654B574A16C205E8E1EBD2E01B09F28E001BFF63D89701A78B3033D60E59F8EB8A575791EC93EE54C754AEF9A7602A440391B3B47D6EFE81F1523A8CC3E1FB1A6AB0165077D067107491078893E55713AFBCD1544B8ED89E3DD5130A230D6A2454751F05147510AB94238ECFD9BF71854D5D0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(816)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2956)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\brsvc01a.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\program files\Windows Live\Toolbar\wltuser.exe
c:\windows\Network Diagnostic\xpnetdiag.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Windows Live\Toolbar\wltuser.exe
.
**************************************************************************
.
Completion time: 2012-02-03 16:08:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-03 21:07
.
Pre-Run: 33,480,642,560 bytes free
Post-Run: 33,688,616,960 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 869231FC1015DCD889CD7FCD659A4983
-----------tdskiller 1 =============================
16:13:30.0734 1260 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
16:13:33.0015 1260 ============================================================
16:13:33.0015 1260 Current date / time: 2012/02/03 16:13:33.0015
16:13:33.0015 1260 SystemInfo:
16:13:33.0015 1260
16:13:33.0031 1260 OS Version: 5.1.2600 ServicePack: 3.0
16:13:33.0031 1260 Product type: Workstation
16:13:33.0031 1260 ComputerName: LAURA
16:13:33.0031 1260 UserName: Lauras
16:13:33.0031 1260 Windows directory: C:\WINDOWS
16:13:33.0031 1260 System windows directory: C:\WINDOWS
16:13:33.0031 1260 Processor architecture: Intel x86
16:13:33.0031 1260 Number of processors: 1
16:13:33.0031 1260 Page size: 0x1000
16:13:33.0031 1260 Boot type: Normal boot
16:13:33.0031 1260 ============================================================
16:13:54.0453 1260 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:13:54.0812 1260 \Device\Harddisk0\DR0:
16:13:54.0906 1260 MBR used
16:13:54.0906 1260 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
16:13:55.0484 1260 Initialize success
16:13:55.0484 1260 ============================================================
16:13:59.0703 2824 ============================================================
16:13:59.0703 2824 Scan started
16:13:59.0703 2824 Mode: Manual;
16:13:59.0703 2824 ============================================================
16:14:02.0390 2824 Abiosdsk - ok
16:14:02.0453 2824 abp480n5 - ok
16:14:02.0515 2824 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:14:02.0531 2824 ACPI - ok
16:14:02.0578 2824 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:14:02.0578 2824 ACPIEC - ok
16:14:02.0640 2824 adpu160m - ok
16:14:02.0890 2824 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:14:02.0890 2824 aec - ok
16:14:03.0281 2824 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:14:03.0281 2824 AegisP - ok
16:14:03.0515 2824 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:14:03.0656 2824 AFD - ok
16:14:03.0984 2824 Aha154x - ok
16:14:04.0218 2824 aic78u2 - ok
16:14:04.0390 2824 aic78xx - ok
16:14:05.0312 2824 ALCXWDM (8a8909fdd548d84a3e02e04f699ee705) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:14:07.0031 2824 ALCXWDM - ok
16:14:07.0171 2824 AliIde - ok
16:14:07.0453 2824 amsint - ok
16:14:07.0687 2824 asc - ok
16:14:07.0906 2824 asc3350p - ok
16:14:08.0234 2824 asc3550 - ok
16:14:08.0578 2824 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:14:08.0609 2824 AsyncMac - ok
16:14:09.0156 2824 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:14:09.0156 2824 atapi - ok
16:14:09.0828 2824 Atdisk - ok
16:14:10.0406 2824 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:14:10.0437 2824 Atmarpc - ok
16:14:11.0031 2824 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:14:11.0078 2824 audstub - ok
16:14:11.0531 2824 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
16:14:11.0562 2824 AVGIDSDriver - ok
16:14:11.0953 2824 AVGIDSEH - ok
16:14:12.0468 2824 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
16:14:12.0484 2824 AVGIDSFilter - ok
16:14:12.0765 2824 AVGIDSShim - ok
16:14:13.0265 2824 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:14:13.0531 2824 Avgldx86 - ok
16:14:16.0187 2824 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:14:16.0281 2824 Avgmfx86 - ok
16:14:17.0031 2824 Avgrkx86 - ok
16:14:17.0453 2824 Avgtdix - ok
16:14:17.0875 2824 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
16:14:17.0906 2824 BCM43XX - ok
16:14:18.0031 2824 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:14:18.0031 2824 Beep - ok
16:14:18.0171 2824 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
16:14:18.0187 2824 brfilt - ok
16:14:18.0265 2824 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
16:14:18.0265 2824 BrScnUsb - ok
16:14:18.0359 2824 BrSerIb (9f80879913dc2712fd0c4d734e3f519b) C:\WINDOWS\system32\DRIVERS\BrSerIb.sys
16:14:18.0406 2824 BrSerIb - ok
16:14:18.0484 2824 BrSerWDM (791ef93168dcf057715493d607e37983) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
16:14:18.0484 2824 BrSerWDM - ok
16:14:18.0531 2824 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
16:14:18.0531 2824 BrUsbMdm - ok
16:14:18.0578 2824 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
16:14:18.0578 2824 BrUsbScn - ok
16:14:18.0671 2824 BrUsbSIb (b67512da42c0c90bf236d5485226c1c7) C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys
16:14:18.0687 2824 BrUsbSIb - ok
16:14:19.0031 2824 catchme - ok
16:14:19.0218 2824 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:14:19.0234 2824 cbidf2k - ok
16:14:19.0265 2824 cd20xrnt - ok
16:14:19.0328 2824 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:14:19.0328 2824 Cdaudio - ok
16:14:19.0453 2824 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:14:19.0453 2824 Cdfs - ok
16:14:19.0546 2824 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:14:19.0562 2824 Cdrom - ok
16:14:19.0609 2824 Changer - ok
16:14:19.0750 2824 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:14:19.0750 2824 CmBatt - ok
16:14:19.0828 2824 CmdIde - ok
16:14:19.0906 2824 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:14:19.0906 2824 Compbatt - ok
16:14:20.0000 2824 Cpqarray - ok
16:14:20.0109 2824 dac2w2k - ok
16:14:20.0156 2824 dac960nt - ok
16:14:20.0250 2824 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:14:20.0250 2824 Disk - ok
16:14:20.0531 2824 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:14:20.0625 2824 dmboot - ok
16:14:20.0718 2824 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:14:20.0750 2824 dmio - ok
16:14:20.0796 2824 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:14:20.0812 2824 dmload - ok
16:14:20.0906 2824 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:14:20.0937 2824 DMusic - ok
16:14:21.0109 2824 dpti2o - ok
16:14:21.0171 2824 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:14:21.0203 2824 drmkaud - ok
16:14:21.0421 2824 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:14:21.0468 2824 Fastfat - ok
16:14:21.0593 2824 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:14:21.0640 2824 Fdc - ok
16:14:21.0796 2824 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:14:21.0796 2824 Fips - ok
16:14:21.0828 2824 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:14:21.0828 2824 Flpydisk - ok
16:14:22.0046 2824 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:14:22.0156 2824 FltMgr - ok
16:14:22.0640 2824 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
16:14:22.0656 2824 fssfltr - ok
16:14:22.0828 2824 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:14:22.0843 2824 Fs_Rec - ok
16:14:24.0296 2824 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:14:24.0406 2824 Ftdisk - ok
16:14:25.0312 2824 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:14:25.0343 2824 Gpc - ok
16:14:26.0062 2824 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:14:26.0156 2824 HidUsb - ok
16:14:29.0859 2824 hpn - ok
16:14:30.0171 2824 HSFHWICH (a4877a17e87d6e6ab959b36b9ef3de8a) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
16:14:30.0171 2824 HSFHWICH - ok
16:14:30.0343 2824 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
16:14:30.0562 2824 HSF_DP - ok
16:14:30.0734 2824 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:14:30.0750 2824 HTTP - ok
16:14:30.0890 2824 i2omgmt - ok
16:14:30.0921 2824 i2omp - ok
16:14:30.0984 2824 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:14:31.0000 2824 i8042prt - ok
16:14:31.0968 2824 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:14:32.0546 2824 ialm - ok
16:14:32.0734 2824 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:14:32.0734 2824 Imapi - ok
16:14:32.0796 2824 ini910u - ok
16:14:32.0921 2824 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:14:32.0968 2824 IntelIde - ok
16:14:33.0046 2824 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:14:33.0046 2824 intelppm - ok
16:14:33.0140 2824 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:14:33.0156 2824 Ip6Fw - ok
16:14:33.0390 2824 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:14:33.0390 2824 IpFilterDriver - ok
16:14:33.0609 2824 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:14:33.0609 2824 IpInIp - ok
16:14:33.0703 2824 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:14:33.0703 2824 IpNat - ok
16:14:33.0828 2824 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:14:33.0843 2824 IPSec - ok
16:14:33.0906 2824 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:14:33.0906 2824 IRENUM - ok
16:14:34.0015 2824 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:14:34.0031 2824 isapnp - ok
16:14:34.0109 2824 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:14:34.0140 2824 Kbdclass - ok
16:14:34.0234 2824 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:14:34.0250 2824 kmixer - ok
16:14:34.0359 2824 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:14:34.0359 2824 KSecDD - ok
16:14:34.0562 2824 L8042pr2 (a006d66edb128fb9ab940a903fdf792e) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
16:14:34.0562 2824 L8042pr2 - ok
16:14:34.0703 2824 lbrtfdc - ok
16:14:35.0093 2824 LMouFlt2 (03abef1a29addc98c32ed0f336b98e90) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
16:14:35.0125 2824 LMouFlt2 - ok
16:14:35.0359 2824 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:14:35.0359 2824 mdmxsdk - ok
16:14:35.0625 2824 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
16:14:35.0656 2824 mf - ok
16:14:36.0109 2824 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:14:36.0156 2824 mnmdd - ok
16:14:36.0484 2824 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:14:36.0500 2824 Modem - ok
16:14:36.0828 2824 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:14:36.0828 2824 Mouclass - ok
16:14:37.0406 2824 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:14:37.0421 2824 mouhid - ok
16:14:37.0859 2824 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:14:37.0859 2824 MountMgr - ok
16:14:38.0046 2824 mraid35x - ok
16:14:38.0406 2824 MREMP50 - ok
16:14:38.0437 2824 MREMP50a64 - ok
16:14:38.0453 2824 MRESP50 - ok
16:14:38.0484 2824 MRESP50a64 - ok
16:14:38.0937 2824 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:14:39.0062 2824 MRxDAV - ok
16:14:40.0671 2824 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:14:41.0015 2824 MRxSmb - ok
16:14:41.0531 2824 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:14:41.0546 2824 Msfs - ok
16:14:41.0890 2824 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:14:41.0906 2824 MSKSSRV - ok
16:14:42.0375 2824 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:14:42.0390 2824 MSPCLOCK - ok
16:14:42.0609 2824 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:14:42.0625 2824 MSPQM - ok
16:14:43.0031 2824 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:14:43.0031 2824 mssmbios - ok
16:14:43.0343 2824 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:14:43.0343 2824 Mup - ok
16:14:43.0718 2824 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:14:43.0843 2824 NDIS - ok
16:14:44.0218 2824 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:14:44.0250 2824 NdisTapi - ok
16:14:44.0343 2824 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:14:44.0343 2824 Ndisuio - ok
16:14:44.0437 2824 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:14:44.0468 2824 NdisWan - ok
16:14:44.0578 2824 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:14:44.0640 2824 NDProxy - ok
16:14:44.0828 2824 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:14:44.0953 2824 NetBIOS - ok
16:14:45.0218 2824 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:14:45.0234 2824 NetBT - ok
16:14:45.0515 2824 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:14:45.0515 2824 Npfs - ok
16:14:45.0750 2824 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:14:45.0781 2824 Ntfs - ok
16:14:45.0937 2824 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:14:45.0937 2824 Null - ok
16:14:46.0046 2824 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:14:46.0046 2824 NwlnkFlt - ok
16:14:46.0203 2824 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:14:46.0203 2824 NwlnkFwd - ok
16:14:46.0359 2824 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
16:14:46.0375 2824 Parport - ok
16:14:46.0531 2824 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:14:46.0531 2824 PartMgr - ok
16:14:46.0765 2824 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:14:46.0765 2824 ParVdm - ok
16:14:46.0968 2824 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:14:46.0968 2824 PCI - ok
16:14:47.0046 2824 PCIDump - ok
16:14:47.0125 2824 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:14:47.0406 2824 PCIIde - ok
16:14:47.0656 2824 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:14:47.0671 2824 Pcmcia - ok
16:14:48.0015 2824 PDCOMP - ok
16:14:48.0093 2824 PDFRAME - ok
16:14:48.0203 2824 PDRELI - ok
16:14:48.0390 2824 PDRFRAME - ok
16:14:48.0562 2824 perc2 - ok
16:14:48.0812 2824 perc2hib - ok
16:14:49.0484 2824 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:14:49.0515 2824 PptpMiniport - ok
16:14:50.0125 2824 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:14:50.0234 2824 PSched - ok
16:14:50.0984 2824 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:14:51.0000 2824 Ptilink - ok
16:14:51.0421 2824 ql1080 - ok
16:14:52.0000 2824 Ql10wnt - ok
16:14:52.0343 2824 ql12160 - ok
16:14:52.0625 2824 ql1240 - ok
16:14:52.0890 2824 ql1280 - ok
16:14:53.0343 2824 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:14:53.0343 2824 RasAcd - ok
16:14:53.0781 2824 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:14:53.0796 2824 Rasl2tp - ok
16:14:54.0343 2824 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:14:54.0390 2824 RasPppoe - ok
16:14:54.0812 2824 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:14:54.0843 2824 Raspti - ok
16:14:55.0765 2824 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:14:56.0000 2824 Rdbss - ok
16:14:57.0187 2824 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:14:57.0250 2824 RDPCDD - ok
16:14:57.0953 2824 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:14:58.0968 2824 rdpdr - ok
16:14:59.0453 2824 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:14:59.0500 2824 RDPWD - ok
16:14:59.0750 2824 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:14:59.0796 2824 redbook - ok
16:15:00.0546 2824 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
16:15:00.0578 2824 RTL8023xp - ok
16:15:02.0015 2824 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
16:15:02.0046 2824 rtl8139 - ok
16:15:02.0609 2824 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:15:02.0750 2824 SASDIFSV - ok
16:15:03.0250 2824 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:15:03.0421 2824 SASKUTIL - ok
16:15:04.0156 2824 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:15:04.0203 2824 Secdrv - ok
16:15:04.0718 2824 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
16:15:04.0718 2824 Serial - ok
16:15:04.0843 2824 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:15:04.0843 2824 Sfloppy - ok
16:15:04.0875 2824 Simbad - ok
16:15:04.0953 2824 Sparrow - ok
16:15:05.0234 2824 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:15:05.0265 2824 splitter - ok
16:15:05.0625 2824 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:15:05.0625 2824 sr - ok
16:15:05.0921 2824 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:15:06.0265 2824 Srv - ok
16:15:07.0062 2824 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:15:07.0093 2824 swenum - ok
16:15:07.0781 2824 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:15:07.0828 2824 swmidi - ok
16:15:08.0078 2824 symc810 - ok
16:15:08.0421 2824 symc8xx - ok
16:15:08.0843 2824 sym_hi - ok
16:15:09.0140 2824 sym_u3 - ok
16:15:10.0750 2824 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:15:10.0828 2824 sysaudio - ok
16:15:11.0406 2824 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:15:11.0828 2824 Tcpip - ok
16:15:12.0437 2824 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:15:12.0437 2824 TDPIPE - ok
16:15:12.0875 2824 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:15:12.0875 2824 TDTCP - ok
16:15:13.0093 2824 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:15:13.0125 2824 TermDD - ok
16:15:13.0406 2824 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
16:15:13.0437 2824 tifsfilter - ok
16:15:13.0875 2824 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
16:15:14.0125 2824 timounter - ok
16:15:14.0453 2824 TosIde - ok
16:15:16.0781 2824 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:15:16.0781 2824 Udfs - ok
16:15:17.0031 2824 ultra - ok
16:15:17.0406 2824 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:15:17.0531 2824 Update - ok
16:15:17.0687 2824 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:15:17.0718 2824 usbaudio - ok
16:15:18.0171 2824 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:15:18.0203 2824 usbccgp - ok
16:15:18.0703 2824 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:15:18.0718 2824 usbehci - ok
16:15:19.0015 2824 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:15:19.0171 2824 usbhub - ok
16:15:19.0515 2824 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:15:19.0546 2824 usbprint - ok
16:15:19.0890 2824 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:15:19.0890 2824 USBSTOR - ok
16:15:20.0140 2824 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:15:20.0171 2824 usbuhci - ok
16:15:20.0500 2824 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:15:20.0500 2824 VgaSave - ok
16:15:20.0796 2824 ViaIde - ok
16:15:21.0156 2824 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:15:21.0171 2824 VolSnap - ok
16:15:21.0328 2824 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:15:21.0343 2824 Wanarp - ok
16:15:21.0375 2824 WDICA - ok
16:15:21.0546 2824 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:15:21.0562 2824 wdmaud - ok
16:15:21.0781 2824 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:15:22.0281 2824 winachsf - ok
16:15:22.0593 2824 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:15:22.0625 2824 WmiAcpi - ok
16:15:22.0953 2824 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:15:22.0968 2824 WS2IFSL - ok
16:15:23.0203 2824 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:15:23.0218 2824 WudfPf - ok
16:15:23.0265 2824 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:15:23.0281 2824 WudfRd - ok
16:15:23.0359 2824 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:15:24.0156 2824 \Device\Harddisk0\DR0 - ok
16:15:24.0171 2824 Boot (0x1200) (91192bf0aa5f8455e5dd192f05444bab) \Device\Harddisk0\DR0\Partition0
16:15:24.0171 2824 \Device\Harddisk0\DR0\Partition0 - ok
16:15:24.0171 2824 ============================================================
16:15:24.0171 2824 Scan finished
16:15:24.0171 2824 ============================================================
16:15:24.0187 5380 Detected object count: 0
16:15:24.0187 5380 Actual detected object count: 0
16:23:36.0218 2576 Deinitialize success
--------------------- tdskiller 2 =============================
16:25:01.0484 4984 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
16:25:02.0421 4984 ============================================================
16:25:02.0421 4984 Current date / time: 2012/02/03 16:25:02.0421
16:25:02.0421 4984 SystemInfo:
16:25:02.0421 4984
16:25:02.0421 4984 OS Version: 5.1.2600 ServicePack: 3.0
16:25:02.0421 4984 Product type: Workstation
16:25:02.0578 4984 ComputerName: LAURA
16:25:02.0578 4984 UserName: Lauras
16:25:02.0578 4984 Windows directory: C:\WINDOWS
16:25:02.0578 4984 System windows directory: C:\WINDOWS
16:25:02.0578 4984 Processor architecture: Intel x86
16:25:02.0578 4984 Number of processors: 1
16:25:02.0578 4984 Page size: 0x1000
16:25:02.0578 4984 Boot type: Normal boot
16:25:02.0578 4984 ============================================================
16:25:09.0703 4984 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:25:09.0937 4984 \Device\Harddisk0\DR0:
16:25:09.0953 4984 MBR used
16:25:09.0953 4984 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
16:25:10.0187 4984 Initialize success
16:25:10.0187 4984 ============================================================
16:25:33.0375 5992 ============================================================
16:25:33.0375 5992 Scan started
16:25:33.0375 5992 Mode: Manual; SigCheck; TDLFS;
16:25:33.0375 5992 ============================================================
16:25:35.0281 5992 Abiosdsk - ok
16:25:35.0671 5992 abp480n5 - ok
16:25:36.0031 5992 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:25:40.0640 5992 ACPI - ok
16:25:41.0140 5992 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:25:41.0390 5992 ACPIEC - ok
16:25:41.0546 5992 adpu160m - ok
16:25:41.0718 5992 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:25:45.0156 5992 aec - ok
16:25:45.0437 5992 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:25:45.0484 5992 AegisP ( UnsignedFile.Multi.Generic ) - warning
16:25:45.0484 5992 AegisP - detected UnsignedFile.Multi.Generic (1)
16:25:45.0906 5992 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:25:46.0218 5992 AFD - ok
16:25:46.0593 5992 Aha154x - ok
16:25:46.0812 5992 aic78u2 - ok
16:25:46.0968 5992 aic78xx - ok
16:25:48.0531 5992 ALCXWDM (8a8909fdd548d84a3e02e04f699ee705) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:25:51.0296 5992 ALCXWDM - ok
16:25:51.0421 5992 AliIde - ok
16:25:51.0437 5992 amsint - ok
16:25:51.0468 5992 asc - ok
16:25:51.0484 5992 asc3350p - ok
16:25:51.0500 5992 asc3550 - ok
16:25:51.0578 5992 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:25:51.0750 5992 AsyncMac - ok
16:25:51.0796 5992 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:25:51.0984 5992 atapi - ok
16:25:52.0015 5992 Atdisk - ok
16:25:52.0078 5992 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:25:52.0250 5992 Atmarpc - ok
16:25:52.0312 5992 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:25:52.0515 5992 audstub - ok
16:25:52.0640 5992 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
16:25:52.0921 5992 AVGIDSDriver - ok
16:25:53.0046 5992 AVGIDSEH - ok
16:25:53.0140 5992 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
16:25:53.0156 5992 AVGIDSFilter - ok
16:25:53.0218 5992 AVGIDSShim - ok
16:25:53.0484 5992 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:25:53.0500 5992 Avgldx86 - ok
16:25:53.0625 5992 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:25:53.0625 5992 Avgmfx86 - ok
16:25:53.0718 5992 Avgrkx86 - ok
16:25:53.0796 5992 Avgtdix - ok
16:25:53.0968 5992 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
16:25:54.0562 5992 BCM43XX - ok
16:25:54.0703 5992 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:25:54.0890 5992 Beep - ok
16:25:55.0046 5992 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
16:25:55.0218 5992 brfilt - ok
16:25:55.0359 5992 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
16:25:55.0437 5992 BrScnUsb - ok
16:25:55.0562 5992 BrSerIb (9f80879913dc2712fd0c4d734e3f519b) C:\WINDOWS\system32\DRIVERS\BrSerIb.sys
16:25:55.0625 5992 BrSerIb - ok
16:25:55.0750 5992 BrSerWDM (791ef93168dcf057715493d607e37983) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
16:25:55.0796 5992 BrSerWDM - ok
16:25:55.0875 5992 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
16:25:56.0062 5992 BrUsbMdm - ok
16:25:56.0171 5992 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
16:25:56.0390 5992 BrUsbScn - ok
16:25:56.0515 5992 BrUsbSIb (b67512da42c0c90bf236d5485226c1c7) C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys
16:25:56.0531 5992 BrUsbSIb - ok
16:25:56.0687 5992 catchme - ok
16:25:56.0828 5992 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:25:57.0000 5992 cbidf2k - ok
16:25:57.0078 5992 cd20xrnt - ok
16:25:57.0171 5992 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:25:57.0328 5992 Cdaudio - ok
16:25:57.0468 5992 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:25:57.0625 5992 Cdfs - ok
16:25:57.0765 5992 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:25:57.0953 5992 Cdrom - ok
16:25:58.0000 5992 Changer - ok
16:25:58.0109 5992 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:25:58.0296 5992 CmBatt - ok
16:25:58.0312 5992 CmdIde - ok
16:25:58.0359 5992 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:25:58.0578 5992 Compbatt - ok
16:25:58.0609 5992 Cpqarray - ok
16:25:58.0656 5992 dac2w2k - ok
16:25:58.0671 5992 dac960nt - ok
16:25:58.0718 5992 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:25:58.0906 5992 Disk - ok
16:25:58.0984 5992 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:25:59.0250 5992 dmboot - ok
16:25:59.0312 5992 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:25:59.0500 5992 dmio - ok
16:25:59.0531 5992 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:25:59.0750 5992 dmload - ok
16:25:59.0812 5992 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:26:00.0000 5992 DMusic - ok
16:26:00.0031 5992 dpti2o - ok
16:26:00.0078 5992 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:26:00.0265 5992 drmkaud - ok
16:26:00.0390 5992 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:26:00.0562 5992 Fastfat - ok
16:26:00.0609 5992 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:26:00.0812 5992 Fdc - ok
16:26:00.0875 5992 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:26:01.0062 5992 Fips - ok
16:26:01.0093 5992 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:26:01.0250 5992 Flpydisk - ok
16:26:01.0296 5992 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:26:01.0515 5992 FltMgr - ok
16:26:01.0828 5992 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
16:26:01.0843 5992 fssfltr - ok
16:26:01.0968 5992 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:26:02.0203 5992 Fs_Rec - ok
16:26:02.0312 5992 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:26:02.0765 5992 Ftdisk - ok
16:26:02.0890 5992 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:26:03.0109 5992 Gpc - ok
16:26:03.0234 5992 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:26:03.0437 5992 HidUsb - ok
16:26:03.0671 5992 hpn - ok
16:26:03.0984 5992 HSFHWICH (a4877a17e87d6e6ab959b36b9ef3de8a) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
16:26:04.0062 5992 HSFHWICH - ok
16:26:04.0281 5992 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
16:26:04.0796 5992 HSF_DP - ok
16:26:04.0984 5992 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:26:05.0140 5992 HTTP - ok
16:26:05.0546 5992 i2omgmt - ok
16:26:06.0093 5992 i2omp - ok
16:26:06.0296 5992 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:26:06.0546 5992 i8042prt - ok
16:26:13.0609 5992 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:26:28.0468 5992 ialm - ok
16:26:29.0062 5992 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:26:29.0375 5992 Imapi - ok
16:26:29.0750 5992 ini910u - ok
16:26:30.0156 5992 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:26:30.0468 5992 IntelIde - ok
16:26:31.0484 5992 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:26:31.0828 5992 intelppm - ok
16:26:32.0921 5992 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:26:33.0687 5992 Ip6Fw - ok
16:26:33.0890 5992 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:26:34.0265 5992 IpFilterDriver - ok
16:26:34.0906 5992 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:26:35.0421 5992 IpInIp - ok
16:26:36.0234 5992 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:26:36.0625 5992 IpNat - ok
16:26:37.0062 5992 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:26:37.0328 5992 IPSec - ok
16:26:38.0125 5992 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:26:38.0375 5992 IRENUM - ok
16:26:39.0703 5992 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:26:40.0546 5992 isapnp - ok
16:26:41.0562 5992 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:26:41.0968 5992 Kbdclass - ok
16:26:42.0593 5992 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:26:43.0281 5992 kmixer - ok
16:26:43.0656 5992 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:26:44.0078 5992 KSecDD - ok
16:26:44.0687 5992 L8042pr2 (a006d66edb128fb9ab940a903fdf792e) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
16:26:45.0000 5992 L8042pr2 - ok
16:26:45.0406 5992 lbrtfdc - ok
16:26:45.0781 5992 LMouFlt2 (03abef1a29addc98c32ed0f336b98e90) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
16:26:45.0875 5992 LMouFlt2 - ok
16:26:46.0218 5992 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:26:46.0281 5992 mdmxsdk - ok
16:26:46.0546 5992 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
16:26:46.0765 5992 mf - ok
16:26:46.0921 5992 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:26:47.0359 5992 mnmdd - ok
16:26:47.0406 5992 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:26:47.0812 5992 Modem - ok
16:26:48.0250 5992 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:26:48.0484 5992 Mouclass - ok
16:26:48.0765 5992 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:26:52.0109 5992 mouhid - ok
16:26:52.0343 5992 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:26:52.0546 5992 MountMgr - ok
16:26:52.0625 5992 mraid35x - ok
16:26:52.0781 5992 MREMP50 - ok
16:26:52.0843 5992 MREMP50a64 - ok
16:26:52.0859 5992 MRESP50 - ok
16:26:52.0906 5992 MRESP50a64 - ok
16:26:53.0218 5992 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:26:53.0421 5992 MRxDAV - ok
16:26:53.0859 5992 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:26:54.0281 5992 MRxSmb - ok
16:26:54.0671 5992 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:26:54.0890 5992 Msfs - ok
16:26:55.0000 5992 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:26:55.0187 5992 MSKSSRV - ok
16:26:55.0234 5992 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:26:55.0421 5992 MSPCLOCK - ok
16:26:55.0468 5992 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:26:55.0640 5992 MSPQM - ok
16:26:55.0687 5992 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:26:55.0906 5992 mssmbios - ok
16:26:55.0984 5992 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:26:56.0015 5992 Mup - ok
16:26:56.0093 5992 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:26:56.0296 5992 NDIS - ok
16:26:56.0375 5992 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:26:56.0437 5992 NdisTapi - ok
16:26:56.0484 5992 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:26:56.0718 5992 Ndisuio - ok
16:26:56.0796 5992 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:26:56.0984 5992 NdisWan - ok
16:26:57.0031 5992 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:26:57.0093 5992 NDProxy - ok
16:26:57.0125 5992 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:26:57.0312 5992 NetBIOS - ok
16:26:57.0375 5992 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:26:57.0562 5992 NetBT - ok
16:26:57.0609 5992 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:26:57.0796 5992 Npfs - ok
16:26:57.0890 5992 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:26:58.0109 5992 Ntfs - ok
16:26:58.0187 5992 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:26:58.0359 5992 Null - ok
16:26:58.0406 5992 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:26:58.0593 5992 NwlnkFlt - ok
16:26:58.0671 5992 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:26:58.0875 5992 NwlnkFwd - ok
16:26:58.0953 5992 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
16:26:59.0140 5992 Parport - ok
16:26:59.0250 5992 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:26:59.0437 5992 PartMgr - ok
16:26:59.0468 5992 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:26:59.0640 5992 ParVdm - ok
16:26:59.0687 5992 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:26:59.0890 5992 PCI - ok
16:26:59.0906 5992 PCIDump - ok
16:26:59.0968 5992 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:27:00.0156 5992 PCIIde - ok
16:27:00.0531 5992 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:27:00.0718 5992 Pcmcia - ok
16:27:00.0734 5992 PDCOMP - ok
16:27:00.0750 5992 PDFRAME - ok
16:27:00.0781 5992 PDRELI - ok
16:27:00.0796 5992 PDRFRAME - ok
16:27:00.0843 5992 perc2 - ok
16:27:00.0859 5992 perc2hib - ok
16:27:00.0984 5992 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:27:01.0187 5992 PptpMiniport - ok
16:27:01.0218 5992 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:27:01.0390 5992 PSched - ok
16:27:01.0500 5992 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:27:01.0734 5992 Ptilink - ok
16:27:01.0750 5992 ql1080 - ok
16:27:01.0781 5992 Ql10wnt - ok
16:27:01.0812 5992 ql12160 - ok
16:27:01.0828 5992 ql1240 - ok
16:27:01.0875 5992 ql1280 - ok
16:27:01.0921 5992 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:27:02.0140 5992 RasAcd - ok
16:27:02.0203 5992 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:27:02.0437 5992 Rasl2tp - ok
16:27:02.0656 5992 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:27:03.0046 5992 RasPppoe - ok
16:27:03.0140 5992 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:27:03.0390 5992 Raspti - ok
16:27:03.0625 5992 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:27:03.0890 5992 Rdbss - ok
16:27:04.0234 5992 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:27:04.0578 5992 RDPCDD - ok
16:27:04.0937 5992 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:27:05.0234 5992 rdpdr - ok
16:27:05.0828 5992 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:27:06.0125 5992 RDPWD - ok
16:27:06.0671 5992 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:27:06.0968 5992 redbook - ok
16:27:07.0890 5992 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
16:27:08.0765 5992 RTL8023xp - ok
16:27:09.0390 5992 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
16:27:09.0625 5992 rtl8139 - ok
16:27:09.0906 5992 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:27:09.0937 5992 SASDIFSV - ok
16:27:09.0953 5992 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:27:09.0968 5992 SASKUTIL - ok
16:27:10.0203 5992 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:27:15.0562 5992 Secdrv - ok
16:27:15.0953 5992 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
16:27:16.0203 5992 Serial - ok
16:27:16.0437 5992 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:27:16.0828 5992 Sfloppy - ok
16:27:17.0031 5992 Simbad - ok
16:27:17.0296 5992 Sparrow - ok
16:27:17.0437 5992 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:27:17.0640 5992 splitter - ok
16:27:17.0968 5992 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:27:18.0093 5992 sr - ok
16:27:18.0203 5992 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:27:18.0468 5992 Srv - ok
16:27:18.0656 5992 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:27:18.0875 5992 swenum - ok
16:27:18.0968 5992 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:27:19.0265 5992 swmidi - ok
16:27:19.0406 5992 symc810 - ok
16:27:19.0453 5992 symc8xx - ok
16:27:19.0515 5992 sym_hi - ok
16:27:19.0546 5992 sym_u3 - ok
16:27:19.0609 5992 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:27:19.0843 5992 sysaudio - ok
16:27:19.0937 5992 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:27:20.0265 5992 Tcpip - ok
16:27:20.0609 5992 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:27:20.0843 5992 TDPIPE - ok
16:27:20.0906 5992 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:27:21.0109 5992 TDTCP - ok
16:27:21.0187 5992 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:27:21.0406 5992 TermDD - ok
16:27:21.0484 5992 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
16:27:21.0531 5992 tifsfilter - ok
16:27:21.0609 5992 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
16:27:21.0656 5992 timounter - ok
16:27:21.0781 5992 TosIde - ok
16:27:21.0937 5992 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:27:22.0109 5992 Udfs - ok
16:27:22.0281 5992 ultra - ok
16:27:22.0500 5992 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:27:22.0765 5992 Update - ok
16:27:22.0906 5992 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:27:23.0125 5992 usbaudio - ok
16:27:23.0281 5992 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:27:23.0453 5992 usbccgp - ok
16:27:23.0640 5992 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:27:23.0859 5992 usbehci - ok
16:27:23.0984 5992 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:27:24.0187 5992 usbhub - ok
16:27:25.0781 5992 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:27:26.0015 5992 usbprint - ok
16:27:26.0109 5992 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:27:26.0312 5992 USBSTOR - ok
16:27:26.0437 5992 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:27:26.0593 5992 usbuhci - ok
16:27:26.0671 5992 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:27:26.0859 5992 VgaSave - ok
16:27:26.0875 5992 ViaIde - ok
16:27:26.0921 5992 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:27:27.0125 5992 VolSnap - ok
16:27:27.0187 5992 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:27:27.0359 5992 Wanarp - ok
16:27:27.0375 5992 WDICA - ok
16:27:27.0453 5992 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:27:27.0640 5992 wdmaud - ok
16:27:28.0015 5992 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:27:28.0687 5992 winachsf - ok
16:27:29.0343 5992 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:27:29.0546 5992 WmiAcpi - ok
16:27:29.0781 5992 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:27:30.0015 5992 WS2IFSL - ok
16:27:30.0281 5992 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:27:30.0500 5992 WudfPf - ok
16:27:31.0156 5992 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:27:31.0328 5992 WudfRd - ok
16:27:31.0437 5992 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:27:32.0296 5992 \Device\Harddisk0\DR0 - ok
16:27:32.0312 5992 Boot (0x1200) (91192bf0aa5f8455e5dd192f05444bab) \Device\Harddisk0\DR0\Partition0
16:27:32.0312 5992 \Device\Harddisk0\DR0\Partition0 - ok
16:27:32.0312 5992 ============================================================
16:27:32.0312 5992 Scan finished
16:27:32.0312 5992 ============================================================
16:27:32.0531 1284 Detected object count: 1
16:27:32.0531 1284 Actual detected object count: 1
16:30:34.0375 1284 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
16:30:34.0375 1284 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:30:42.0468 2436 Deinitialize success
------------------------ aswmbr ------------------------
THE FIX BUTTON WAS NOT ENABLED - IT WAS GREYED OUT
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-03 19:08:00
-----------------------------
19:08:00.406 OS Version: Windows 5.1.2600 Service Pack 3
19:08:00.406 Number of processors: 1 586 0xD08
19:08:00.406 ComputerName: LAURA UserName:
19:08:00.953 Initialize success
19:15:37.437 AVAST engine defs: 12020301
19:15:58.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
19:15:58.593 Disk 0 Vendor: ST960821A 3.01 Size: 57231MB BusType: 3
19:15:58.750 Disk 0 MBR read successfully
19:15:58.750 Disk 0 MBR scan
19:15:59.109 Disk 0 Windows XP default MBR code
19:15:59.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57223 MB offset 63
19:15:59.296 Disk 0 scanning sectors +117194175
19:15:59.718 Disk 0 scanning C:\WINDOWS\system32\drivers
19:16:59.609 Service scanning
19:17:11.140 Modules scanning
19:17:40.328 AVAST engine scan C:\
20:10:08.671 File: C:\System Volume Information\_restore{597D382E-49A7-48BA-AA03-FCCA8EAFBC92}\RP12\A0009353.exe **INFECTED** Win32:Patched-AET [Trj]
20:10:09.328 File: C:\System Volume Information\_restore{597D382E-49A7-48BA-AA03-FCCA8EAFBC92}\RP12\A0009354.exe **INFECTED** Win32:Patched-AET [Trj]
20:11:08.031 File: C:\System Volume Information\_restore{597D382E-49A7-48BA-AA03-FCCA8EAFBC92}\RP5\A0005703.com **INFECTED** Win32:Malware-gen
20:32:52.906 File: C:\WINDOWS\explorer.exe **INFECTED** Win32:Patched-AET [Trj]
22:40:29.312 File: C:\WINDOWS\system32\svchost.exe **INFECTED** Win32:Patched-AET [Trj]
22:41:59.437 File: C:\WINDOWS\system32\winlogon.exe **INFECTED** Win32:Patched-AET [Trj]
22:45:03.265 Scan finished successfully
23:04:23.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lauras\Desktop\MBR.dat"
23:04:23.796 The log file has been saved successfully to "C:\Documents and Settings\Lauras\Desktop\aswMBR.txt"
--------------------------- Malwarebytes ======================
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.04.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lauras :: LAURA [administrator]
03/02/2012 11:32:55 PM
mbam-log-2012-02-03 (23-32-55).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211439
Time elapsed: 40 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
--------------------------- OTL 1 ====================
NO LOG THIS LOCKED UP OVER NIGHT ON THE FIRST STEP
-------------------------- OTL 2 ========================
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\dplaysvr not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\dplaysvr not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0360db56-c86f-11dd-9e77-000ae4e38c36}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0360db56-c86f-11dd-9e77-000ae4e38c36}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0360db56-c86f-11dd-9e77-000ae4e38c36}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0360db56-c86f-11dd-9e77-000ae4e38c36}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0360db56-c86f-11dd-9e77-000ae4e38c36}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0360db56-c86f-11dd-9e77-000ae4e38c36}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20634968-952b-11e0-a018-000ae4e38c36}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20634968-952b-11e0-a018-000ae4e38c36}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20634968-952b-11e0-a018-000ae4e38c36}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20634968-952b-11e0-a018-000ae4e38c36}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20634968-952b-11e0-a018-000ae4e38c36}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20634968-952b-11e0-a018-000ae4e38c36}\ not found.
File E:\autorun.exe not found.
C:\Documents and Settings\All Users\Application Data\PTdQH2.dat moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Lauras\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Lauras\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Lauras\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Lauras\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Lauras\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Lauras\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Lauras\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Lauras\Desktop\cmd.txt deleted successfully.
File\Folder C:\WINDOWS\tasks\At*.job not found.
< reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg /c >
C:\Documents and Settings\Lauras\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Lauras\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 02042012_115834
-------------- OTL 3 ===========================
OTL logfile created on: 04/02/2012 12:59:11 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Lauras\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
502.42 Mb Total Physical Memory | 98.29 Mb Available Physical Memory | 19.56% Memory free
1.20 Gb Paging File | 0.85 Gb Available in Paging File | 71.20% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 31.27 Gb Free Space | 55.96% Space Free | Partition Type: NTFS
Computer Name: LAURA | User Name: Lauras | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/02/04 00:36:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lauras\Desktop\OTL.exe
PRC - [2012/01/30 01:19:39 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/09/10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/01/06 14:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe
PRC - [2010/07/12 07:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2008/04/13 22:42:10 | 001,058,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/03/19 18:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe
========== Modules (No Company Name) ==========
MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2007/05/22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AcrSch2Svc)
SRV - [2012/01/30 01:19:39 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/01/05 09:02:10 | 001,187,600 | ---- | M] (Starfield Technologies) [On_Demand | Stopped] -- C:\Program Files\Workspace\offSyncService.exe -- (File Backup)
SRV - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/06 14:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe -- (ServicepointService)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2008/10/12 14:34:01 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2003/03/19 18:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)
========== Driver Services (SafeList) ==========
DRV - [2012/01/30 01:19:33 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2012/01/30 01:19:33 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/05/27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/11/02 22:06:12 | 000,011,520 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb) Brother Serial USB Driver(WDM)
DRV - [2009/11/02 22:06:11 | 000,071,424 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb) Brother Serial Interface Driver(WDM)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/10/13 00:27:49 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/10/13 00:27:49 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/04/13 22:51:44 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/13 17:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/01/24 15:36:16 | 004,127,488 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/12/22 03:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/12/15 17:18:34 | 000,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/12/15 17:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 17:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/03/04 01:50:00 | 000,073,134 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/03/04 01:50:00 | 000,053,870 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2001/08/17 14:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 14:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Documents and Settings\Lauras\Application Data\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Documents and Settings\Lauras\Application Data\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Lauras\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Lauras\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/14 19:41:08 | 000,000,000 | ---D | M]
[2012/01/25 09:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lauras\Application Data\Mozilla\Extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Bell Internet Service Advisor (Enabled) = C:\Program Files\Bell\Internet Service Advisor\nprpspa.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Default = C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
O1 HOSTS File: ([2012/02/04 11:58:41 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: salesforce.com ([na6] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1223562432484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1223562562718 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valu...ashax/iefax.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) -C:\WINDOWS\system32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/04 23:29:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (c:\progra~1\avg\avg10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (c:\progra~1\avg\avg10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpReg: cdloader - hkey= - key= - C:\Documents and Settings\Lauras\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
MsConfig - StartUpReg: ControlCenter4 - hkey= - key= - C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: Starfield Updater - hkey= - key= - C:\Program Files\Workspace\WorkspaceUpdate.exe ()
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: ServicepointService - C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe (Radialpoint Inc.)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: ServicepointService - C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe (Radialpoint Inc.)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{7e853105-3adf-4199-a079-d87c2afd375f} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/02/04 12:17:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/04 11:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\Step 6 A Copy the text in the code box
[2012/02/04 00:38:42 | 000,000,000 | ---D | C] -- C:\x_OTL
[2012/02/04 00:37:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lauras\Desktop\OTL.exe
[2012/02/03 23:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/03 23:28:15 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/03 14:32:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/03 14:28:36 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/03 14:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\REPLY
[2012/02/03 14:16:58 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/02/03 09:13:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/03 09:13:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/03 09:13:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/03 09:13:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/03 09:13:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/03 09:13:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/03 09:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\step 7 Copy the text in the code box
[2012/02/03 09:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\step 6 Copy the text in the code box
[2012/02/03 09:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\step 1 disable anti virus
[2012/02/03 09:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\step 5 download Malwarebytes
[2012/02/03 09:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\Step 4 Download aswMBR
[2012/02/03 09:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\Step 3 Download TDSSKiller
[2012/02/03 09:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\step 2 download Combofix
[2012/01/30 23:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EMCO
[2012/01/30 23:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\EMCO
[2012/01/30 23:28:36 | 000,000,000 | ---D | C] -- C:\install
[2012/01/29 16:23:40 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/29 12:41:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lauras\Recent
[2012/01/29 10:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Application Data\ElevatedDiagnostics
[2012/01/29 10:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/01/29 10:27:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/01/27 09:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/27 09:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/01/27 09:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/01/27 09:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/01/27 08:29:26 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/01/25 21:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\NetCare
[2012/01/25 17:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Application Data\PC-FAX TX
[2012/01/25 15:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Application Data\ControlCenter4
[2012/01/25 15:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BrFaxRx
[2012/01/25 15:22:31 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BRLMW03A.DLL
[2012/01/25 15:22:25 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\WINDOWS\System32\BRLM03A.DLL
[2012/01/25 15:22:24 | 000,103,792 | ---- | C] (Brother Industries Ltd) -- C:\WINDOWS\System32\BRRBI110.EXE
[2012/01/25 15:22:24 | 000,050,176 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BRPRTINK.DLL
[2012/01/25 15:22:21 | 000,071,424 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BrSerIb.sys
[2012/01/25 15:22:21 | 000,011,520 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BrUsbSib.sys
[2012/01/25 15:22:12 | 000,055,808 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrUsi11a.dll
[2012/01/25 15:22:06 | 001,481,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrWia11a.dll
[2012/01/25 15:22:06 | 000,217,088 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrJDec.dll
[2012/01/25 15:21:55 | 000,000,000 | ---D | C] -- C:\Brother
[2012/01/25 15:21:43 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\WINDOWS\System32\BRCrypt.dll
[2012/01/25 15:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02
[2012/01/25 15:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4
[2012/01/25 15:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\ControlCenter4
[2012/01/25 15:20:27 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrMuSNMP.dll
[2012/01/25 15:20:27 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\WINDOWS\System32\BrMfNt.dll
[2012/01/25 15:20:20 | 000,225,280 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrfxD05c.dll
[2012/01/25 15:19:25 | 000,217,088 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll
[2012/01/25 15:19:25 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2.dll
[2012/01/25 15:19:25 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2L.dll
[2012/01/25 15:19:25 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2S.dll
[2012/01/25 15:19:03 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BROSNMP.DLL
[2012/01/25 15:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2012/01/25 15:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Application Data\InstallShield
[2012/01/25 15:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\MFCJ625D
[2012/01/25 09:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Starfield
[2012/01/25 09:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Local Settings\Application Data\Workspace
[2012/01/25 09:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Workspace
[2012/01/12 18:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\My Documents\mobilemoneymachine
[2012/01/12 16:59:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Lauras\IECompatCache
[2012/01/12 16:48:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Lauras\PrivacIE
[2012/01/12 16:45:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Lauras\IETldCache
[2012/01/12 16:34:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/01/12 16:25:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/01/12 16:17:09 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/01/12 16:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/01/10 17:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\DESKTOP2
[2012/01/10 15:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mobile Blog X
[2012/01/10 15:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Application Data\MobileBlogX
[2012/01/10 15:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\MobileBlogX
[2012/01/10 15:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\My Documents\xp pack
[2012/01/09 14:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Application Data\FileZilla
[2012/01/09 14:58:01 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012/01/09 10:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\My Documents\mobilemoneymachine-zip
[2012/01/07 11:29:57 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/02/04 12:57:57 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012/02/04 12:01:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/04 11:58:41 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/04 00:36:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lauras\Desktop\OTL.exe
[2012/02/03 23:28:21 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/03 23:04:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\MBR.dat
[2012/02/03 19:13:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/03 14:32:37 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012/02/03 08:01:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/30 23:29:55 | 000,000,945 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Malware Cleaner 4.lnk
[2012/01/30 00:20:03 | 000,002,324 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/01/28 22:21:52 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2012/01/28 09:37:37 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/28 09:37:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/27 08:29:26 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/01/27 08:26:07 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Policies & Principles.url
[2012/01/25 20:11:56 | 000,000,810 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2012/01/25 18:39:40 | 000,247,704 | ---- | M] () -- C:\Documents and Settings\Lauras\My Documents\NetCareOrderForm.pdf
[2012/01/25 17:57:00 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Brpcfx.ini
[2012/01/25 17:39:38 | 000,151,728 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Picture2.tif
[2012/01/25 15:26:29 | 000,001,818 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2012/01/25 15:25:05 | 000,003,303 | ---- | M] () -- C:\WINDOWS\BRPARAM.INI
[2012/01/25 15:22:35 | 000,000,086 | ---- | M] () -- C:\WINDOWS\Brfaxrx.ini
[2012/01/25 14:07:20 | 000,000,234 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\MFC-J625DW Multi-Function Centers Colour Inkjet - Brother Canada.url
[2012/01/25 14:03:16 | 000,000,173 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Speedtest North.url
[2012/01/25 13:41:35 | 000,000,116 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Primus Canada Bandwidth Speed Test.url
[2012/01/25 09:52:07 | 001,496,800 | ---- | M] () -- C:\Documents and Settings\Lauras\My Documents\workspaceinstall_pl.exe
[2012/01/24 18:10:43 | 000,244,554 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/20 13:20:49 | 001,062,842 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\MFC-J625DW Product Brochure[1].pdf
[2012/01/17 21:15:09 | 001,300,179 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\genesis-for-beginners[1].pdf
[2012/01/17 12:10:50 | 044,001,262 | ---- | M] () -- C:\Documents and Settings\Lauras\My Documents\mobileGainingGoogleSEORank.zip
[2012/01/17 12:04:10 | 452,567,206 | ---- | M] () -- C:\Documents and Settings\Lauras\My Documents\MOBILEAnikNiches.zip
[2012/01/16 14:49:51 | 000,001,040 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Quibids Scam - Scam Advocates.url
[2012/01/13 13:34:04 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\The Periodic Table of Videos - University of Nottingham.url
[2012/01/13 13:25:17 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\ChemViews Magazine ChemistryViews.url
[2012/01/13 12:54:45 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Wiley Online Library Products - Wiley Online Library.url
[2012/01/13 12:53:44 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\About Wiley Open Access Home - Wiley Open Access 2011.url
[2012/01/13 12:51:54 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Brain and Behavior - Early View - Wiley Online Library.url
[2012/01/13 11:33:32 | 000,175,113 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\nutraceutical.com.pdf
[2012/01/13 11:12:11 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Nutraceutical.com - Education.url
[2012/01/13 11:07:27 | 000,000,262 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\What are Functional Foods and Nutraceuticals - Agriculture and Agri-Food Canada (AAFC).url
[2012/01/13 10:58:07 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Canadian Compliance, Regulatory, GMP Licensed Warehousing & Graphic Design Source NutraceuticalSource Nutraceutical Canadian Compliance Experts Canadian Product Regulation Canadian Regulation for Produc.url
[2012/01/12 17:01:03 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A255B638-3B36-492C-A237-EB049335EE79}.job
[2012/01/12 16:45:53 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Lauras\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/12 13:06:07 | 000,001,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/01/11 19:32:20 | 000,545,184 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/11 19:32:20 | 000,104,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/10 19:10:08 | 000,002,342 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Google Chrome (2).lnk
[2012/01/10 15:32:51 | 000,000,109 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/01/10 15:29:39 | 000,001,916 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mobile Blog X.lnk
[2012/01/07 11:29:57 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/01/06 22:33:35 | 000,000,230 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\CellSqueeze Mobile Money... Support Ticket System.url
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/02/03 23:28:21 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/03 23:04:23 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\MBR.dat
[2012/02/03 23:03:00 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012/02/03 14:32:37 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2012/02/03 14:32:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/03 09:13:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/03 09:13:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/03 09:13:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/03 09:13:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/03 09:13:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/30 23:29:55 | 000,000,945 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Malware Cleaner 4.lnk
[2012/01/30 00:20:03 | 000,002,324 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/01/27 12:14:24 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\Lauras\Start Menu\Programs\Internet Explorer (4).lnk
[2012/01/27 10:22:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/27 08:26:06 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Policies & Principles.url
[2012/01/25 21:49:29 | 000,247,704 | ---- | C] () -- C:\Documents and Settings\Lauras\My Documents\NetCareOrderForm.pdf
[2012/01/25 17:39:26 | 000,151,728 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Picture2.tif
[2012/01/25 15:26:29 | 000,001,818 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2012/01/25 15:25:35 | 000,000,810 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2012/01/25 15:24:50 | 000,003,303 | ---- | C] () -- C:\WINDOWS\BRPARAM.INI
[2012/01/25 15:22:29 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/01/25 15:22:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/01/25 15:20:25 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2012/01/25 15:20:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2012/01/25 13:43:25 | 000,000,234 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\MFC-J625DW Multi-Function Centers Colour Inkjet - Brother Canada.url
[2012/01/25 13:41:35 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Primus Canada Bandwidth Speed Test.url
[2012/01/25 13:40:32 | 000,000,173 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Speedtest North.url
[2012/01/25 09:52:05 | 001,496,800 | ---- | C] () -- C:\Documents and Settings\Lauras\My Documents\workspaceinstall_pl.exe
[2012/01/20 13:20:49 | 001,062,842 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\MFC-J625DW Product Brochure[1].pdf
[2012/01/17 21:15:08 | 001,300,179 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\genesis-for-beginners[1].pdf
[2012/01/17 12:10:45 | 044,001,262 | ---- | C] () -- C:\Documents and Settings\Lauras\My Documents\mobileGainingGoogleSEORank.zip
[2012/01/17 12:02:25 | 452,567,206 | ---- | C] () -- C:\Documents and Settings\Lauras\My Documents\MOBILEAnikNiches.zip
[2012/01/16 14:49:50 | 000,001,040 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Quibids Scam - Scam Advocates.url
[2012/01/13 13:34:01 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\The Periodic Table of Videos - University of Nottingham.url
[2012/01/13 13:25:15 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\ChemViews Magazine ChemistryViews.url
[2012/01/13 12:54:45 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Wiley Online Library Products - Wiley Online Library.url
[2012/01/13 12:53:44 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\About Wiley Open Access Home - Wiley Open Access 2011.url
[2012/01/13 12:51:52 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Brain and Behavior - Early View - Wiley Online Library.url
[2012/01/13 11:33:32 | 000,175,113 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\nutraceutical.com.pdf
[2012/01/13 11:12:11 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Nutraceutical.com - Education.url
[2012/01/13 11:07:27 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\What are Functional Foods and Nutraceuticals - Agriculture and Agri-Food Canada (AAFC).url
[2012/01/13 10:58:07 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Canadian Compliance, Regulatory, GMP Licensed Warehousing & Graphic Design Source NutraceuticalSource Nutraceutical Canadian Compliance Experts Canadian Product Regulation Canadian Regulation for Produc.url
[2012/01/12 13:06:07 | 000,001,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/01/10 19:30:46 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\Lauras\Start Menu\Programs\Internet Explorer (3).lnk
[2012/01/10 19:10:08 | 000,002,342 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Google Chrome (2).lnk
[2012/01/10 19:08:21 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\Lauras\Start Menu\Programs\Internet Explorer (2).lnk
[2012/01/10 15:37:41 | 000,272,806 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/10 15:32:51 | 000,000,109 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/01/10 15:29:39 | 000,001,916 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mobile Blog X.lnk
[2012/01/06 22:33:34 | 000,000,230 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\CellSqueeze Mobile Money... Support Ticket System.url
[2011/01/29 21:19:09 | 000,000,813 | ---- | C] () -- C:\WINDOWS\dmt.ini
[2010/02/05 15:10:01 | 000,239,074 | ---- | C] () -- C:\Documents and Settings\Lauras\Local Settings\Application Data\adCenterExcelAddinV5.5_External.config
[2010/02/05 14:49:39 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Lauras\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 07:26:41 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2009/05/04 14:41:48 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2009/05/04 14:41:48 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2009/05/04 14:41:47 | 000,000,121 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2009/02/05 19:46:29 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2009/02/05 19:31:40 | 000,000,029 | ---- | C] () -- C:\WINDOWS\MLI.INI
[2008/11/22 16:24:24 | 000,000,563 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/11/22 16:11:54 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2008/11/22 16:11:37 | 000,002,204 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2008/11/22 16:10:58 | 000,000,463 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2008/11/22 16:10:58 | 000,000,328 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2008/11/22 16:10:58 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/11/22 16:10:58 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\mf322def.dat
[2008/11/22 16:10:32 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\brmsi06.BIN
[2008/10/18 19:03:01 | 000,023,353 | ---- | C] () -- C:\Documents and Settings\Lauras\Application Data\Comma Separated Values (Windows).ADR
[2008/10/13 01:18:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2008/10/09 17:46:56 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\FaxHelper.exe
[2008/10/06 22:16:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2008/10/06 22:16:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/10/06 21:49:03 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/10/06 21:49:03 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/10/06 21:49:00 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2008/10/04 23:32:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/04 23:25:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/04 16:04:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/04 16:03:18 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/13 22:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/13 22:42:10 | 001,033,728 | ---- | C] () -- C:\WINDOWS\expl.dat
[2008/04/13 22:42:10 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\winl.dat
[2008/04/13 22:42:10 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\svch.dat
[2008/04/13 22:42:10 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\dllc.dat
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/31 00:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/19 15:40:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UL.ini
[2004/10/19 13:30:18 | 000,000,160 | ---- | C] () -- C:\WINDOWS\Maritimelife.ini
[2004/06/17 23:20:38 | 000,517,120 | ---- | C] () -- C:\WINDOWS\System32\olexlsf.dll
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,545,184 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,104,332 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*.exe >
< %APPDATA%\*. >
[2010/11/18 10:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Adobe
[2010/01/14 12:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Apple Computer
[2011/01/30 15:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\AVG
[2011/01/30 14:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\AVG10
[2009/03/26 08:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\AVG8
[2011/09/11 09:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Bell
[2009/08/23 10:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Blitware
[2009/02/22 10:46:54 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Lauras\Application Data\Brother
[2012/01/25 16:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\ControlCenter4
[2009/03/11 21:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\eBookPro6
[2012/01/29 10:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\ElevatedDiagnostics
[2012/01/09 22:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\FileZilla
[2009/12/09 10:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Google
[2008/10/04 23:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Identities
[2012/01/25 15:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\InstallShield
[2008/10/09 18:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Macromedia
[2009/02/05 14:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\magicJackOutlookAddIn
[2011/04/27 12:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Malwarebytes
[2009/11/10 16:56:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Lauras\Application Data\Microsoft
[2011/11/02 18:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\mjusbsp
[2012/01/10 15:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\MobileBlogX
[2008/12/12 22:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Motive
[2012/01/25 09:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Mozilla
[2012/01/25 17:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\PC-FAX TX
[2008/11/22 16:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\ScanSoft
[2008/10/21 18:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Skype
[2009/02/08 11:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Sun
[2011/04/27 12:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\SUPERAntiSpyware.com
[2009/12/04 18:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Vbuzzer Messenger
[2010/01/13 20:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Windows Live Writer
[2008/10/12 14:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\WinRAR
< MD5 for: EXPLORER.EXE >
[2008/04/13 22:42:10 | 001,058,816 | ---- | M] (Microsoft Corporation) MD5=AC7D8BCD4279A25765E099885E792CDD -- C:\WINDOWS\explorer.exe
< MD5 for: SVCHOST.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 22:42:10 | 000,039,936 | ---- | M] (Microsoft Corporation) MD5=BB4F48CC2920A1BC7DA7F2BA3977D2A3 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: USERINIT.EXE >
[2008/04/13 22:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 22:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 22:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 22:42:10 | 000,545,280 | ---- | M] (Microsoft Corporation) MD5=BC8840F2D09BCDF8F6914D6592E30CFD -- C:\WINDOWS\system32\winlogon.exe
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< End of report >
------------------- OTL 3 EXTRAS =================================
OTL Extras logfile created on: 04/02/2012 12:59:11 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Lauras\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
502.42 Mb Total Physical Memory | 98.29 Mb Available Physical Memory | 19.56% Memory free
1.20 Gb Paging File | 0.85 Gb Available in Paging File | 71.20% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 31.27 Gb Free Space | 55.96% Space Free | Partition Type: NTFS
Computer Name: LAURA | User Name: Lauras | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"25:TCP" = 25:TCP:*:Disabled:mail
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Disabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\vbuzzer\VBuzzer.exe" = C:\Program Files\vbuzzer\VBuzzer.exe:*:Disabled:VBuzzer Messenger -- (Softroute Corporation)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Disabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\Lauras\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Lauras\Application Data\mjusbsp\magicJack.exe:*:Disabled:magicJack -- (magicJack L.P.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Disabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe" = C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe:*:Disabled:Servicepoint Service -- (Radialpoint Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{031C88EF-4EA5-4A9D-A77D-857A914CAFA5}" = ScanSoft RealSpeak
"{05E740C4-0F88-4673-9DAF-549E41A6CB21}" = AVG 2011
"{0864EFCC-6AC5-4808-990D-63038965B9F2}" = Manulife - LifeWise/Manuvie - Accent-Vie
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DDFF679-AEDE-4BD3-8B56-0180A96BD1A7}" = OmniPage Pro 12.0
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1A36CF15-DF66-4756-9482-A9ABF3DDACE6}_is1" = Driver Robot
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 17
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{32D3C724-3E32-11D9-8211-00B0D075DF5C}" = Diamond View Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{375943E2-B268-4AD7-B7A4-0FD90E9C2AC7}" = Skype™ 3.8
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = Fxcbs - MetaTrader 4.00
"{3F4398B7-A082-4AD8-B4F2-B024EDA6601A}" = Manulife - Performax Gold - Performax Or
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4BB32041-2D06-4AED-AF2A-6BE6BF157391}" = Manulife - Personal Accident - Invalidité Accidents
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = MouseWare 9.76
"{59609F09-6C69-490A-A305-3F29A3EEC912}" = Manulife - Insure Right / Manuvie - Bien s'assurer
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D591284-FA79-4E8D-BDB8-E216C0D4EBB5}" = Manulife - Term
"{70A61BDF-D6DE-4021-877B-04924546BE44}" = Manulife - Concept slideshows
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{727DAFCB-E3AF-46E3-8A38-EB9C3EAA0A88}" = AVG 2011
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7806E447-C0FC-4B27-8F6E-59ABF0E5A3AC}" = InstantConference Outlook Conference Manager
"{794C2EE1-448D-416C-B378-3D8B8407AFF8}" = Manulife - Universal Life
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85184706-2E77-11D9-9BE0-000103E0519E}" = Investment Loan / Prêt Placement
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8737AC54-25D5-496F-AD8B-B2EA63195E80}" = Inforce - En vigueur
"{87393F9C-CCA7-4F3E-922D-F2420B0CB6C0}_is1" = EMCO Network Malware Cleaner 4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}" = Brother MFL-Pro Suite MFC-J625DW
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A52FD2D4-9AB2-43B1-8DC7-49A26724F3AF}" = Manulife - Concepts
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2130AE7-83C0-4B03-81EA-6783CCC8528E}" = Manulife - Limited Pay UL / Manuvie - Vu à prime temporaire
"{C33DC9DF-0841-4B28-AD0B-68EF59FAC53C}" = Brother MFL-Pro Suite
"{C45C544E-5047-11D9-8216-00B0D075DF5C}" = Diamond View Launcher
"{C482A936-340B-11D9-9BE1-000103E0519E}" = Manulife One Calculator / Calculateur Manuvie Un
"{C5900E53-D3CC-4C4D-9F76-1102C24D089D}" = Manulife Financial - Health and Dental
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7D602CE-1CCD-41E6-9FC4-99437ED75D47}" = Manulife - Living Benefits
"{DA9294A5-0A4E-11D9-81F5-00B0D075DF5C}" = DVXP
"{E2834CA9-4E7F-4489-BBD9-40E39F1D0D0D}" = Manulife - Launcher
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{ECC69E86-3B0E-4010-AA37-414C5D71B7B9}" = RPS CRT
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5F5E26E-67B9-438E-B813-C0CE0DE08309}" = MobileBlogX
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2011
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CasinoClassic" = Casino Classic
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025" = SoftV90 Data Fax Modem with SmartCP
"FileZilla Client" = FileZilla Client 3.5.3
"FPS_is1" = Money Software Financial Planning Spreadsheets © Professional V
"FreePDI4_is1" = Free Pay Down Debt or Invest Calculator
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QuickPar" = QuickPar 0.9
"RadialpointClientGateway_is1" = Bell Internet Service Advisor 3.7.44
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"Vbuzzer" = Vbuzzer Messenger
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2936BA206D985FAE13777719CA18A9A97FD3533C" = Microsoft Advertising Intelligence
"Debt Management Tool v2.0" = Debt Management Tool v2.0
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.8.0.723
"magicJack" = magicJack
"magicJack Outlook Add-In" = magicJack Outlook Add-In 1.0.3.521
"workspacedesktop" = Workspace Desktop
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30/01/2012 12:58:56 AM | Computer Name = LAURA | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error
27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed
Error - 30/01/2012 1:11:44 AM | Computer Name = LAURA | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error
27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed
Error - 30/01/2012 1:20:06 AM | Computer Name = LAURA | Source = Microsoft Security Client | ID = 5000
Description =
Error - 30/01/2012 1:20:07 AM | Computer Name = LAURA | Source = Microsoft Security Client | ID = 5000
Description =
Error - 30/01/2012 1:27:18 AM | Computer Name = LAURA | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error
27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed
Error - 30/01/2012 11:11:32 AM | Computer Name = LAURA | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 30/01/2012 11:30:15 AM | Computer Name = LAURA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ws2_32.dll, version 5.1.2600.5512, fault address 0x00004a5a.
Error - 31/01/2012 2:41:50 PM | Computer Name = LAURA | Source = Application Error | ID = 1004
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ws2_32.dll, version 5.1.2600.5512, fault address 0x00004a5a.
Error - 04/02/2012 12:34:09 AM | Computer Name = LAURA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x000b3a46.
Error - 04/02/2012 12:54:02 PM | Computer Name = LAURA | Source = Application Error | ID = 1004
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x000b3a46.
[ OSession Events ]
Error - 21/10/2008 4:17:42 PM | Computer Name = LAURA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8385
seconds with 4320 seconds of active time. This session ended with a crash.
Error - 19/11/2008 11:02:32 PM | Computer Name = LAURA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 37625
seconds with 9120 seconds of active time. This session ended with a crash.
Error - 16/12/2008 3:44:30 PM | Computer Name = LAURA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
Error - 07/01/2009 10:43:39 PM | Computer Name = LAURA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 22311
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27/01/2009 1:43:17 PM | Computer Name = LAURA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 394
seconds with 240 seconds of active time. This session ended with a crash.
Error - 08/10/2009 3:06:30 PM | Computer Name = LAURA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 511963
seconds with 8820 seconds of active time. This session ended with a crash.
Error - 17/03/2010 10:16:43 PM | Computer Name = LAURA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9566
seconds with 2340 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 04/02/2012 12:15:27 AM | Computer Name = LAURA | Source = Service Control Manager | ID = 7034
Description = The Windows User Mode Driver Framework service terminated unexpectedly.
It has done this 1 time(s).
Error - 04/02/2012 1:38:46 AM | Computer Name = LAURA | Source = Service Control Manager | ID = 7031
Description = The SAS Core Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.
Error - 04/02/2012 1:38:46 AM | Computer Name = LAURA | Source = Service Control Manager | ID = 7031
Description = The AVG WatchDog service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.
Error - 04/02/2012 1:38:50 AM | Computer Name = LAURA | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 04/02/2012 12:51:09 PM | Computer Name = LAURA | Source = Service Control Manager | ID = 7001
Description = The AVGIDSFilter service depends on the AVGIDSShim service which failed
to start because of the following error: %%1058
Error - 04/02/2012 12:51:09 PM | Computer Name = LAURA | Source = Service Control Manager | ID = 7001
Description = The AVGIDSDriver service depends on the AVGIDSFilter service which
failed to start because of the following error: %%1068
Error - 04/02/2012 12:51:09 PM | Computer Name = LAURA | Source = Service Control Manager | ID = 7001
Description = The AVGIDSAgent service depends on the AVGIDSDriver service which
failed to start because of the following error: %%1068
Error - 04/02/2012 1:01:53 PM | Computer Name = LAURA | Source = Service Control Manager | ID = 7001
Description = The AVGIDSFilter service depends on the AVGIDSShim service which failed
to start because of the following error: %%1058
Error - 04/02/2012 1:01:53 PM | Computer Name = LAURA | Source = Service Control Manager | ID = 7001
Description = The AVGIDSDriver service depends on the AVGIDSFilter service which
failed to start because of the following error: %%1068
Error - 04/02/2012 1:01:53 PM | Computer Name = LAURA | Source = Service Control Manager | ID = 7001
Description = The AVGIDSAgent service depends on the AVGIDSDriver service which
failed to start because of the following error: %%1068
< End of report >
-------------------- the end ----------------------