Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Norton initially reported Tidserv Activity 2 it now reports ZeroAccess

Started by Jfenz , Feb 15 2012 09:40 PM

  • Please log in to reply

#1
Jfenz
Posted 15 February 2012 - 09:40 PM

Jfenz

    Member

  • Member
  • PipPip
  • 22 posts
My problem started with what appeared to be a series of hardware failure messages, then a fake system scan which reported multiple errors. My desktop wallpaper disappeared as did all icons on the desktop and all programs listed in the start menu. Norton Anti-virus reported "Threat requiring manual removal detected: System Infected: Tidserv Activity 2" I followed instructions to download and run a removal tool, which did not work. I googled the problem and found probable solutions advising to download and run Kaspersky TDSS Killer and MBAM. Kaspersky reported no infection found and MBAM found several infections which it said were cleaned. Subsequent runnings of MBAM found 1 or 2 infections which it said it also cleaned. At some point during this process Norton began reporting a different message, "Threat requiring manual removal detected: System Infected: ZeroAccess Rootkit Activity 4". Googling that led me to antizeroaccess.exe and BD Removal Tool both of these found infections and reported they were cleaned but a reboot put me right back where it started. Below is the OTL log.

Thanks in advance for any help you can provide

OTL logfile created on: 2/15/2012 10:20:40 PM - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.62% Memory free
3.85 Gb Paging File | 3.04 Gb Available in Paging File | 79.04% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4084 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 22.36 Gb Free Space | 30.01% Space Free | Partition Type: NTFS
Drive G: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 297.44 Gb Total Space | 156.58 Gb Free Space | 52.64% Space Free | Partition Type: NTFS

Computer Name: FENZILWXP-01 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/15 22:19:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/02/12 11:20:49 | 000,924,632 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/02 02:44:30 | 003,329,824 | -H-- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe
PRC - [2010/10/29 13:49:28 | 000,505,064 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/10/20 15:15:45 | 004,519,792 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.2.0.13\hsplayer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/12 11:20:47 | 001,911,768 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/09 15:53:21 | 003,340,064 | -H-- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_7de0ed9.dll
MOD - [2011/12/11 16:27:01 | 008,527,008 | -H-- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/20 20:42:16 | 000,176,235 | -H-- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | -H-- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | -H-- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wacomvhid)
SRV - File not found [Auto | Stopped] -- -- (trcboot)
SRV - File not found [Auto | Stopped] -- -- (lvsrvlauncher)
SRV - File not found [Auto | Stopped] -- -- (IBM_LLC2)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2012/02/09 15:53:21 | 003,340,064 | -H-- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2011/01/14 12:41:22 | 001,045,256 | -H-- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/13 19:12:36 | 000,005,632 | -H-- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\rdpwd.dll -- (vclone)


========== Driver Services (SafeList) ==========

DRV - [2012/02/03 22:08:19 | 000,106,104 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/03 22:08:18 | 000,374,392 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/15 18:33:22 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120214.003\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/11/30 21:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120207.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/08 15:15:56 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120215.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/08 15:15:56 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120215.004\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/08 15:15:35 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 20:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/30 22:04:12 | 000,044,024 | RH-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2011/03/30 22:04:12 | 000,044,024 | RH-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS -- (SymIRON)
DRV - [2010/02/17 19:17:38 | 000,049,904 | -H-- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/02/06 17:08:42 | 000,055,152 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2007/12/04 16:10:30 | 000,016,640 | RH-- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2004/09/17 08:02:54 | 000,732,928 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/06/30 17:11:52 | 000,043,136 | RH-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 07:42:58 | 000,013,632 | -H-- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local;127.0.0.1:9421;

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.c...lcache=2&hl=en"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.3.6
FF - prefs.js..keyword.URL: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/16 20:19:07 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/12 14:04:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_5_2 [2012/02/15 21:57:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/12 11:20:57 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/13 17:23:37 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/16 20:19:07 | 000,000,000 | -H-D | M]

[2008/09/28 09:48:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/11/14 06:33:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\13elks8o.default\extensions
[2009/12/30 18:59:59 | 000,000,000 | -H-D | M] ("Garmin Communicator") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\13elks8o.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 04:48:33 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\13elks8o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/24 07:56:44 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\13elks8o.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/07/29 18:06:02 | 000,001,632 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\13elks8o.default\searchplugins\live-search.xml
[2011/09/06 19:39:28 | 000,002,468 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\13elks8o.default\searchplugins\safesearch.xml
[2011/11/15 19:24:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/12 11:20:55 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/12 11:20:25 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/12 11:20:25 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\WINDOWS\system32\npOGPPlugin.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/01/06 11:09:59 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFA15693-F9E8-44FC-97CB-827E847CDD43}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/14 10:35:36 | 000,000,000 | -H-D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/09/25 20:07:20 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/12 16:56:58 | 000,000,030 | RH-- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/06/01 12:55:32 | 000,000,038 | -H-- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{05924000-870e-11e0-b66b-000f1f57c38e}\Shell - "" = AutoRun
O33 - MountPoints2\{05924000-870e-11e0-b66b-000f1f57c38e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{05924000-870e-11e0-b66b-000f1f57c38e}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{395fef43-201d-11e0-b65b-000f1f57c38e}\Shell\AutoRun\command - "" = winlog.exe
O33 - MountPoints2\{395fef43-201d-11e0-b65b-000f1f57c38e}\Shell\open\command - "" = winlog.exe
O33 - MountPoints2\{a1f51ae1-f5fb-11e0-b694-000f1f57c38e}\Shell - "" = AutoRun
O33 - MountPoints2\{a1f51ae1-f5fb-11e0-b694-000f1f57c38e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a1f51ae1-f5fb-11e0-b694-000f1f57c38e}\Shell\AutoRun\command - "" = D:\setup.exe -a
O33 - MountPoints2\{af0adb50-8b6b-11dd-b584-000f1f57c38e}\Shell - "" = AutoRun
O33 - MountPoints2\{af0adb50-8b6b-11dd-b584-000f1f57c38e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{af0adb50-8b6b-11dd-b584-000f1f57c38e}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{cf8dd81c-939c-11dd-b58c-000f1f57c38e}\Shell - "" = AutoRun
O33 - MountPoints2\{cf8dd81c-939c-11dd-b58c-000f1f57c38e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf8dd81c-939c-11dd-b58c-000f1f57c38e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/15 22:19:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/02/15 21:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\FixZeroAccess
[2012/02/15 21:52:10 | 001,766,312 | ---- | C] (Symantec Corporation) -- C:\FixZeroAccess.exe
[2012/02/15 20:58:57 | 000,335,504 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2012/02/15 20:57:29 | 007,396,728 | ---- | C] (BitDefender LLC) -- C:\Documents and Settings\Owner\Desktop\BDRemovalTool_sirefef_x86.exe
[2012/02/15 20:54:19 | 000,187,464 | ---- | C] (Webroot) -- C:\Documents and Settings\Owner\Desktop\antizeroaccess.exe
[2012/02/15 19:37:37 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/15 01:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2012/02/14 21:36:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/02/14 20:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2012/02/14 20:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/14 20:18:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/14 20:18:15 | 000,020,464 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/14 20:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/14 20:11:53 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/14 20:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller
[2012/02/14 19:43:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Application Data\Tific
[2012/02/13 20:34:54 | 002,804,808 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\NPE(1).exe
[2012/02/13 19:47:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NPE
[2012/02/13 19:47:05 | 002,804,808 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\NPE.exe
[2012/02/13 19:20:08 | 001,932,256 | -H-- | C] (Symantec Corporation) -- C:\FixTDSS.exe
[2012/02/13 00:18:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\System Check
[2012/02/13 00:12:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\SanctionedMedia
[2012/02/02 18:10:55 | 018,189,979 | ---- | C] (Belkin ) -- C:\Documents and Settings\All Users\Documents\f5d7050v4010setup.exe
[2012/01/30 19:42:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/30 19:41:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/01/24 19:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Stacy
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/15 22:19:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/02/15 22:13:00 | 000,000,978 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-963894560-839522115-1004UA.job
[2012/02/15 22:12:00 | 000,000,978 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-963894560-839522115-1003UA.job
[2012/02/15 22:01:00 | 000,000,974 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-963894560-839522115-1009UA.job
[2012/02/15 21:57:58 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/15 21:57:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/15 21:52:05 | 001,766,312 | ---- | M] (Symantec Corporation) -- C:\FixZeroAccess.exe
[2012/02/15 21:46:48 | 000,335,504 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2012/02/15 20:57:37 | 007,396,728 | ---- | M] (BitDefender LLC) -- C:\Documents and Settings\Owner\Desktop\BDRemovalTool_sirefef_x86.exe
[2012/02/15 20:54:12 | 000,187,464 | ---- | M] (Webroot) -- C:\Documents and Settings\Owner\Desktop\antizeroaccess.exe
[2012/02/15 20:40:00 | 000,000,986 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-963894560-839522115-1008UA.job
[2012/02/15 20:01:00 | 000,000,922 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-963894560-839522115-1009Core.job
[2012/02/15 19:13:00 | 000,000,926 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-963894560-839522115-1004Core.job
[2012/02/15 19:12:00 | 000,000,926 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-963894560-839522115-1003Core.job
[2012/02/15 15:40:00 | 000,000,934 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-963894560-839522115-1008Core.job
[2012/02/14 21:25:49 | 000,006,184 | ---- | M] () -- C:\{79208E9F-0D70-4C71-9D90-FC84EEE0E691}
[2012/02/14 20:18:21 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/14 20:18:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/14 20:11:43 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/14 19:54:19 | 002,042,462 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2012/02/13 20:31:29 | 002,804,808 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\NPE(1).exe
[2012/02/13 19:52:02 | 007,279,953 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\SMRBackup250.dat
[2012/02/13 19:52:02 | 000,000,220 | -HS- | M] () -- C:\boot.ini
[2012/02/13 19:46:55 | 002,804,808 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\NPE.exe
[2012/02/13 19:15:48 | 001,932,256 | -H-- | M] (Symantec Corporation) -- C:\FixTDSS.exe
[2012/02/13 18:36:39 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/13 08:37:33 | 000,684,822 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0502000.00D\Cat.DB
[2012/02/13 05:49:12 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ipb6kpJc0iCzci
[2012/02/13 05:48:57 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~ipb6kpJc0iCzci
[2012/02/13 05:48:57 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~ipb6kpJc0iCzcir
[2012/02/13 05:48:28 | 000,000,853 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/13 00:18:06 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\System Check.lnk
[2012/02/06 19:00:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\defrag.job
[2012/02/05 10:27:01 | 000,000,988 | -H-- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/05 10:27:00 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
[2012/02/02 18:10:55 | 018,189,979 | ---- | M] (Belkin ) -- C:\Documents and Settings\All Users\Documents\f5d7050v4010setup.exe
[2012/02/02 16:51:07 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0502000.00D\isolate.ini
[2012/01/29 15:22:03 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/25 21:12:08 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/14 21:25:49 | 000,006,184 | ---- | C] () -- C:\{79208E9F-0D70-4C71-9D90-FC84EEE0E691}
[2012/02/14 20:18:21 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/14 20:18:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/14 19:55:11 | 002,042,462 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2012/02/13 19:48:34 | 007,279,953 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\SMRBackup250.dat
[2012/02/13 05:48:23 | 000,000,853 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/13 00:18:08 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~ipb6kpJc0iCzcir
[2012/02/13 00:18:07 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~ipb6kpJc0iCzci
[2012/02/13 00:18:06 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\System Check.lnk
[2012/02/13 00:17:57 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ipb6kpJc0iCzci
[2012/02/13 00:13:25 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2011/07/09 13:54:34 | 000,173,043 | -H-- | C] () -- C:\WINDOWS\hpoins46.dat
[2011/07/09 13:54:34 | 000,000,601 | -H-- | C] () -- C:\WINDOWS\hpomdl46.dat
[2011/06/07 13:23:24 | 000,001,940 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/12 14:09:18 | 000,001,940 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/02 10:12:08 | 000,000,221 | -H-- | C] () -- C:\WINDOWS\DC_Manager.ini
[2011/01/07 11:42:18 | 000,176,235 | -H-- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/01/06 11:13:06 | 000,000,094 | -H-- | C] () -- C:\WINDOWS\family.ini
[2010/11/18 07:31:13 | 000,205,614 | -H-- | C] () -- C:\WINDOWS\hpoins46.dat.temp
[2010/11/18 07:31:13 | 000,000,601 | -H-- | C] () -- C:\WINDOWS\hpomdl46.dat.temp
[2010/01/13 20:06:20 | 000,003,663 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2010/01/04 22:44:30 | 000,041,504 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/20 20:42:18 | 000,000,314 | -H-- | C] () -- C:\WINDOWS\primopdf.ini
[2009/08/16 12:18:07 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/26 09:37:04 | 000,000,164 | -H-- | C] () -- C:\WINDOWS\install.dat
[2009/04/15 18:52:43 | 001,085,616 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009/04/15 18:52:43 | 000,014,373 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2009/01/07 22:32:05 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\PasswordsPlus.INI
[2008/12/26 12:23:53 | 000,038,400 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/28 14:54:44 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/28 09:48:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/28 08:09:24 | 000,000,165 | -H-- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/09/28 08:06:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\vpc32.INI
[2008/09/27 18:27:39 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\hpdj3500.ini
[2008/09/25 20:47:33 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/09/25 20:10:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/25 20:04:08 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/25 01:57:37 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/25 01:56:20 | 000,216,856 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/22 13:48:43 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,497,242 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,085,742 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/03/26 17:59:22 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2003/08/12 11:59:04 | 000,126,976 | -H-- | C] () -- C:\WINDOWS\System32\zip.exe
[2003/08/12 11:58:40 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2003/08/12 11:58:32 | 000,708,608 | -H-- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2003/08/12 11:58:22 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/08/12 11:58:20 | 000,338,944 | -H-- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2003/01/07 14:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/01/14 12:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/02/01 08:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2010/02/19 23:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2008/10/14 21:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/12/22 17:08:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2011/03/02 11:40:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/22 20:52:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/24 17:17:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/10 08:05:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/12 06:22:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/10 11:59:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/10 11:40:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2011/01/14 12:36:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk
[2008/10/15 18:10:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/13 20:45:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\dBpoweramp
[2012/02/13 00:21:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2010/02/11 05:53:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\eMusic
[2010/06/16 05:26:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2012/02/15 21:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FixZeroAccess
[2011/01/25 11:01:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2010/02/19 21:34:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN
[2011/01/06 11:13:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\HotSync
[2011/03/02 10:13:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\IMSIDesign
[2008/12/09 21:18:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/04/11 09:07:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2012/02/13 06:27:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\PrimoPDF
[2012/02/14 19:43:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Tific
[2012/02/12 09:24:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2012/02/06 19:00:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\Tasks\defrag.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EE134B6

< End of report >

OTL Extras logfile created on: 2/15/2012 10:20:40 PM - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.62% Memory free
3.85 Gb Paging File | 3.04 Gb Available in Paging File | 79.04% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4084 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 22.36 Gb Free Space | 30.01% Space Free | Partition Type: NTFS
Drive G: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 297.44 Gb Total Space | 156.58 Gb Free Space | 52.64% Space Free | Partition Type: NTFS

Computer Name: FENZILWXP-01 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"1049:TCP" = 1049:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS1656\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS1656\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS42AE\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS42AE\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS7A87\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS7A87\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\OGPlanet\LostSaga\autoupgrade.exe" = C:\Program Files\OGPlanet\LostSaga\autoupgrade.exe:*:Enabled:LostSaga(upgrade)
"C:\Program Files\OGPlanet\LostSaga\lostsaga.exe" = C:\Program Files\OGPlanet\LostSaga\lostsaga.exe:*:Enabled:LostSaga(client)
"C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS1656\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS1656\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS42AE\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS42AE\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Owner\Desktop\utorrent.exe" = C:\Documents and Settings\Owner\Desktop\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS7A87\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS7A87\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver 14.0 Rel. 7
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{299BA1C7-2C4E-4C3D-8BBA-0F7EC5A90DD1}" = Bloggie Software
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{55C4B9E9-39C8-4BD6-9BCF-41BE40393A5F}" = D110
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EBCBA952-DA46-4687-9784-D8B4E25A6B14}" = Passwords Plus
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F80BD4BC-06B8-488E-A62E-C4755013DD71}" = Network
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"BloggieSoftware" = Bloggie Software
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CYCAS3_is1" = CYCAS 3.90 public for Windows
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"FrostWire" = FrostWire 4.21.3
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 10.0.1 (x86 en-US)" = Mozilla Firefox 10.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton Security Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"uTorrent" = µTorrent
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Smad" = SanctionedMedia

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/26/2011 11:12:46 AM | Computer Name = FENZILWXP-01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/26/2011 11:18:46 AM | Computer Name = FENZILWXP-01 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 8.0.0.4325, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/26/2011 11:18:55 AM | Computer Name = FENZILWXP-01 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 8.0.0.4325, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/23/2011 4:22:22 PM | Computer Name = FENZILWXP-01 | Source = Application Hang | ID = 1002
Description = Hanging application QuickTimePlayer.exe, version 7.69.80.9, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/12/2012 6:41:26 PM | Computer Name = FENZILWXP-01 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 1/29/2012 11:28:29 PM | Computer Name = FENZILWXP-01 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 9.0.1.4371, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/29/2012 11:29:49 PM | Computer Name = FENZILWXP-01 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 9.0.1.4371, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/29/2012 11:29:58 PM | Computer Name = FENZILWXP-01 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 9.0.1.4371, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/31/2012 8:57:48 PM | Computer Name = FENZILWXP-01 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 16.0.912.75, faulting module
chrome.dll, version 16.0.912.75, fault address 0x001414f9.

Error - 2/1/2012 9:26:50 PM | Computer Name = FENZILWXP-01 | Source = Application Error | ID = 1000
Description = Faulting application asoelnch.exe, version 18.6.0.29, faulting module
asoelnch.exe, version 18.6.0.29, fault address 0x00001a6d.

[ System Events ]
Error - 2/15/2012 10:42:57 PM | Computer Name = FENZILWXP-01 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/15/2012 10:46:14 PM | Computer Name = FENZILWXP-01 | Source = Service Control Manager | ID = 7023
Description = The DSI_SiUSBXp_3_1 service terminated with the following error: %%126

Error - 2/15/2012 10:46:14 PM | Computer Name = FENZILWXP-01 | Source = Service Control Manager | ID = 7023
Description = The Qhwscsvc service terminated with the following error: %%126

Error - 2/15/2012 10:46:14 PM | Computer Name = FENZILWXP-01 | Source = Service Control Manager | ID = 7023
Description = The CTSYN service terminated with the following error: %%126

Error - 2/15/2012 10:46:14 PM | Computer Name = FENZILWXP-01 | Source = Service Control Manager | ID = 7023
Description = The Tosrfbnp service terminated with the following error: %%126

Error - 2/15/2012 10:58:34 PM | Computer Name = FENZILWXP-01 | Source = Service Control Manager | ID = 7023
Description = The DSI_SiUSBXp_3_1 service terminated with the following error: %%126

Error - 2/15/2012 10:58:34 PM | Computer Name = FENZILWXP-01 | Source = Service Control Manager | ID = 7023
Description = The Qhwscsvc service terminated with the following error: %%126

Error - 2/15/2012 10:58:34 PM | Computer Name = FENZILWXP-01 | Source = Service Control Manager | ID = 7023
Description = The CTSYN service terminated with the following error: %%126

Error - 2/15/2012 10:58:34 PM | Computer Name = FENZILWXP-01 | Source = Service Control Manager | ID = 7023
Description = The Tosrfbnp service terminated with the following error: %%126

Error - 2/15/2012 10:58:34 PM | Computer Name = FENZILWXP-01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 16 February 2012 - 12:07 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwareby...lwarebytes_free

SAVE the free version of Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Before proceeding

Uninstall:
Malwarebytes' Anti-Malware - Interferes with other tools
Java™ 6 Update 24 - obsolete. Get latest version at java.com
Adobe Reader 9.5.0 -obsolet get latest version at adobe.com - uncheck foistware like McAfee Securoty Scan or Yahoo Toolbar before downloading.
Adobe Flash Player 10 ActiveX -obsolete. Must use IE to get new flash from adobe.com
Choice Guard
FrostWire 4.21.3
µTorrent

Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2010/07/24 07:56:44 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\13elks8o.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O32 - AutoRun File - [2009/06/12 16:56:58 | 000,000,030 | RH-- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/06/01 12:55:32 | 000,000,038 | -H-- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{05924000-870e-11e0-b66b-000f1f57c38e}\Shell - "" = AutoRun
O33 - MountPoints2\{05924000-870e-11e0-b66b-000f1f57c38e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{05924000-870e-11e0-b66b-000f1f57c38e}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{395fef43-201d-11e0-b65b-000f1f57c38e}\Shell\AutoRun\command - "" = winlog.exe
O33 - MountPoints2\{395fef43-201d-11e0-b65b-000f1f57c38e}\Shell\open\command - "" = winlog.exe
O33 - MountPoints2\{a1f51ae1-f5fb-11e0-b694-000f1f57c38e}\Shell - "" = AutoRun
O33 - MountPoints2\{a1f51ae1-f5fb-11e0-b694-000f1f57c38e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a1f51ae1-f5fb-11e0-b694-000f1f57c38e}\Shell\AutoRun\command - "" = D:\setup.exe -a
O33 - MountPoints2\{af0adb50-8b6b-11dd-b584-000f1f57c38e}\Shell - "" = AutoRun
O33 - MountPoints2\{af0adb50-8b6b-11dd-b584-000f1f57c38e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{af0adb50-8b6b-11dd-b584-000f1f57c38e}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{cf8dd81c-939c-11dd-b58c-000f1f57c38e}\Shell - "" = AutoRun
O33 - MountPoints2\{cf8dd81c-939c-11dd-b58c-000f1f57c38e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf8dd81c-939c-11dd-b58c-000f1f57c38e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
[2012/02/13 05:48:23 | 000,000,853 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/13 00:18:08 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~ipb6kpJc0iCzcir
[2012/02/13 00:18:07 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~ipb6kpJc0iCzci
[2012/02/13 00:18:06 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\System Check.lnk
[2012/02/13 00:17:57 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ipb6kpJc0iCzci

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Documents and Settings\Todd\Local Settings\Application Data\*.exe
reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg /c
sc config wacomvhid start= disabled /c
sc config trcboot start= disabled /c
sc config lvsrvlauncher start= disabled /c
sc config IBM_LLC2 start= disabled /c
net start /c
    
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


Copy the text in the code box:


nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
Jfenz
Posted 16 February 2012 - 01:11 PM

Jfenz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thank you Ron for your quick response. I am in work right now and will follow your instructions this evening and post the appropriate logs at that time.
  • 0

#4
Jfenz
Posted 16 February 2012 - 06:06 PM

Jfenz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi Ron,

Just got home a short time ago and now I have no internet connection. I am responding to you from a different computer (on the same network) so I should be able to download the programs onto a flash drive and run them on my machine. Please advise if there's something different I should be doing in light of having no connection.

Thanks,

Jack
  • 0

#5
Jfenz
Posted 16 February 2012 - 07:44 PM

Jfenz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Combofix ran, but did not install the recovery console due to no internet connection. I'll continue with the other scans.

ComboFix 12-02-16.02 - Owner 02/16/2012 19:48:27.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1674 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\~ipb6kpJc0iCzci
c:\documents and settings\All Users\Application Data\~ipb6kpJc0iCzcir
c:\documents and settings\All Users\Application Data\ipb6kpJc0iCzci
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
c:\documents and settings\Owner\Start Menu\Programs\System Check
c:\documents and settings\Owner\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\Owner\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\documents and settings\Stacy\My Documents\~WRL2205.tmp
c:\documents and settings\Stacy\My Documents\~WRL3507.tmp
c:\windows\$NtUninstallKB49322$\2636406158\@
c:\windows\$NtUninstallKB49322$\2636406158\cfg.ini
c:\windows\$NtUninstallKB49322$\2636406158\Desktop.ini
c:\windows\$NtUninstallKB49322$\2636406158\L\maanxvpf
c:\windows\$NtUninstallKB49322$\2636406158\U\00000001.@
c:\windows\$NtUninstallKB49322$\2636406158\U\00000002.@
c:\windows\$NtUninstallKB49322$\2636406158\U\00000004.@
c:\windows\$NtUninstallKB49322$\2636406158\U\80000000.@
c:\windows\$NtUninstallKB49322$\2636406158\U\80000004.@
c:\windows\$NtUninstallKB49322$\2636406158\U\80000032.@
c:\windows\$NtUninstallKB49322$\2636406158\version
c:\windows\$NtUninstallKB49322$\837611208
H:\autorun.inf
c:\windows\$NtUninstallKB49322$\2636406158\cfg.ini . . . . Failed to delete
.
Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2012-01-17 to 2012-02-17 )))))))))))))))))))))))))))))))
.
.
2012-02-17 00:44 . 2012-02-16 02:46 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 02:54 . 2012-02-16 02:54 -------- d-----w- c:\documents and settings\Owner\Application Data\FixZeroAccess
2012-02-16 02:52 . 2012-02-16 02:52 1766312 ----a-w- C:\FixZeroAccess.exe
2012-02-16 01:58 . 2012-02-16 02:46 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-02-16 00:37 . 2012-02-16 00:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-15 06:57 . 2012-02-15 06:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-02-15 01:18 . 2012-02-15 01:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-02-15 01:18 . 2012-02-15 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-15 01:18 . 2012-02-15 01:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-15 01:18 . 2011-12-10 20:24 20464 ---ha-w- c:\windows\system32\drivers\mbam.sys
2012-02-15 00:43 . 2012-02-15 00:43 -------- d--h--w- c:\documents and settings\Owner\Application Data\Tific
2012-02-14 00:47 . 2012-02-14 01:43 -------- d--h--w- c:\documents and settings\Owner\Local Settings\Application Data\NPE
2012-02-14 00:20 . 2012-02-14 00:15 1932256 ---ha-w- C:\FixTDSS.exe
2012-02-13 05:13 . 2012-02-17 00:47 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-13 05:12 . 2012-02-13 05:12 -------- d--h--w- c:\documents and settings\Owner\Local Settings\Application Data\SanctionedMedia
2012-02-07 22:32 . 2012-02-07 22:33 -------- d-----w- c:\windows\system32\drivers\N360\0502000.00D
2012-01-31 00:49 . 2012-01-31 00:49 -------- d-s---w- c:\documents and settings\NetworkService\UserData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 02:43 . 2004-08-04 10:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-16 02:41 . 2012-02-16 02:41 162816 ----a-w- c:\windows\system32\drivers\`
2012-02-16 02:30 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-11 21:27 . 2011-05-13 02:29 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2004-08-04 10:00 293376 ---ha-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-04 10:00 1859584 ---ha-w- c:\windows\system32\win32k.sys
2012-02-12 16:20 . 2012-02-12 16:20 134104 ---ha-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe" [2003-08-18 53248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\documents and settings\Jack\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2010-11-19 114688]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bloggie Watcher Utility.lnk - c:\program files\Sony\Bloggie Software\BGVolumeWatcher.exe [2011-2-8 746856]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ---h--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
2008-04-14 00:12 1695232 ---h--w- c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\utorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1086:TCP"= 1086:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502000.00D\symds.sys [2/7/2012 5:33 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502000.00D\symefa.sys [2/7/2012 5:33 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120207.003\BHDrvx86.sys [2/8/2012 5:43 PM 820344]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502000.00D\ironx86.sys [2/7/2012 5:33 PM 136312]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 5:00 AM 14336]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [2/7/2012 5:32 PM 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/11/2012 7:48 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120214.003\IDSXpx86.sys [2/14/2012 7:59 PM 356280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S3 XDva296;XDva296;\??\c:\windows\system32\XDva296.sys --> c:\windows\system32\XDva296.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
IBM_LLC2
trcboot
vclone
wacomvhid
lvsrvlauncher
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2012-02-07 c:\windows\Tasks\defrag.job
- c:\windows\system32\defrag.exe [2004-08-04 00:12]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-963894560-839522115-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-07 21:34]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-963894560-839522115-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-07 21:34]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-963894560-839522115-1004Core.job
- c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-24 00:58]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-963894560-839522115-1004UA.job
- c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-24 00:58]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-963894560-839522115-1009Core.job
- c:\documents and settings\Erin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-12 04:20]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-963894560-839522115-1009UA.job
- c:\documents and settings\Erin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-12 04:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyOverride = 127.0.0.1;*.local;127.0.0.1:9421;
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\13elks8o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fhl%3Den%26tab%3Dwm%26ui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2&hl=en
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Desktop Software - c:\program files\Common Files\SupportSoft\bin\bcont.exe
Notify-NavLogon - (no file)
SafeBoot-00352433.sys
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-16 20:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB49322$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3864)
c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Illustrate\dBpoweramp\dBShell.dll
.
- - - - - - - > 'explorer.exe'(1064)
c:\windows\system32\msi.dll
c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Illustrate\dBpoweramp\dBShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Mozilla Firefox\firefox.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2012-02-16 20:38:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-17 01:38
.
Pre-Run: 27,848,601,600 bytes free
Post-Run: 29,336,899,584 bytes free
.
- - End Of File - - C28A4CFD2F2F4D6FFB3DAC104D28FECA
  • 0

#6
Jfenz
Posted 16 February 2012 - 07:51 PM

Jfenz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
TDSSKiller Log 1

20:47:59.0390 3240 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
20:48:00.0265 3240 ============================================================
20:48:00.0265 3240 Current date / time: 2012/02/16 20:48:00.0265
20:48:00.0265 3240 SystemInfo:
20:48:00.0265 3240
20:48:00.0265 3240 OS Version: 5.1.2600 ServicePack: 3.0
20:48:00.0265 3240 Product type: Workstation
20:48:00.0265 3240 ComputerName: FENZILWXP-01
20:48:00.0265 3240 UserName: Owner
20:48:00.0265 3240 Windows directory: C:\WINDOWS
20:48:00.0265 3240 System windows directory: C:\WINDOWS
20:48:00.0265 3240 Processor architecture: Intel x86
20:48:00.0265 3240 Number of processors: 1
20:48:00.0265 3240 Page size: 0x1000
20:48:00.0265 3240 Boot type: Normal boot
20:48:00.0265 3240 ============================================================
20:48:03.0000 3240 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:48:03.0000 3240 Drive \Device\Harddisk1\DR2 - Size: 0x4A5BF00000 (297.44 Gb), SectorSize: 0x200, Cylinders: 0x97AB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:48:03.0000 3240 \Device\Harddisk0\DR0:
20:48:03.0000 3240 MBR used
20:48:03.0000 3240 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
20:48:03.0000 3240 \Device\Harddisk1\DR2:
20:48:03.0000 3240 MBR used
20:48:03.0000 3240 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x252DF000
20:48:03.0375 3240 Initialize success
20:48:03.0375 3240 ============================================================
20:48:15.0718 0924 ============================================================
20:48:15.0718 0924 Scan started
20:48:15.0718 0924 Mode: Manual;
20:48:15.0718 0924 ============================================================
20:48:16.0531 0924 Abiosdsk - ok
20:48:16.0656 0924 abp480n5 - ok
20:48:16.0890 0924 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:48:16.0906 0924 ACPI - ok
20:48:17.0156 0924 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:48:17.0156 0924 ACPIEC - ok
20:48:17.0312 0924 adpu160m - ok
20:48:17.0484 0924 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:48:17.0484 0924 aec - ok
20:48:17.0609 0924 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:48:17.0625 0924 AFD - ok
20:48:17.0781 0924 Aha154x - ok
20:48:17.0843 0924 aic78u2 - ok
20:48:17.0906 0924 aic78xx - ok
20:48:18.0046 0924 AliIde - ok
20:48:18.0109 0924 amsint - ok
20:48:18.0187 0924 asc - ok
20:48:18.0250 0924 asc3350p - ok
20:48:18.0312 0924 asc3550 - ok
20:48:18.0453 0924 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:48:18.0453 0924 AsyncMac - ok
20:48:18.0609 0924 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:48:18.0609 0924 atapi - ok
20:48:18.0828 0924 Atdisk - ok
20:48:19.0000 0924 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:48:19.0000 0924 Atmarpc - ok
20:48:19.0171 0924 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:48:19.0171 0924 audstub - ok
20:48:19.0296 0924 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
20:48:19.0312 0924 bcm4sbxp - ok
20:48:19.0437 0924 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:48:19.0437 0924 Beep - ok
20:48:19.0859 0924 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120207.003\BHDrvx86.sys
20:48:19.0875 0924 BHDrvx86 - ok
20:48:20.0015 0924 BVRPMPR5 - ok
20:48:20.0187 0924 catchme - ok
20:48:20.0390 0924 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:48:20.0421 0924 cbidf2k - ok
20:48:20.0484 0924 cd20xrnt - ok
20:48:20.0609 0924 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:48:20.0609 0924 Cdaudio - ok
20:48:20.0781 0924 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:48:20.0796 0924 Cdfs - ok
20:48:21.0000 0924 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:48:21.0000 0924 Cdrom - ok
20:48:21.0109 0924 cercsr6 - ok
20:48:21.0171 0924 Changer - ok
20:48:21.0265 0924 CmdIde - ok
20:48:21.0359 0924 Cpqarray - ok
20:48:21.0421 0924 dac2w2k - ok
20:48:21.0500 0924 dac960nt - ok
20:48:21.0625 0924 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:48:21.0640 0924 Disk - ok
20:48:21.0843 0924 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:48:21.0890 0924 dmboot - ok
20:48:22.0078 0924 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:48:22.0093 0924 dmio - ok
20:48:22.0218 0924 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:48:22.0218 0924 dmload - ok
20:48:22.0390 0924 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:48:22.0390 0924 DMusic - ok
20:48:22.0468 0924 dpti2o - ok
20:48:22.0593 0924 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:48:22.0593 0924 drmkaud - ok
20:48:22.0875 0924 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:48:22.0890 0924 eeCtrl - ok
20:48:23.0046 0924 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:48:23.0046 0924 EraserUtilRebootDrv - ok
20:48:23.0218 0924 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:48:23.0250 0924 Fastfat - ok
20:48:23.0500 0924 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:48:23.0500 0924 Fdc - ok
20:48:23.0640 0924 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:48:23.0640 0924 Fips - ok
20:48:23.0859 0924 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:48:23.0859 0924 Flpydisk - ok
20:48:24.0000 0924 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:48:24.0015 0924 FltMgr - ok
20:48:24.0250 0924 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
20:48:24.0250 0924 fssfltr - ok
20:48:24.0375 0924 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:48:24.0375 0924 Fs_Rec - ok
20:48:24.0531 0924 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:48:24.0531 0924 Ftdisk - ok
20:48:24.0625 0924 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:48:24.0640 0924 GEARAspiWDM - ok
20:48:24.0890 0924 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:48:24.0906 0924 Gpc - ok
20:48:25.0078 0924 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:48:25.0078 0924 HidUsb - ok
20:48:25.0156 0924 hpn - ok
20:48:25.0296 0924 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:48:25.0312 0924 HTTP - ok
20:48:25.0390 0924 i2omgmt - ok
20:48:25.0484 0924 i2omp - ok
20:48:25.0609 0924 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:48:25.0609 0924 i8042prt - ok
20:48:25.0781 0924 ialm - ok
20:48:26.0171 0924 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120214.003\IDSxpx86.sys
20:48:26.0187 0924 IDSxpx86 - ok
20:48:26.0359 0924 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:48:26.0375 0924 Imapi - ok
20:48:26.0515 0924 ini910u - ok
20:48:26.0656 0924 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:48:26.0656 0924 IntelIde - ok
20:48:26.0828 0924 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:48:26.0828 0924 intelppm - ok
20:48:26.0937 0924 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:48:26.0937 0924 Ip6Fw - ok
20:48:27.0125 0924 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:48:27.0156 0924 IpFilterDriver - ok
20:48:27.0296 0924 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:48:27.0312 0924 IpInIp - ok
20:48:27.0468 0924 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:48:27.0484 0924 IpNat - ok
20:48:27.0609 0924 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:48:27.0609 0924 IPSec - ok
20:48:27.0828 0924 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:48:27.0828 0924 IRENUM - ok
20:48:28.0000 0924 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:48:28.0000 0924 isapnp - ok
20:48:28.0125 0924 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:48:28.0125 0924 Kbdclass - ok
20:48:28.0250 0924 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:48:28.0265 0924 kmixer - ok
20:48:28.0390 0924 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:48:28.0390 0924 KSecDD - ok
20:48:28.0484 0924 lbrtfdc - ok
20:48:28.0703 0924 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:48:28.0703 0924 mnmdd - ok
20:48:28.0812 0924 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:48:28.0812 0924 Modem - ok
20:48:28.0968 0924 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:48:28.0968 0924 Mouclass - ok
20:48:29.0140 0924 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:48:29.0140 0924 mouhid - ok
20:48:29.0265 0924 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:48:29.0265 0924 MountMgr - ok
20:48:29.0328 0924 mraid35x - ok
20:48:29.0453 0924 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:48:29.0468 0924 MRxDAV - ok
20:48:29.0625 0924 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:48:29.0656 0924 MRxSmb - ok
20:48:29.0937 0924 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:48:29.0937 0924 Msfs - ok
20:48:30.0109 0924 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:48:30.0109 0924 MSKSSRV - ok
20:48:30.0250 0924 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:48:30.0250 0924 MSPCLOCK - ok
20:48:30.0375 0924 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:48:30.0390 0924 MSPQM - ok
20:48:30.0531 0924 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:48:30.0531 0924 mssmbios - ok
20:48:30.0656 0924 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:48:30.0671 0924 Mup - ok
20:48:31.0109 0924 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120215.004\NAVENG.SYS
20:48:31.0140 0924 NAVENG - ok
20:48:31.0609 0924 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120215.004\NAVEX15.SYS
20:48:31.0625 0924 NAVEX15 - ok
20:48:31.0921 0924 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:48:31.0937 0924 NDIS - ok
20:48:32.0109 0924 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:48:32.0109 0924 NdisTapi - ok
20:48:32.0234 0924 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:48:32.0234 0924 Ndisuio - ok
20:48:32.0359 0924 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:48:32.0375 0924 NdisWan - ok
20:48:32.0500 0924 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:48:32.0500 0924 NDProxy - ok
20:48:32.0625 0924 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:48:32.0625 0924 NetBIOS - ok
20:48:32.0812 0924 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:48:32.0812 0924 NetBT - ok
20:48:33.0015 0924 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:48:33.0015 0924 Npfs - ok
20:48:33.0171 0924 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:48:33.0171 0924 Ntfs - ok
20:48:33.0312 0924 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:48:33.0312 0924 Null - ok
20:48:33.0406 0924 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:48:33.0421 0924 NwlnkFlt - ok
20:48:33.0546 0924 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:48:33.0546 0924 NwlnkFwd - ok
20:48:33.0812 0924 OMCI - ok
20:48:33.0984 0924 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
20:48:33.0984 0924 PalmUSBD - ok
20:48:34.0140 0924 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:48:34.0156 0924 Parport - ok
20:48:34.0281 0924 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:48:34.0281 0924 PartMgr - ok
20:48:34.0406 0924 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:48:34.0406 0924 ParVdm - ok
20:48:34.0546 0924 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:48:34.0546 0924 PCI - ok
20:48:34.0609 0924 PCIDump - ok
20:48:34.0718 0924 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
20:48:34.0718 0924 PCIIde - ok
20:48:34.0906 0924 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:48:34.0921 0924 Pcmcia - ok
20:48:35.0046 0924 PDCOMP - ok
20:48:35.0125 0924 PDFRAME - ok
20:48:35.0187 0924 PDRELI - ok
20:48:35.0250 0924 PDRFRAME - ok
20:48:35.0312 0924 perc2 - ok
20:48:35.0390 0924 perc2hib - ok
20:48:35.0546 0924 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:48:35.0562 0924 PptpMiniport - ok
20:48:35.0718 0924 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:48:35.0718 0924 PSched - ok
20:48:35.0843 0924 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:48:35.0843 0924 Ptilink - ok
20:48:35.0906 0924 PxHelp20 - ok
20:48:36.0031 0924 ql1080 - ok
20:48:36.0093 0924 Ql10wnt - ok
20:48:36.0156 0924 ql12160 - ok
20:48:36.0234 0924 ql1240 - ok
20:48:36.0296 0924 ql1280 - ok
20:48:36.0421 0924 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:48:36.0437 0924 RasAcd - ok
20:48:36.0562 0924 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:48:36.0562 0924 Rasl2tp - ok
20:48:36.0718 0924 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:48:36.0718 0924 RasPppoe - ok
20:48:36.0859 0924 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:48:36.0859 0924 Raspti - ok
20:48:37.0000 0924 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:48:37.0000 0924 Rdbss - ok
20:48:37.0171 0924 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:48:37.0171 0924 RDPCDD - ok
20:48:37.0296 0924 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:48:37.0328 0924 RDPWD - ok
20:48:37.0562 0924 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:48:37.0562 0924 redbook - ok
20:48:37.0859 0924 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:48:37.0859 0924 Secdrv - ok
20:48:38.0046 0924 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
20:48:38.0093 0924 senfilt - ok
20:48:38.0328 0924 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:48:38.0328 0924 serenum - ok
20:48:38.0437 0924 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:48:38.0437 0924 Serial - ok
20:48:38.0687 0924 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:48:38.0687 0924 Sfloppy - ok
20:48:38.0859 0924 Simbad - ok
20:48:39.0000 0924 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
20:48:39.0015 0924 smwdm - ok
20:48:39.0093 0924 Sparrow - ok
20:48:39.0218 0924 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:48:39.0218 0924 splitter - ok
20:48:39.0343 0924 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:48:39.0359 0924 sr - ok
20:48:39.0546 0924 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS
20:48:39.0578 0924 SRTSP - ok
20:48:39.0906 0924 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS
20:48:39.0921 0924 SRTSPX - ok
20:48:40.0203 0924 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:48:40.0218 0924 Srv - ok
20:48:40.0406 0924 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
20:48:40.0406 0924 StillCam - ok
20:48:40.0531 0924 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:48:40.0546 0924 swenum - ok
20:48:40.0718 0924 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:48:40.0718 0924 swmidi - ok
20:48:40.0796 0924 symc810 - ok
20:48:40.0875 0924 symc8xx - ok
20:48:41.0046 0924 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS
20:48:41.0093 0924 SymDS - ok
20:48:41.0406 0924 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS
20:48:41.0437 0924 SymEFA - ok
20:48:41.0625 0924 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
20:48:41.0625 0924 SymEvent - ok
20:48:41.0875 0924 SymIM (94a2459242a6dd0daf3baa99e96784ff) C:\WINDOWS\system32\DRIVERS\SymIM.sys
20:48:41.0875 0924 SymIM - ok
20:48:41.0890 0924 SymIMMP (94a2459242a6dd0daf3baa99e96784ff) C:\WINDOWS\system32\DRIVERS\SymIM.sys
20:48:41.0890 0924 SymIMMP - ok
20:48:42.0093 0924 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS
20:48:42.0109 0924 SymIRON - ok
20:48:42.0390 0924 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS
20:48:42.0390 0924 SYMTDI - ok
20:48:42.0500 0924 sym_hi - ok
20:48:42.0578 0924 sym_u3 - ok
20:48:42.0718 0924 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:48:42.0734 0924 sysaudio - ok
20:48:42.0875 0924 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:48:42.0890 0924 Tcpip - ok
20:48:43.0015 0924 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:48:43.0015 0924 TDPIPE - ok
20:48:43.0203 0924 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:48:43.0203 0924 TDTCP - ok
20:48:43.0390 0924 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:48:43.0390 0924 TermDD - ok
20:48:43.0562 0924 TosIde - ok
20:48:43.0875 0924 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:48:43.0875 0924 Udfs - ok
20:48:44.0031 0924 ultra - ok
20:48:44.0265 0924 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:48:44.0296 0924 Update - ok
20:48:44.0515 0924 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:48:44.0531 0924 USBAAPL - ok
20:48:44.0656 0924 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:48:44.0703 0924 usbaudio - ok
20:48:44.0859 0924 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:48:44.0875 0924 usbccgp - ok
20:48:45.0015 0924 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:48:45.0015 0924 usbehci - ok
20:48:45.0140 0924 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:48:45.0156 0924 usbhub - ok
20:48:45.0250 0924 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:48:45.0250 0924 usbprint - ok
20:48:45.0390 0924 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:48:45.0390 0924 usbscan - ok
20:48:45.0546 0924 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:48:45.0546 0924 USBSTOR - ok
20:48:45.0671 0924 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:48:45.0687 0924 usbuhci - ok
20:48:45.0859 0924 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:48:45.0875 0924 VgaSave - ok
20:48:45.0937 0924 ViaIde - ok
20:48:46.0109 0924 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:48:46.0109 0924 VolSnap - ok
20:48:46.0281 0924 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:48:46.0281 0924 Wanarp - ok
20:48:46.0343 0924 WDICA - ok
20:48:46.0468 0924 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:48:46.0468 0924 wdmaud - ok
20:48:46.0703 0924 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:48:46.0703 0924 WS2IFSL - ok
20:48:46.0843 0924 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:48:46.0843 0924 WudfPf - ok
20:48:46.0968 0924 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:48:46.0968 0924 WudfRd - ok
20:48:47.0062 0924 XDva296 - ok
20:48:47.0125 0924 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:48:47.0296 0924 \Device\Harddisk0\DR0 - ok
20:48:47.0312 0924 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
20:48:47.0312 0924 \Device\Harddisk1\DR2 - ok
20:48:47.0328 0924 Boot (0x1200) (6ab1bb8a34bb284148db36480c7799ad) \Device\Harddisk0\DR0\Partition0
20:48:47.0328 0924 \Device\Harddisk0\DR0\Partition0 - ok
20:48:47.0343 0924 Boot (0x1200) (899c3426de7045a03c06d0b80189ef46) \Device\Harddisk1\DR2\Partition0
20:48:47.0343 0924 \Device\Harddisk1\DR2\Partition0 - ok
20:48:47.0343 0924 ============================================================
20:48:47.0359 0924 Scan finished
20:48:47.0359 0924 ============================================================
20:48:47.0375 3372 Detected object count: 0
20:48:47.0375 3372 Actual detected object count: 0
  • 0

#7
Jfenz
Posted 16 February 2012 - 07:57 PM

Jfenz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
TDSSKiller log 2

20:47:59.0390 3240 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
20:48:00.0265 3240 ============================================================
20:48:00.0265 3240 Current date / time: 2012/02/16 20:48:00.0265
20:48:00.0265 3240 SystemInfo:
20:48:00.0265 3240
20:48:00.0265 3240 OS Version: 5.1.2600 ServicePack: 3.0
20:48:00.0265 3240 Product type: Workstation
20:48:00.0265 3240 ComputerName: FENZILWXP-01
20:48:00.0265 3240 UserName: Owner
20:48:00.0265 3240 Windows directory: C:\WINDOWS
20:48:00.0265 3240 System windows directory: C:\WINDOWS
20:48:00.0265 3240 Processor architecture: Intel x86
20:48:00.0265 3240 Number of processors: 1
20:48:00.0265 3240 Page size: 0x1000
20:48:00.0265 3240 Boot type: Normal boot
20:48:00.0265 3240 ============================================================
20:48:03.0000 3240 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:48:03.0000 3240 Drive \Device\Harddisk1\DR2 - Size: 0x4A5BF00000 (297.44 Gb), SectorSize: 0x200, Cylinders: 0x97AB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:48:03.0000 3240 \Device\Harddisk0\DR0:
20:48:03.0000 3240 MBR used
20:48:03.0000 3240 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
20:48:03.0000 3240 \Device\Harddisk1\DR2:
20:48:03.0000 3240 MBR used
20:48:03.0000 3240 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x252DF000
20:48:03.0375 3240 Initialize success
20:48:03.0375 3240 ============================================================
20:48:15.0718 0924 ============================================================
20:48:15.0718 0924 Scan started
20:48:15.0718 0924 Mode: Manual;
20:48:15.0718 0924 ============================================================
20:48:16.0531 0924 Abiosdsk - ok
20:48:16.0656 0924 abp480n5 - ok
20:48:16.0890 0924 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:48:16.0906 0924 ACPI - ok
20:48:17.0156 0924 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:48:17.0156 0924 ACPIEC - ok
20:48:17.0312 0924 adpu160m - ok
20:48:17.0484 0924 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:48:17.0484 0924 aec - ok
20:48:17.0609 0924 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:48:17.0625 0924 AFD - ok
20:48:17.0781 0924 Aha154x - ok
20:48:17.0843 0924 aic78u2 - ok
20:48:17.0906 0924 aic78xx - ok
20:48:18.0046 0924 AliIde - ok
20:48:18.0109 0924 amsint - ok
20:48:18.0187 0924 asc - ok
20:48:18.0250 0924 asc3350p - ok
20:48:18.0312 0924 asc3550 - ok
20:48:18.0453 0924 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:48:18.0453 0924 AsyncMac - ok
20:48:18.0609 0924 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:48:18.0609 0924 atapi - ok
20:48:18.0828 0924 Atdisk - ok
20:48:19.0000 0924 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:48:19.0000 0924 Atmarpc - ok
20:48:19.0171 0924 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:48:19.0171 0924 audstub - ok
20:48:19.0296 0924 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
20:48:19.0312 0924 bcm4sbxp - ok
20:48:19.0437 0924 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:48:19.0437 0924 Beep - ok
20:48:19.0859 0924 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120207.003\BHDrvx86.sys
20:48:19.0875 0924 BHDrvx86 - ok
20:48:20.0015 0924 BVRPMPR5 - ok
20:48:20.0187 0924 catchme - ok
20:48:20.0390 0924 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:48:20.0421 0924 cbidf2k - ok
20:48:20.0484 0924 cd20xrnt - ok
20:48:20.0609 0924 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:48:20.0609 0924 Cdaudio - ok
20:48:20.0781 0924 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:48:20.0796 0924 Cdfs - ok
20:48:21.0000 0924 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:48:21.0000 0924 Cdrom - ok
20:48:21.0109 0924 cercsr6 - ok
20:48:21.0171 0924 Changer - ok
20:48:21.0265 0924 CmdIde - ok
20:48:21.0359 0924 Cpqarray - ok
20:48:21.0421 0924 dac2w2k - ok
20:48:21.0500 0924 dac960nt - ok
20:48:21.0625 0924 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:48:21.0640 0924 Disk - ok
20:48:21.0843 0924 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:48:21.0890 0924 dmboot - ok
20:48:22.0078 0924 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:48:22.0093 0924 dmio - ok
20:48:22.0218 0924 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:48:22.0218 0924 dmload - ok
20:48:22.0390 0924 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:48:22.0390 0924 DMusic - ok
20:48:22.0468 0924 dpti2o - ok
20:48:22.0593 0924 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:48:22.0593 0924 drmkaud - ok
20:48:22.0875 0924 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:48:22.0890 0924 eeCtrl - ok
20:48:23.0046 0924 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:48:23.0046 0924 EraserUtilRebootDrv - ok
20:48:23.0218 0924 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:48:23.0250 0924 Fastfat - ok
20:48:23.0500 0924 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:48:23.0500 0924 Fdc - ok
20:48:23.0640 0924 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:48:23.0640 0924 Fips - ok
20:48:23.0859 0924 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:48:23.0859 0924 Flpydisk - ok
20:48:24.0000 0924 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:48:24.0015 0924 FltMgr - ok
20:48:24.0250 0924 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
20:48:24.0250 0924 fssfltr - ok
20:48:24.0375 0924 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:48:24.0375 0924 Fs_Rec - ok
20:48:24.0531 0924 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:48:24.0531 0924 Ftdisk - ok
20:48:24.0625 0924 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:48:24.0640 0924 GEARAspiWDM - ok
20:48:24.0890 0924 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:48:24.0906 0924 Gpc - ok
20:48:25.0078 0924 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:48:25.0078 0924 HidUsb - ok
20:48:25.0156 0924 hpn - ok
20:48:25.0296 0924 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:48:25.0312 0924 HTTP - ok
20:48:25.0390 0924 i2omgmt - ok
20:48:25.0484 0924 i2omp - ok
20:48:25.0609 0924 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:48:25.0609 0924 i8042prt - ok
20:48:25.0781 0924 ialm - ok
20:48:26.0171 0924 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120214.003\IDSxpx86.sys
20:48:26.0187 0924 IDSxpx86 - ok
20:48:26.0359 0924 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:48:26.0375 0924 Imapi - ok
20:48:26.0515 0924 ini910u - ok
20:48:26.0656 0924 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:48:26.0656 0924 IntelIde - ok
20:48:26.0828 0924 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:48:26.0828 0924 intelppm - ok
20:48:26.0937 0924 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:48:26.0937 0924 Ip6Fw - ok
20:48:27.0125 0924 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:48:27.0156 0924 IpFilterDriver - ok
20:48:27.0296 0924 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:48:27.0312 0924 IpInIp - ok
20:48:27.0468 0924 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:48:27.0484 0924 IpNat - ok
20:48:27.0609 0924 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:48:27.0609 0924 IPSec - ok
20:48:27.0828 0924 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:48:27.0828 0924 IRENUM - ok
20:48:28.0000 0924 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:48:28.0000 0924 isapnp - ok
20:48:28.0125 0924 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:48:28.0125 0924 Kbdclass - ok
20:48:28.0250 0924 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:48:28.0265 0924 kmixer - ok
20:48:28.0390 0924 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:48:28.0390 0924 KSecDD - ok
20:48:28.0484 0924 lbrtfdc - ok
20:48:28.0703 0924 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:48:28.0703 0924 mnmdd - ok
20:48:28.0812 0924 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:48:28.0812 0924 Modem - ok
20:48:28.0968 0924 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:48:28.0968 0924 Mouclass - ok
20:48:29.0140 0924 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:48:29.0140 0924 mouhid - ok
20:48:29.0265 0924 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:48:29.0265 0924 MountMgr - ok
20:48:29.0328 0924 mraid35x - ok
20:48:29.0453 0924 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:48:29.0468 0924 MRxDAV - ok
20:48:29.0625 0924 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:48:29.0656 0924 MRxSmb - ok
20:48:29.0937 0924 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:48:29.0937 0924 Msfs - ok
20:48:30.0109 0924 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:48:30.0109 0924 MSKSSRV - ok
20:48:30.0250 0924 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:48:30.0250 0924 MSPCLOCK - ok
20:48:30.0375 0924 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:48:30.0390 0924 MSPQM - ok
20:48:30.0531 0924 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:48:30.0531 0924 mssmbios - ok
20:48:30.0656 0924 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:48:30.0671 0924 Mup - ok
20:48:31.0109 0924 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120215.004\NAVENG.SYS
20:48:31.0140 0924 NAVENG - ok
20:48:31.0609 0924 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120215.004\NAVEX15.SYS
20:48:31.0625 0924 NAVEX15 - ok
20:48:31.0921 0924 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:48:31.0937 0924 NDIS - ok
20:48:32.0109 0924 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:48:32.0109 0924 NdisTapi - ok
20:48:32.0234 0924 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:48:32.0234 0924 Ndisuio - ok
20:48:32.0359 0924 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:48:32.0375 0924 NdisWan - ok
20:48:32.0500 0924 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:48:32.0500 0924 NDProxy - ok
20:48:32.0625 0924 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:48:32.0625 0924 NetBIOS - ok
20:48:32.0812 0924 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:48:32.0812 0924 NetBT - ok
20:48:33.0015 0924 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:48:33.0015 0924 Npfs - ok
20:48:33.0171 0924 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:48:33.0171 0924 Ntfs - ok
20:48:33.0312 0924 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:48:33.0312 0924 Null - ok
20:48:33.0406 0924 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:48:33.0421 0924 NwlnkFlt - ok
20:48:33.0546 0924 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:48:33.0546 0924 NwlnkFwd - ok
20:48:33.0812 0924 OMCI - ok
20:48:33.0984 0924 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
20:48:33.0984 0924 PalmUSBD - ok
20:48:34.0140 0924 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:48:34.0156 0924 Parport - ok
20:48:34.0281 0924 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:48:34.0281 0924 PartMgr - ok
20:48:34.0406 0924 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:48:34.0406 0924 ParVdm - ok
20:48:34.0546 0924 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:48:34.0546 0924 PCI - ok
20:48:34.0609 0924 PCIDump - ok
20:48:34.0718 0924 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
20:48:34.0718 0924 PCIIde - ok
20:48:34.0906 0924 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:48:34.0921 0924 Pcmcia - ok
20:48:35.0046 0924 PDCOMP - ok
20:48:35.0125 0924 PDFRAME - ok
20:48:35.0187 0924 PDRELI - ok
20:48:35.0250 0924 PDRFRAME - ok
20:48:35.0312 0924 perc2 - ok
20:48:35.0390 0924 perc2hib - ok
20:48:35.0546 0924 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:48:35.0562 0924 PptpMiniport - ok
20:48:35.0718 0924 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:48:35.0718 0924 PSched - ok
20:48:35.0843 0924 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:48:35.0843 0924 Ptilink - ok
20:48:35.0906 0924 PxHelp20 - ok
20:48:36.0031 0924 ql1080 - ok
20:48:36.0093 0924 Ql10wnt - ok
20:48:36.0156 0924 ql12160 - ok
20:48:36.0234 0924 ql1240 - ok
20:48:36.0296 0924 ql1280 - ok
20:48:36.0421 0924 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:48:36.0437 0924 RasAcd - ok
20:48:36.0562 0924 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:48:36.0562 0924 Rasl2tp - ok
20:48:36.0718 0924 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:48:36.0718 0924 RasPppoe - ok
20:48:36.0859 0924 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:48:36.0859 0924 Raspti - ok
20:48:37.0000 0924 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:48:37.0000 0924 Rdbss - ok
20:48:37.0171 0924 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:48:37.0171 0924 RDPCDD - ok
20:48:37.0296 0924 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:48:37.0328 0924 RDPWD - ok
20:48:37.0562 0924 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:48:37.0562 0924 redbook - ok
20:48:37.0859 0924 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:48:37.0859 0924 Secdrv - ok
20:48:38.0046 0924 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
20:48:38.0093 0924 senfilt - ok
20:48:38.0328 0924 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:48:38.0328 0924 serenum - ok
20:48:38.0437 0924 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:48:38.0437 0924 Serial - ok
20:48:38.0687 0924 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:48:38.0687 0924 Sfloppy - ok
20:48:38.0859 0924 Simbad - ok
20:48:39.0000 0924 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
20:48:39.0015 0924 smwdm - ok
20:48:39.0093 0924 Sparrow - ok
20:48:39.0218 0924 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:48:39.0218 0924 splitter - ok
20:48:39.0343 0924 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:48:39.0359 0924 sr - ok
20:48:39.0546 0924 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS
20:48:39.0578 0924 SRTSP - ok
20:48:39.0906 0924 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS
20:48:39.0921 0924 SRTSPX - ok
20:48:40.0203 0924 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:48:40.0218 0924 Srv - ok
20:48:40.0406 0924 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
20:48:40.0406 0924 StillCam - ok
20:48:40.0531 0924 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:48:40.0546 0924 swenum - ok
20:48:40.0718 0924 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:48:40.0718 0924 swmidi - ok
20:48:40.0796 0924 symc810 - ok
20:48:40.0875 0924 symc8xx - ok
20:48:41.0046 0924 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS
20:48:41.0093 0924 SymDS - ok
20:48:41.0406 0924 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS
20:48:41.0437 0924 SymEFA - ok
20:48:41.0625 0924 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
20:48:41.0625 0924 SymEvent - ok
20:48:41.0875 0924 SymIM (94a2459242a6dd0daf3baa99e96784ff) C:\WINDOWS\system32\DRIVERS\SymIM.sys
20:48:41.0875 0924 SymIM - ok
20:48:41.0890 0924 SymIMMP (94a2459242a6dd0daf3baa99e96784ff) C:\WINDOWS\system32\DRIVERS\SymIM.sys
20:48:41.0890 0924 SymIMMP - ok
20:48:42.0093 0924 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS
20:48:42.0109 0924 SymIRON - ok
20:48:42.0390 0924 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS
20:48:42.0390 0924 SYMTDI - ok
20:48:42.0500 0924 sym_hi - ok
20:48:42.0578 0924 sym_u3 - ok
20:48:42.0718 0924 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:48:42.0734 0924 sysaudio - ok
20:48:42.0875 0924 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:48:42.0890 0924 Tcpip - ok
20:48:43.0015 0924 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:48:43.0015 0924 TDPIPE - ok
20:48:43.0203 0924 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:48:43.0203 0924 TDTCP - ok
20:48:43.0390 0924 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:48:43.0390 0924 TermDD - ok
20:48:43.0562 0924 TosIde - ok
20:48:43.0875 0924 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:48:43.0875 0924 Udfs - ok
20:48:44.0031 0924 ultra - ok
20:48:44.0265 0924 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:48:44.0296 0924 Update - ok
20:48:44.0515 0924 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:48:44.0531 0924 USBAAPL - ok
20:48:44.0656 0924 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:48:44.0703 0924 usbaudio - ok
20:48:44.0859 0924 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:48:44.0875 0924 usbccgp - ok
20:48:45.0015 0924 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:48:45.0015 0924 usbehci - ok
20:48:45.0140 0924 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:48:45.0156 0924 usbhub - ok
20:48:45.0250 0924 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:48:45.0250 0924 usbprint - ok
20:48:45.0390 0924 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:48:45.0390 0924 usbscan - ok
20:48:45.0546 0924 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:48:45.0546 0924 USBSTOR - ok
20:48:45.0671 0924 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:48:45.0687 0924 usbuhci - ok
20:48:45.0859 0924 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:48:45.0875 0924 VgaSave - ok
20:48:45.0937 0924 ViaIde - ok
20:48:46.0109 0924 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:48:46.0109 0924 VolSnap - ok
20:48:46.0281 0924 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:48:46.0281 0924 Wanarp - ok
20:48:46.0343 0924 WDICA - ok
20:48:46.0468 0924 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:48:46.0468 0924 wdmaud - ok
20:48:46.0703 0924 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:48:46.0703 0924 WS2IFSL - ok
20:48:46.0843 0924 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:48:46.0843 0924 WudfPf - ok
20:48:46.0968 0924 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:48:46.0968 0924 WudfRd - ok
20:48:47.0062 0924 XDva296 - ok
20:48:47.0125 0924 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:48:47.0296 0924 \Device\Harddisk0\DR0 - ok
20:48:47.0312 0924 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
20:48:47.0312 0924 \Device\Harddisk1\DR2 - ok
20:48:47.0328 0924 Boot (0x1200) (6ab1bb8a34bb284148db36480c7799ad) \Device\Harddisk0\DR0\Partition0
20:48:47.0328 0924 \Device\Harddisk0\DR0\Partition0 - ok
20:48:47.0343 0924 Boot (0x1200) (899c3426de7045a03c06d0b80189ef46) \Device\Harddisk1\DR2\Partition0
20:48:47.0343 0924 \Device\Harddisk1\DR2\Partition0 - ok
20:48:47.0343 0924 ============================================================
20:48:47.0359 0924 Scan finished
20:48:47.0359 0924 ============================================================
20:48:47.0375 3372 Detected object count: 0
20:48:47.0375 3372 Actual detected object count: 0
20:53:14.0312 2432 ============================================================
20:53:14.0312 2432 Scan started
20:53:14.0312 2432 Mode: Manual; SigCheck; TDLFS;
20:53:14.0312 2432 ============================================================
20:53:15.0125 2432 Abiosdsk - ok
20:53:15.0203 2432 abp480n5 - ok
20:53:15.0328 2432 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:53:16.0218 2432 ACPI - ok
20:53:16.0390 2432 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:53:16.0578 2432 ACPIEC - ok
20:53:16.0781 2432 adpu160m - ok
20:53:17.0078 2432 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:53:17.0265 2432 aec - ok
20:53:17.0531 2432 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:53:17.0593 2432 AFD - ok
20:53:17.0875 2432 Aha154x - ok
20:53:18.0187 2432 aic78u2 - ok
20:53:18.0468 2432 aic78xx - ok
20:53:18.0765 2432 AliIde - ok
20:53:19.0015 2432 amsint - ok
20:53:19.0234 2432 asc - ok
20:53:19.0453 2432 asc3350p - ok
20:53:19.0750 2432 asc3550 - ok
20:53:20.0109 2432 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:53:20.0296 2432 AsyncMac - ok
20:53:20.0546 2432 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:53:20.0734 2432 atapi - ok
20:53:20.0984 2432 Atdisk - ok
20:53:21.0093 2432 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:53:21.0265 2432 Atmarpc - ok
20:53:21.0593 2432 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:53:21.0781 2432 audstub - ok
20:53:22.0015 2432 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
20:53:22.0109 2432 bcm4sbxp - ok
20:53:22.0312 2432 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:53:22.0531 2432 Beep - ok
20:53:22.0906 2432 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120207.003\BHDrvx86.sys
20:53:23.0062 2432 BHDrvx86 - ok
20:53:23.0171 2432 BVRPMPR5 - ok
20:53:23.0343 2432 catchme - ok
20:53:23.0500 2432 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:53:23.0718 2432 cbidf2k - ok
20:53:23.0875 2432 cd20xrnt - ok
20:53:24.0000 2432 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:53:24.0203 2432 Cdaudio - ok
20:53:24.0359 2432 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:53:24.0562 2432 Cdfs - ok
20:53:24.0812 2432 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:53:24.0984 2432 Cdrom - ok
20:53:25.0187 2432 cercsr6 - ok
20:53:25.0250 2432 Changer - ok
20:53:25.0343 2432 CmdIde - ok
20:53:25.0609 2432 Cpqarray - ok
20:53:25.0687 2432 dac2w2k - ok
20:53:25.0859 2432 dac960nt - ok
20:53:25.0984 2432 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:53:26.0171 2432 Disk - ok
20:53:26.0468 2432 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:53:26.0687 2432 dmboot - ok
20:53:26.0937 2432 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:53:27.0109 2432 dmio - ok
20:53:27.0375 2432 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:53:27.0578 2432 dmload - ok
20:53:27.0796 2432 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:53:27.0968 2432 DMusic - ok
20:53:28.0171 2432 dpti2o - ok
20:53:28.0343 2432 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:53:28.0531 2432 drmkaud - ok
20:53:28.0734 2432 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:53:28.0765 2432 eeCtrl - ok
20:53:29.0000 2432 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:53:29.0015 2432 EraserUtilRebootDrv - ok
20:53:29.0468 2432 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:53:29.0640 2432 Fastfat - ok
20:53:29.0859 2432 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:53:30.0046 2432 Fdc - ok
20:53:30.0343 2432 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:53:30.0546 2432 Fips - ok
20:53:30.0921 2432 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:53:31.0109 2432 Flpydisk - ok
20:53:31.0421 2432 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:53:31.0609 2432 FltMgr - ok
20:53:31.0828 2432 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
20:53:31.0843 2432 fssfltr - ok
20:53:32.0062 2432 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:53:32.0265 2432 Fs_Rec - ok
20:53:32.0578 2432 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:53:32.0796 2432 Ftdisk - ok
20:53:33.0031 2432 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:53:33.0046 2432 GEARAspiWDM - ok
20:53:33.0328 2432 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:53:33.0515 2432 Gpc - ok
20:53:33.0687 2432 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:53:33.0859 2432 HidUsb - ok
20:53:33.0968 2432 hpn - ok
20:53:34.0125 2432 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:53:34.0203 2432 HTTP - ok
20:53:34.0296 2432 i2omgmt - ok
20:53:34.0375 2432 i2omp - ok
20:53:34.0546 2432 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:53:34.0734 2432 i8042prt - ok
20:53:34.0890 2432 ialm - ok
20:53:35.0296 2432 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120214.003\IDSxpx86.sys
20:53:35.0328 2432 IDSxpx86 - ok
20:53:35.0656 2432 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:53:35.0843 2432 Imapi - ok
20:53:36.0062 2432 ini910u - ok
20:53:36.0343 2432 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:53:36.0531 2432 IntelIde - ok
20:53:36.0718 2432 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:53:36.0875 2432 intelppm - ok
20:53:37.0078 2432 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:53:37.0265 2432 Ip6Fw - ok
20:53:37.0640 2432 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:53:37.0843 2432 IpFilterDriver - ok
20:53:38.0093 2432 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:53:38.0250 2432 IpInIp - ok
20:53:38.0593 2432 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:53:38.0781 2432 IpNat - ok
20:53:39.0203 2432 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:53:39.0390 2432 IPSec - ok
20:53:39.0687 2432 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:53:39.0875 2432 IRENUM - ok
20:53:40.0078 2432 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:53:40.0265 2432 isapnp - ok
20:53:40.0484 2432 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:53:40.0656 2432 Kbdclass - ok
20:53:40.0953 2432 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:53:41.0140 2432 kmixer - ok
20:53:41.0343 2432 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:53:41.0437 2432 KSecDD - ok
20:53:41.0765 2432 lbrtfdc - ok
20:53:42.0156 2432 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:53:42.0390 2432 mnmdd - ok
20:53:42.0750 2432 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:53:43.0109 2432 Modem - ok
20:53:43.0359 2432 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:53:43.0687 2432 Mouclass - ok
20:53:43.0937 2432 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:53:44.0140 2432 mouhid - ok
20:53:44.0421 2432 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:53:44.0609 2432 MountMgr - ok
20:53:44.0812 2432 mraid35x - ok
20:53:45.0031 2432 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:53:45.0234 2432 MRxDAV - ok
20:53:45.0468 2432 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:53:45.0578 2432 MRxSmb - ok
20:53:45.0812 2432 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:53:45.0984 2432 Msfs - ok
20:53:46.0187 2432 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:53:46.0375 2432 MSKSSRV - ok
20:53:46.0718 2432 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:53:46.0906 2432 MSPCLOCK - ok
20:53:47.0218 2432 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:53:47.0390 2432 MSPQM - ok
20:53:47.0718 2432 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:53:47.0906 2432 mssmbios - ok
20:53:48.0109 2432 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:53:48.0171 2432 Mup - ok
20:53:48.0515 2432 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120215.004\NAVENG.SYS
20:53:48.0531 2432 NAVENG - ok
20:53:49.0046 2432 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120215.004\NAVEX15.SYS
20:53:49.0156 2432 NAVEX15 - ok
20:53:49.0437 2432 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:53:49.0640 2432 NDIS - ok
20:53:49.0875 2432 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:53:49.0937 2432 NdisTapi - ok
20:53:50.0156 2432 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:53:50.0328 2432 Ndisuio - ok
20:53:50.0625 2432 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:53:50.0812 2432 NdisWan - ok
20:53:51.0140 2432 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:53:51.0218 2432 NDProxy - ok
20:53:51.0437 2432 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:53:51.0640 2432 NetBIOS - ok
20:53:51.0843 2432 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:53:52.0062 2432 NetBT - ok
20:53:52.0312 2432 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:53:52.0500 2432 Npfs - ok
20:53:52.0703 2432 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:53:52.0890 2432 Ntfs - ok
20:53:53.0281 2432 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:53:53.0484 2432 Null - ok
20:53:53.0671 2432 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:53:53.0906 2432 NwlnkFlt - ok
20:53:54.0093 2432 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:53:54.0328 2432 NwlnkFwd - ok
20:53:54.0562 2432 OMCI - ok
20:53:54.0906 2432 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
20:53:54.0968 2432 PalmUSBD - ok
20:53:55.0171 2432 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:53:55.0343 2432 Parport - ok
20:53:55.0609 2432 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:53:55.0812 2432 PartMgr - ok
20:53:56.0031 2432 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:53:56.0234 2432 ParVdm - ok
20:53:56.0453 2432 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:53:56.0625 2432 PCI - ok
20:53:56.0781 2432 PCIDump - ok
20:53:57.0000 2432 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
20:53:57.0218 2432 PCIIde - ok
20:53:57.0421 2432 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:53:57.0593 2432 Pcmcia - ok
20:53:57.0734 2432 PDCOMP - ok
20:53:57.0859 2432 PDFRAME - ok
20:53:58.0109 2432 PDRELI - ok
20:53:58.0390 2432 PDRFRAME - ok
20:53:58.0671 2432 perc2 - ok
20:53:58.0781 2432 perc2hib - ok
20:53:59.0156 2432 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:53:59.0328 2432 PptpMiniport - ok
20:53:59.0546 2432 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:53:59.0718 2432 PSched - ok
20:53:59.0906 2432 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:54:00.0109 2432 Ptilink - ok
20:54:00.0265 2432 PxHelp20 - ok
20:54:00.0328 2432 ql1080 - ok
20:54:00.0390 2432 Ql10wnt - ok
20:54:00.0531 2432 ql12160 - ok
20:54:00.0687 2432 ql1240 - ok
20:54:00.0843 2432 ql1280 - ok
20:54:00.0984 2432 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:54:01.0203 2432 RasAcd - ok
20:54:01.0437 2432 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:54:01.0593 2432 Rasl2tp - ok
20:54:01.0875 2432 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:54:02.0078 2432 RasPppoe - ok
20:54:02.0250 2432 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:54:02.0437 2432 Raspti - ok
20:54:02.0703 2432 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:54:02.0906 2432 Rdbss - ok
20:54:03.0125 2432 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:54:03.0375 2432 RDPCDD - ok
20:54:03.0687 2432 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:54:03.0781 2432 RDPWD - ok
20:54:04.0093 2432 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:54:04.0281 2432 redbook - ok
20:54:04.0640 2432 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:54:04.0828 2432 Secdrv - ok
20:54:05.0234 2432 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
20:54:05.0343 2432 senfilt - ok
20:54:05.0578 2432 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:54:05.0781 2432 serenum - ok
20:54:06.0062 2432 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:54:06.0218 2432 Serial - ok
20:54:06.0609 2432 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:54:06.0781 2432 Sfloppy - ok
20:54:07.0062 2432 Simbad - ok
20:54:07.0453 2432 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
20:54:07.0500 2432 smwdm - ok
20:54:07.0718 2432 Sparrow - ok
20:54:08.0031 2432 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:54:08.0203 2432 splitter - ok
20:54:08.0546 2432 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:54:08.0718 2432 sr - ok
20:54:09.0125 2432 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS
20:54:09.0156 2432 SRTSP - ok
20:54:09.0546 2432 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS
20:54:09.0546 2432 SRTSPX - ok
20:54:10.0265 2432 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:54:10.0359 2432 Srv - ok
20:54:10.0718 2432 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
20:54:10.0906 2432 StillCam - ok
20:54:11.0187 2432 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:54:11.0375 2432 swenum - ok
20:54:11.0625 2432 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:54:11.0796 2432 swmidi - ok
20:54:12.0078 2432 symc810 - ok
20:54:12.0359 2432 symc8xx - ok
20:54:12.0703 2432 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS
20:54:12.0734 2432 SymDS - ok
20:54:12.0984 2432 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS
20:54:13.0031 2432 SymEFA - ok
20:54:13.0218 2432 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
20:54:13.0218 2432 SymEvent - ok
20:54:13.0359 2432 SymIM (94a2459242a6dd0daf3baa99e96784ff) C:\WINDOWS\system32\DRIVERS\SymIM.sys
20:54:13.0359 2432 SymIM - ok
20:54:13.0390 2432 SymIMMP (94a2459242a6dd0daf3baa99e96784ff) C:\WINDOWS\system32\DRIVERS\SymIM.sys
20:54:13.0406 2432 SymIMMP - ok
20:54:13.0562 2432 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS
20:54:13.0578 2432 SymIRON - ok
20:54:13.0812 2432 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS
20:54:13.0843 2432 SYMTDI - ok
20:54:14.0000 2432 sym_hi - ok
20:54:14.0062 2432 sym_u3 - ok
20:54:14.0187 2432 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:54:14.0359 2432 sysaudio - ok
20:54:14.0593 2432 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:54:14.0671 2432 Tcpip - ok
20:54:15.0062 2432 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:54:15.0250 2432 TDPIPE - ok
20:54:15.0531 2432 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:54:15.0703 2432 TDTCP - ok
20:54:15.0921 2432 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:54:16.0109 2432 TermDD - ok
20:54:16.0328 2432 TosIde - ok
20:54:16.0546 2432 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:54:16.0718 2432 Udfs - ok
20:54:16.0875 2432 ultra - ok
20:54:17.0203 2432 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:54:17.0375 2432 Update - ok
20:54:17.0640 2432 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:54:17.0703 2432 USBAAPL - ok
20:54:17.0937 2432 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:54:18.0109 2432 usbaudio - ok
20:54:18.0328 2432 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:54:18.0500 2432 usbccgp - ok
20:54:18.0703 2432 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:54:18.0859 2432 usbehci - ok
20:54:19.0203 2432 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:54:19.0390 2432 usbhub - ok
20:54:19.0718 2432 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:54:19.0890 2432 usbprint - ok
20:54:20.0218 2432 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:54:20.0390 2432 usbscan - ok
20:54:20.0593 2432 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:54:20.0765 2432 USBSTOR - ok
20:54:21.0000 2432 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:54:21.0156 2432 usbuhci - ok
20:54:21.0500 2432 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:54:21.0687 2432 VgaSave - ok
20:54:21.0906 2432 ViaIde - ok
20:54:22.0187 2432 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:54:22.0359 2432 VolSnap - ok
20:54:22.0671 2432 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:54:22.0843 2432 Wanarp - ok
20:54:23.0187 2432 WDICA - ok
20:54:23.0546 2432 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:54:23.0718 2432 wdmaud - ok
20:54:24.0093 2432 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:54:24.0312 2432 WS2IFSL - ok
20:54:24.0562 2432 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:54:24.0625 2432 WudfPf - ok
20:54:24.0890 2432 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:54:24.0921 2432 WudfRd - ok
20:54:25.0015 2432 XDva296 - ok
20:54:25.0078 2432 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:54:25.0609 2432 \Device\Harddisk0\DR0 - ok
20:54:25.0609 2432 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
20:54:26.0031 2432 \Device\Harddisk1\DR2 - ok
20:54:26.0062 2432 Boot (0x1200) (6ab1bb8a34bb284148db36480c7799ad) \Device\Harddisk0\DR0\Partition0
20:54:26.0062 2432 \Device\Harddisk0\DR0\Partition0 - ok
20:54:26.0078 2432 Boot (0x1200) (899c3426de7045a03c06d0b80189ef46) \Device\Harddisk1\DR2\Partition0
20:54:26.0078 2432 \Device\Harddisk1\DR2\Partition0 - ok
20:54:26.0078 2432 ============================================================
20:54:26.0078 2432 Scan finished
20:54:26.0078 2432 ============================================================
20:54:26.0187 0172 Detected object count: 0
20:54:26.0187 0172 Actual detected object count: 0
20:54:54.0375 1756 Deinitialize success
  • 0

#8
Jfenz
Posted 16 February 2012 - 08:30 PM

Jfenz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
aswMBR log - Fix button was not enabled.

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-16 20:57:47
-----------------------------
20:57:47.875 OS Version: Windows 5.1.2600 Service Pack 3
20:57:47.875 Number of processors: 1 586 0x209
20:57:47.875 ComputerName: FENZILWXP-01 UserName: Owner
20:57:50.890 Initialize success
20:58:48.500 AVAST engine defs: 12021601
20:59:20.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:59:20.625 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 76293MB BusType: 3
20:59:20.640 Disk 0 MBR read successfully
20:59:20.640 Disk 0 MBR scan
20:59:20.687 Disk 0 Windows XP default MBR code
20:59:20.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
20:59:20.703 Disk 0 scanning sectors +156232125
20:59:20.781 Disk 0 scanning C:\WINDOWS\system32\drivers
21:00:09.718 Service scanning
21:00:10.812 Modules scanning
21:00:23.750 AVAST engine scan C:\WINDOWS
21:00:44.687 AVAST engine scan C:\WINDOWS\system32
21:05:11.875 AVAST engine scan C:\WINDOWS\system32\drivers
21:05:36.265 AVAST engine scan C:\Documents and Settings\Owner
21:22:10.484 AVAST engine scan C:\Documents and Settings\All Users
21:27:38.906 Scan finished successfully
21:29:02.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
21:29:02.921 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
  • 0

#9
Jfenz
Posted 16 February 2012 - 09:34 PM

Jfenz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
MBAM Log - After rebooting the machine everything appears to be normal but the screen resolution is at 640x480 and it won't allow me to change it.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.16.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Owner :: FENZILWXP-01 [administrator]

2/16/2012 9:36:06 PM
mbam-log-2012-02-16 (21-36-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 284767
Time elapsed: 36 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\WINDOWS\system32\rdpwd.dll (RootKit.0Access.H) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\system32\rdpwd.dll (RootKit.0Access.H) -> Delete on reboot.

(end)
  • 0

#10
Jfenz
Posted 16 February 2012 - 10:09 PM

Jfenz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
OTL Log 1

========== PROCESSES ==========
All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 removed from extensions.enabledItems
Prefs.js: [email protected]:1.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\13elks8o.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\13elks8o.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\META-INF folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\13elks8o.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\13elks8o.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\13elks8o.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Desktop Software not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
File G:\autorun.inf not found.
File H:\autorun.inf not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05924000-870e-11e0-b66b-000f1f57c38e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05924000-870e-11e0-b66b-000f1f57c38e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05924000-870e-11e0-b66b-000f1f57c38e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05924000-870e-11e0-b66b-000f1f57c38e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05924000-870e-11e0-b66b-000f1f57c38e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05924000-870e-11e0-b66b-000f1f57c38e}\ not found.
File D:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{395fef43-201d-11e0-b65b-000f1f57c38e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{395fef43-201d-11e0-b65b-000f1f57c38e}\ not found.
File winlog.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{395fef43-201d-11e0-b65b-000f1f57c38e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{395fef43-201d-11e0-b65b-000f1f57c38e}\ not found.
File winlog.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1f51ae1-f5fb-11e0-b694-000f1f57c38e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1f51ae1-f5fb-11e0-b694-000f1f57c38e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1f51ae1-f5fb-11e0-b694-000f1f57c38e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1f51ae1-f5fb-11e0-b694-000f1f57c38e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1f51ae1-f5fb-11e0-b694-000f1f57c38e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1f51ae1-f5fb-11e0-b694-000f1f57c38e}\ not found.
File D:\setup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af0adb50-8b6b-11dd-b584-000f1f57c38e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af0adb50-8b6b-11dd-b584-000f1f57c38e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af0adb50-8b6b-11dd-b584-000f1f57c38e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af0adb50-8b6b-11dd-b584-000f1f57c38e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af0adb50-8b6b-11dd-b584-000f1f57c38e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af0adb50-8b6b-11dd-b584-000f1f57c38e}\ not found.
File D:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf8dd81c-939c-11dd-b58c-000f1f57c38e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf8dd81c-939c-11dd-b58c-000f1f57c38e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf8dd81c-939c-11dd-b58c-000f1f57c38e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf8dd81c-939c-11dd-b58c-000f1f57c38e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf8dd81c-939c-11dd-b58c-000f1f57c38e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf8dd81c-939c-11dd-b58c-000f1f57c38e}\ not found.
File G:\LaunchU3.exe -a not found.
File C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk not found.
File C:\Documents and Settings\All Users\Application Data\~ipb6kpJc0iCzcir not found.
File C:\Documents and Settings\All Users\Application Data\~ipb6kpJc0iCzci not found.
File C:\Documents and Settings\Owner\Desktop\System Check.lnk not found.
File C:\Documents and Settings\All Users\Application Data\ipb6kpJc0iCzci not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\Todd\Local Settings\Application Data\*.exe not found.
< reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg /c >
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config wacomvhid start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config trcboot start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config lvsrvlauncher start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config IBM_LLC2 start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< net start /c >
These Windows services are started:
Akamai NetSession Interface
Application Layer Gateway Service
Automatic Updates
Background Intelligent Transfer Service
COM+ Event System
Computer Browser
CryptSvc
DCOM Server Process Launcher
DHCP Client
Distributed Link Tracking Client
DNS Client
Error Reporting Service
Event Log
Fast User Switching Compatibility
Help and Support
HID Input Service
HP CUE DeviceDiscovery Service
HP Network Devices Support
hpqcxs08
HTTP SSL
IPSEC Services
Net Driver HPZ12
Network Connections
Network Location Awareness (NLA)
Norton Security Suite
Plug and Play
Pml Driver HPZ12
Print Spooler
Protected Storage
Remote Access Connection Manager
Remote Procedure Call (RPC)
SeaPort
Secondary Logon
Security Accounts Manager
Server
Shell Hardware Detection
SSDP Discovery Service
System Event Notification
System Restore Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Themes
WebClient
Windows Audio
Windows Firewall/Internet Connection Sharing (ICS)
Windows Image Acquisition (WIA)
Windows Live ID Sign-in Assistant
Windows Management Instrumentation
Windows Time
Wireless Zero Configuration
Workstation
wscsvc
The command completed successfully.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default User

User: Erin
->Java cache emptied: 126527 bytes

User: Guest

User: Jack
->Java cache emptied: 29537329 bytes

User: Kevin
->Java cache emptied: 133995856 bytes

User: LocalService

User: NetworkService

User: Owner
->Java cache emptied: 465994001 bytes

User: Stacy
->Java cache emptied: 0 bytes

User: Tom
->Java cache emptied: 53225155 bytes

Total Java Files Cleaned = 651.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Erin
->Flash cache emptied: 149739 bytes

User: Guest

User: Jack
->Flash cache emptied: 22061 bytes

User: Kevin
->Flash cache emptied: 207661 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 44438 bytes

User: Owner
->Flash cache emptied: 2068978 bytes

User: Stacy
->Flash cache emptied: 54068 bytes

User: Tom
->Flash cache emptied: 14825 bytes

Total Flash Files Cleaned = 2.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.32.0 log created on 02162012_230112

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

Advertisements

#11
RKinner
Posted 16 February 2012 - 10:22 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
You might need unhide.exe:

Download, Save and Right click on unhide.exe and Run As Administrator from

http://download.blee...nler/unhide.exe
  • 0

#12
Jfenz
Posted 16 February 2012 - 10:28 PM

Jfenz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
OTL logfile created on: 2/16/2012 11:11:19 PM - Run 2
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 70.94% Memory free
3.85 Gb Paging File | 3.46 Gb Available in Paging File | 89.90% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4084 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 27.98 Gb Free Space | 37.56% Space Free | Partition Type: NTFS
Drive H: | 297.44 Gb Total Space | 160.57 Gb Free Space | 53.98% Space Free | Partition Type: NTFS

Computer Name: FENZILWXP-01 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/15 22:19:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/02/12 11:20:49 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/18 13:54:06 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/12 11:20:47 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/09 15:53:21 | 003,340,064 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_7de0ed9.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/20 20:42:16 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (wacomvhid)
SRV - File not found [Auto | Stopped] -- -- (vclone)
SRV - File not found [Disabled | Stopped] -- -- (trcboot)
SRV - File not found [Disabled | Stopped] -- -- (lvsrvlauncher)
SRV - File not found [Disabled | Stopped] -- -- (IBM_LLC2)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2012/02/09 15:53:21 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2011/01/14 12:41:22 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - [2012/02/03 22:08:19 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/03 22:08:18 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/15 18:33:22 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120216.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/11/30 21:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120207.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/08 15:15:56 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120216.018\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/08 15:15:56 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120216.018\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/08 15:15:35 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 20:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/30 22:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2011/03/30 22:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS -- (SymIRON)
DRV - [2009/02/06 17:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2007/12/04 16:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/06/30 17:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local;127.0.0.1:9421;

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.c...lcache=2&hl=en"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/16 20:19:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/12 14:04:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_5_2 [2012/02/16 23:07:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/12 11:20:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/13 17:23:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/16 20:19:07 | 000,000,000 | ---D | M]

[2008/09/28 09:48:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/11/14 06:33:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\13elks8o.default\extensions
[2009/12/30 18:59:59 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\13elks8o.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 04:48:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\13elks8o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/29 18:06:02 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\13elks8o.default\searchplugins\live-search.xml
[2011/09/06 19:39:28 | 000,002,468 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\13elks8o.default\searchplugins\safesearch.xml
[2011/11/15 19:24:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/12 11:20:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/12 11:20:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/12 11:20:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\WINDOWS\system32\npOGPPlugin.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/02/16 23:04:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFA15693-F9E8-44FC-97CB-827E847CDD43}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/14 10:35:36 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/09/25 20:07:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: IBM_LLC2 - File not found
NetSvcs: trcboot - File not found
NetSvcs: vclone - File not found
NetSvcs: wacomvhid - File not found
NetSvcs: lvsrvlauncher - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: Sonic RecordNow! - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/16 23:01:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/16 22:54:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/16 19:37:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/16 19:37:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/16 19:37:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/16 19:37:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/16 19:37:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/16 19:37:12 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/16 19:21:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/16 19:21:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/02/16 19:17:09 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2012/02/16 19:17:05 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/16 19:17:01 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/02/16 19:16:58 | 004,406,022 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/02/15 22:19:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/02/15 21:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\FixZeroAccess
[2012/02/15 21:52:10 | 001,766,312 | ---- | C] (Symantec Corporation) -- C:\FixZeroAccess.exe
[2012/02/15 21:41:25 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\`
[2012/02/15 20:58:57 | 000,335,504 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2012/02/15 19:37:37 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/15 01:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2012/02/14 21:36:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Recent
[2012/02/14 20:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2012/02/14 20:18:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/14 20:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller
[2012/02/14 19:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tific
[2012/02/13 19:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NPE
[2012/02/13 19:20:08 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\FixTDSS.exe
[2012/02/13 00:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\SanctionedMedia
[2012/02/02 18:10:55 | 018,189,979 | ---- | C] (Belkin ) -- C:\Documents and Settings\All Users\Documents\f5d7050v4010setup.exe
[2012/01/30 19:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/30 19:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/01/24 19:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Stacy
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/16 23:13:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-963894560-839522115-1004UA.job
[2012/02/16 23:12:02 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-963894560-839522115-1003UA.job
[2012/02/16 23:06:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/16 23:04:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/16 23:01:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-963894560-839522115-1009UA.job
[2012/02/16 22:52:45 | 000,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/16 22:20:50 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/16 21:29:02 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/02/16 19:47:20 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/16 19:11:38 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/16 19:10:42 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/02/16 19:09:10 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2012/02/16 19:07:40 | 004,406,022 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/02/15 22:19:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/02/15 21:52:05 | 001,766,312 | ---- | M] (Symantec Corporation) -- C:\FixZeroAccess.exe
[2012/02/15 21:46:48 | 000,335,504 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2012/02/15 21:43:11 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netbt.sys
[2012/02/15 21:41:25 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\`
[2012/02/15 21:30:00 | 000,456,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2012/02/15 20:58:22 | 000,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2012/02/15 20:01:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-963894560-839522115-1009Core.job
[2012/02/15 19:13:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-963894560-839522115-1004Core.job
[2012/02/15 19:12:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-963894560-839522115-1003Core.job
[2012/02/14 21:25:49 | 000,006,184 | ---- | M] () -- C:\{79208E9F-0D70-4C71-9D90-FC84EEE0E691}
[2012/02/13 19:52:02 | 007,279,953 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\SMRBackup250.dat
[2012/02/13 19:52:02 | 000,000,220 | -HS- | M] () -- C:\boot.ini
[2012/02/13 19:15:48 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\FixTDSS.exe
[2012/02/13 18:36:39 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/13 08:37:33 | 000,684,822 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0502000.00D\Cat.DB
[2012/02/06 19:00:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\defrag.job
[2012/02/05 10:27:01 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/05 10:27:00 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
[2012/02/02 18:10:55 | 018,189,979 | ---- | M] (Belkin ) -- C:\Documents and Settings\All Users\Documents\f5d7050v4010setup.exe
[2012/02/02 16:51:07 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0502000.00D\isolate.ini
[2012/01/29 15:22:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/25 21:12:08 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/16 21:29:02 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/02/16 19:59:31 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/02/16 19:59:03 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/02/16 19:59:02 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/02/16 19:59:02 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
[2012/02/16 19:59:02 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/16 19:59:02 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/02/16 19:59:01 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2012/02/16 19:37:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/16 19:37:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/16 19:37:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/16 19:37:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/16 19:37:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/14 21:25:49 | 000,006,184 | ---- | C] () -- C:\{79208E9F-0D70-4C71-9D90-FC84EEE0E691}
[2012/02/13 19:48:34 | 007,279,953 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\SMRBackup250.dat
[2012/02/13 00:13:25 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2011/07/09 13:54:34 | 000,173,043 | ---- | C] () -- C:\WINDOWS\hpoins46.dat
[2011/07/09 13:54:34 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat
[2011/06/07 13:23:24 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/12 14:09:18 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/02 10:12:08 | 000,000,221 | ---- | C] () -- C:\WINDOWS\DC_Manager.ini
[2011/01/07 11:42:18 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/01/06 11:13:06 | 000,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2010/11/18 07:31:13 | 000,205,614 | ---- | C] () -- C:\WINDOWS\hpoins46.dat.temp
[2010/11/18 07:31:13 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat.temp
[2010/01/13 20:06:20 | 000,003,663 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2010/01/04 22:44:30 | 000,041,504 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/20 20:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/08/16 12:18:07 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/26 09:37:04 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/04/15 18:52:43 | 001,085,616 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009/04/15 18:52:43 | 000,014,373 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2009/01/07 22:32:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PasswordsPlus.INI
[2008/12/26 12:23:53 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/28 14:54:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/28 09:48:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/28 08:09:24 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/09/28 08:06:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/09/27 18:27:39 | 000,004,627 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2008/09/25 20:47:33 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/09/25 20:10:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/25 20:04:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/25 01:57:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/25 01:56:20 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,497,242 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,085,742 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/03/26 17:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2012/02/13 19:15:48 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\FixTDSS.exe
[2012/02/15 21:52:05 | 001,766,312 | ---- | M] (Symantec Corporation) -- C:\FixZeroAccess.exe

< %SYSTEMDRIVE%\*.exe >
[2012/02/13 19:15:48 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\FixTDSS.exe
[2012/02/15 21:52:05 | 001,766,312 | ---- | M] (Symantec Corporation) -- C:\FixZeroAccess.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2009/08/29 16:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AccurateRip
[2008/10/20 17:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2009/04/10 11:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2011/12/06 19:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2010/02/21 09:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Arcsoft
[2011/01/09 12:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ArcSoft Backup Application
[2011/01/14 12:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk
[2010/01/04 22:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG8
[2008/10/15 18:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/13 20:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\dBpoweramp
[2010/02/19 19:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Download Manager
[2012/02/16 23:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2010/02/11 05:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eMusic
[2010/06/16 05:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2012/02/15 21:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FixZeroAccess
[2011/01/25 11:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2010/02/19 21:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN
[2011/03/03 09:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Google
[2010/03/27 11:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Help
[2011/01/06 11:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HotSync
[2010/11/18 08:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HP
[2010/02/21 09:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HP SimpleSave Application
[2011/07/02 12:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HPAppData
[2011/01/09 13:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HPSS
[2011/09/03 16:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HpUpdate
[2008/09/25 20:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2011/03/02 10:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IMSIDesign
[2008/09/28 08:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Intuit
[2008/12/09 21:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/09/25 20:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2012/02/14 20:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/09/08 05:05:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2010/08/28 06:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Move Networks
[2008/09/28 09:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2009/08/24 05:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSN6
[2009/04/11 09:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2012/02/13 06:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PrimoPDF
[2008/12/09 21:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sonic
[2012/01/08 12:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony Corporation
[2008/11/24 18:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2012/02/14 19:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific
[2012/02/16 18:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\U3
[2012/02/16 22:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent


< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/27 08:55:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/27 08:55:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Owner\Application Data\FixZeroAccess\Archive\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/12 11:20:25 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/12 11:20:25 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/12 11:20:25 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/12 11:20:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/12 11:20:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/12 11:20:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Owner\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Owner\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Owner\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Owner\shell\open\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/12 11:20:25 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/12 11:20:25 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/12 11:20:25 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/12 11:20:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/12 11:20:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/12 11:20:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Owner\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Owner\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Owner\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Owner\shell\open\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB49322$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

OTL Extras logfile created on: 2/16/2012 11:11:19 PM - Run 2
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 70.94% Memory free
3.85 Gb Paging File | 3.46 Gb Available in Paging File | 89.90% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4084 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 27.98 Gb Free Space | 37.56% Space Free | Partition Type: NTFS
Drive H: | 297.44 Gb Total Space | 160.57 Gb Free Space | 53.98% Space Free | Partition Type: NTFS

Computer Name: FENZILWXP-01 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"1045:TCP" = 1045:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS1656\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS1656\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS42AE\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS42AE\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS7A87\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS7A87\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Documents and Settings\Owner\Desktop\utorrent.exe" = C:\Documents and Settings\Owner\Desktop\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver 14.0 Rel. 7
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{55C4B9E9-39C8-4BD6-9BCF-41BE40393A5F}" = D110
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EBCBA952-DA46-4687-9784-D8B4E25A6B14}" = Passwords Plus
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F80BD4BC-06B8-488E-A62E-C4755013DD71}" = Network
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 10.0.1 (x86 en-US)" = Mozilla Firefox 10.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton Security Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/12/2012 6:41:26 PM | Computer Name = FENZILWXP-01 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 1/29/2012 11:28:29 PM | Computer Name = FENZILWXP-01 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 9.0.1.4371, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/29/2012 11:29:49 PM | Computer Name = FENZILWXP-01 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 9.0.1.4371, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/29/2012 11:29:58 PM | Computer Name = FENZILWXP-01 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 9.0.1.4371, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/31/2012 8:57:48 PM | Computer Name = FENZILWXP-01 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 16.0.912.75, faulting module
chrome.dll, version 16.0.912.75, fault address 0x001414f9.

Error - 2/1/2012 9:26:50 PM | Computer Name = FENZILWXP-01 | Source = Application Error | ID = 1000
Description = Faulting application asoelnch.exe, version 18.6.0.29, faulting module
asoelnch.exe, version 18.6.0.29, fault address 0x00001a6d.

Error - 2/16/2012 7:17:54 AM | Computer Name = FENZILWXP-01 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2/16/2012 7:38:55 AM | Computer Name = FENZILWXP-01 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2/16/2012 7:02:17 PM | Computer Name = FENZILWXP-01 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2/16/2012 7:55:26 PM | Computer Name = FENZILWXP-01 | Source = JavaQuickStarterService | ID = 1
Description =

[ System Events ]
Error - 2/16/2012 11:53:13 PM | Computer Name = FENZILWXP-01 | Source = Service Control Manager | ID = 7023
Description = The Qhwscsvc service terminated with the following error: %%126

Error - 2/16/2012 11:53:14 PM | Computer Name = FENZILWXP-01 | Source = Service Control Manager | ID = 7023
Description = The CTSYN service terminated with the following error: %%126

Error - 2/16/2012 11:53:14 PM | Computer Name = FENZILWXP-01 | Source = Service Control Manager | ID = 7023
Description = The Adpu320 service terminated with the following error: %%126

Error - 2/16/2012 11:53:14 PM | Computer Name = FENZILWXP-01 | Source = Service Control Manager | ID = 7023
Description = The Tosrfbnp service terminated with the following error: %%126

Error - 2/16/2012 11:53:20 PM | Computer Name = FENZILWXP-01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom OMCI PxHelp20

Error - 2/17/2012 12:01:13 AM | Computer Name = FENZILWXP-01 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/17/2012 12:01:13 AM | Computer Name = FENZILWXP-01 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2/17/2012 12:01:14 AM | Computer Name = FENZILWXP-01 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 2/17/2012 12:06:39 AM | Computer Name = FENZILWXP-01 | Source = Service Control Manager | ID = 7023
Description = The Adpu320 service terminated with the following error: %%126

Error - 2/17/2012 12:06:47 AM | Computer Name = FENZILWXP-01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom OMCI PxHelp20


< End of report >
  • 0

#13
RKinner
Posted 16 February 2012 - 10:41 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
How does it look now?

Let's check for damages.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#14
Jfenz
Posted 17 February 2012 - 06:45 AM

Jfenz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Everything seems ok with the exception of the screen resolution. It still seems a bit sluggish, but all functionality seems to be restored. I'll follow your check for damages instructions tonight. Do I still need unhide.exe? I wasn't aware you were online last night and didn't see that post until now.
  • 0

#15
RKinner
Posted 17 February 2012 - 10:24 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
unhide makes hidden programs and links visible. If everything is back to normal you don't need it.

Sounds like you need a new video driver. What make and mode PC is this?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP