Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan infected Dell Latitude [Closed]


  • This topic is locked This topic is locked

#1
GregMiller

GregMiller

    Member

  • Member
  • PipPipPip
  • 210 posts
The Dell Latitude D620 was obviously infected when it directed me to different websites and took a long time to move on after periodic freezes. These are the system specs:

XP Propfessional
v 2002 SP 3
Intel Core 2 CPU
T7200 2.00 Hgz
997 Mhz 2.00 GB RAM

I ran a pre-boot scan by Avast anti virus and it detected multiple versions of these malwares: They were generally all in the Windows folder and then in some of the program folders

Win32: FakeSysdefs-A Trj
Win32: ZAccess-EF trj
WIN 32: Downloader -MMC trj
Win32: Alureon-ANP rtk
Win32: Malob-GR Cryp


I rebooted and still got Avast messages that there was malware objects and it was advising me to do the scan again. I ran the program to update Avast - both the virus definitions and the program itself before I ran the pre-boot scan.

Here is the OTL log that I ran immediately after the Avast scan:

OTL logfile created on: 2/26/2012 12:55:54 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Guest3\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.40% Memory free
2.58 Gb Paging File | 2.11 Gb Available in Paging File | 81.65% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 37.56 Gb Free Space | 50.39% Space Free | Partition Type: NTFS

Computer Name: UMDGPH0NB1 | User Name: Guest3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/26 12:54:36 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest3\My Documents\Downloads\OTL.exe
PRC - [2012/02/23 11:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/02/23 11:23:21 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/12/21 02:03:13 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/06/02 19:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2008/08/20 15:38:30 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/08/20 15:27:36 | 001,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/08/20 15:18:34 | 000,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/08/20 15:09:12 | 001,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/08/20 15:08:02 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/20 16:55:46 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/07/20 16:53:52 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2005/10/07 14:13:38 | 000,176,128 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 16:41:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/06/28 23:56:12 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/26 03:19:47 | 001,716,224 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12022602\algo.dll
MOD - [2011/12/21 02:03:16 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/09/01 20:08:24 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/06/02 19:51:08 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/06/02 19:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2008/08/20 15:10:50 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
MOD - [2007/07/20 16:56:14 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2007/07/16 11:58:10 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NMSAccess)
SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)
SRV - [2012/02/23 11:23:21 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/18 13:47:40 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/20 15:38:30 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/08/20 15:18:34 | 000,905,216 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/08/20 15:08:02 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2007/07/20 16:53:52 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2012/02/23 11:12:28 | 000,610,648 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/02/23 11:12:16 | 000,337,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/02/23 11:10:46 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/02/23 11:10:39 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/02/23 11:10:25 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/02/23 11:10:16 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/23 11:07:33 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/28 22:34:30 | 003,632,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/08/04 10:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/07/26 14:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 14:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/03/13 02:25:36 | 002,530,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/07/16 11:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/31 00:37:18 | 000,056,320 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/05/11 14:55:34 | 000,093,568 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2005/12/05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/02 13:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/28 20:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/17 20:12:40 | 000,204,800 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aarich.sys -- (aarich)
DRV - [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/02/17 22:05:16 | 000,218,112 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\a320raid.sys -- (a320raid)
DRV - [2004/04/07 16:14:30 | 000,048,140 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\aac.sys -- (aac)
DRV - [2003/04/28 10:15:38 | 000,140,544 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2001/08/17 11:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.umd.edu
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {b17b1928-6018-4fdc-88ee-cc98f0135477}:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/19 22:12:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/21 02:03:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.17\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/22 21:38:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.17\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/09/10 16:22:26 | 000,000,000 | ---D | M]

[2011/01/12 22:56:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guest3\Application Data\Mozilla\Extensions
[2012/02/26 12:59:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guest3\Application Data\Mozilla\Firefox\Profiles\89xf9qfr.default\extensions
[2011/01/13 06:01:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Guest3\Application Data\Mozilla\Firefox\Profiles\89xf9qfr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/18 14:42:27 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Guest3\Application Data\Mozilla\Firefox\Profiles\89xf9qfr.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}
[2012/02/26 12:59:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/21 19:29:07 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/10/12 19:02:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/12 19:02:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/12 19:02:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QimMTimICgL.exe] C:\Documents and Settings\All Users\Application Data\QimMTimICgL.exe File not found
O4 - HKLM..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10w_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1179673389281 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1223565266609 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC3DEEBC-DEDC-4B9A-9387-3BF5756B40A6}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/10 17:09:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (pgdfgsvc C 1)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: mqbkkrnl - (C:\WINDOWS\system32\cmstdupd.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/26 12:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest3\My Documents\Downloads
[2012/02/26 11:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest3\Local Settings\Application Data\AIM Toolbar
[2012/02/26 11:03:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Guest3\Recent
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/26 12:49:55 | 001,679,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/26 12:49:55 | 000,771,762 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/26 12:49:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/26 12:48:56 | 000,169,875 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/02/26 12:48:56 | 000,140,569 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/02/26 12:48:48 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/26 12:48:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/26 12:46:31 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/02/26 11:17:02 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/23 11:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/02/23 11:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/02/23 11:12:28 | 000,610,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/02/23 11:12:16 | 000,337,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/02/23 11:10:46 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/02/23 11:10:39 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/02/23 11:10:25 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/02/23 11:10:22 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/02/23 11:10:16 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/02/23 11:07:33 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/21 18:46:59 | 000,000,432 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LDMPQCdrBlgFTR
[2012/01/08 21:47:00 | 000,012,404 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ub245cl057ixwy67262hj75138h74sl486k3sp1n5hw265
[2011/12/26 16:06:26 | 000,010,428 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\06xp1102x88ndgc76kybh54u05b74u2o
[2011/07/25 09:03:53 | 000,048,586 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02030a.dtd
[2011/01/17 13:33:58 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\wbuahj.sys
[2010/04/15 06:45:46 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/03 18:17:13 | 000,011,772 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8s32
[2010/03/16 19:30:53 | 000,014,224 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\p4RkMAQM
[2010/03/05 13:19:39 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini

========== LOP Check ==========

[2009/01/26 16:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2011/01/17 13:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2007/04/11 08:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2009/02/04 01:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/09/10 16:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/12/30 13:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/08/10 18:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/06/10 00:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/06/07 23:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Watermark Factory
[2012/01/21 18:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest3\Application Data\Windows Search

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
GregMiller

GregMiller

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
I just remembered. I went into programs - accessories- system tools but the folder was empty!

I also would like to wipe all remnants of AIM off this machine.

When this is clean I'd lie to also take off all bloatware that isn't already gone, restore Windows explorer and delete Mozilla Firefox. They seem to be conflicting.

I simply want a machine for word processing and periodic, limited internet lookup. That's my goal.
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay, could you update me on the current problems please

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#4
GregMiller

GregMiller

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
OTL Extras logfile created on: 3/4/2012 11:56:09 AM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Guest2\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.16% Memory free
2.58 Gb Paging File | 2.06 Gb Available in Paging File | 79.54% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 37.41 Gb Free Space | 50.20% Space Free | Partition Type: NTFS

Computer Name: UMDGPH0NB1 | User Name: Guest2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service
"C:\Program Files\Symantec\Ghost\GhostSrv.exe" = C:\Program Files\Symantec\Ghost\GhostSrv.exe:*:Enabled:Symantec GhostCast Server
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )
"C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe" = C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent Media Player -- (StreamTorrent)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Mmiller\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Mmiller\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Cisco Systems VPN Client 5.0.01.0600
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel® PROSet/Wireless WiFi Software
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71D9B000-CD43-4DE9-9729-49434415B8F7}" = F300Trb
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{808C1CB2-5632-4ABF-B4D2-4B54519E3A9A}" = Cheetah CD Burner
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires Expansion Trial 1.00" = Microsoft Age of Empires Expansion Trial
"AIM Toolbar" = AIM Toolbar
"Ask Toolbar_is1" = Ask Toolbar
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"avast" = avast! Free Antivirus
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0 (build 25)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HPExtendedCapabilities" = HP Extended Capabilities 6.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"Mozilla Thunderbird (3.1.17)" = Mozilla Thunderbird (3.1.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"QFG5: Dragon Fire" = Quest for Glory V: Dragon Fire
"QuickTime 3.0" = QuickTime 3.0
"RocketDock_is1" = RocketDock 1.3.5
"Sierra Utilities" = Sierra Utilities
"StreamTorrent 1.0" = StreamTorrent 1.0
"TomTom HOME" = TomTom HOME 2.7.5.2014
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.3
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/26/2012 1:43:49 PM | Computer Name = UMDGPH0NB1 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 2/26/2012 1:43:49 PM | Computer Name = UMDGPH0NB1 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 2/26/2012 1:49:51 PM | Computer Name = UMDGPH0NB1 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 2/26/2012 1:49:51 PM | Computer Name = UMDGPH0NB1 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 2/26/2012 2:13:36 PM | Computer Name = UMDGPH0NB1 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.33.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/4/2012 12:40:44 PM | Computer Name = UMDGPH0NB1 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 3/4/2012 12:40:44 PM | Computer Name = UMDGPH0NB1 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 3/4/2012 12:42:47 PM | Computer Name = UMDGPH0NB1 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 3/4/2012 12:42:47 PM | Computer Name = UMDGPH0NB1 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 3/4/2012 12:44:19 PM | Computer Name = UMDGPH0NB1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17106, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 8/10/2009 9:30:35 PM | Computer Name = UMDGPH0NB1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/10/2009 9:30:47 PM | Computer Name = UMDGPH0NB1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/10/2009 9:30:58 PM | Computer Name = UMDGPH0NB1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 31
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/26/2009 1:08:32 AM | Computer Name = UMDGPH0NB1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9641
seconds with 240 seconds of active time. This session ended with a crash.

Error - 3/9/2011 2:36:38 PM | Computer Name = UMDGPH0NB1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 102965
seconds with 1620 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/26/2012 1:49:22 PM | Computer Name = UMDGPH0NB1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
vmscsi

Error - 2/26/2012 1:49:33 PM | Computer Name = UMDGPH0NB1 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 2/26/2012 1:49:51 PM | Computer Name = UMDGPH0NB1 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 2/26/2012 1:49:51 PM | Computer Name = UMDGPH0NB1 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 2/26/2012 1:49:55 PM | Computer Name = UMDGPH0NB1 | Source = Service Control Manager | ID = 7023
Description = The WMI Performance Adapter service terminated with the following
error: %%2147500037

Error - 3/4/2012 12:40:39 PM | Computer Name = UMDGPH0NB1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
vmscsi

Error - 3/4/2012 12:40:48 PM | Computer Name = UMDGPH0NB1 | Source = Service Control Manager | ID = 7023
Description = The WMI Performance Adapter service terminated with the following
error: %%2147500037

Error - 3/4/2012 12:42:01 PM | Computer Name = UMDGPH0NB1 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 3/4/2012 12:42:02 PM | Computer Name = UMDGPH0NB1 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 3/4/2012 12:42:02 PM | Computer Name = UMDGPH0NB1 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.


< End of report >

OTL logfile created on: 3/4/2012 11:56:09 AM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Guest2\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.16% Memory free
2.58 Gb Paging File | 2.06 Gb Available in Paging File | 79.54% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 37.41 Gb Free Space | 50.20% Space Free | Partition Type: NTFS

Computer Name: UMDGPH0NB1 | User Name: Guest2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/04 11:54:06 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest2\Desktop\OTL.exe
PRC - [2012/02/23 11:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/02/23 11:23:21 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/06/02 19:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2008/10/07 14:09:18 | 000,140,584 | ---- | M] (AOL LLC.) -- c:\Program Files\AIM Toolbar\aimtbServer.exe
PRC - [2008/08/20 15:38:30 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/08/20 15:27:36 | 001,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/08/20 15:18:34 | 000,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/08/20 15:09:12 | 001,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/08/20 15:08:02 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/20 16:55:46 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/07/20 16:53:52 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2005/10/07 14:13:38 | 000,176,128 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 16:41:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/06/28 23:56:12 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/04 04:48:05 | 001,721,344 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12030400\algo.dll
MOD - [2012/02/26 03:19:47 | 001,716,224 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12022602\algo.dll
MOD - [2010/06/02 19:51:08 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/06/02 19:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2008/10/07 14:09:22 | 000,177,448 | ---- | M] () -- c:\Program Files\AIM Toolbar\apopup.dll
MOD - [2008/08/20 15:10:50 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
MOD - [2007/07/20 16:56:14 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2007/07/16 11:58:10 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NMSAccess)
SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)
SRV - [2012/02/23 11:23:21 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/18 13:47:40 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/20 15:38:30 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/08/20 15:18:34 | 000,905,216 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/08/20 15:08:02 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2007/07/20 16:53:52 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- -- (vmscsi)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (omci)
DRV - File not found [Kernel | System | Stopped] -- -- (mferkdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.serial)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.redbook)
DRV - [2012/02/23 11:12:28 | 000,610,648 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/02/23 11:12:16 | 000,337,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/02/23 11:10:46 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/02/23 11:10:39 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/02/23 11:10:25 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/02/23 11:10:16 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/23 11:07:33 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/28 22:34:30 | 003,632,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/08/04 10:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/07/26 14:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 14:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/03/13 02:25:36 | 002,530,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/07/16 11:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/31 00:37:18 | 000,056,320 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/05/11 14:55:34 | 000,093,568 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2005/12/05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/02 13:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/28 20:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/17 20:12:40 | 000,204,800 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aarich.sys -- (aarich)
DRV - [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/02/17 22:05:16 | 000,218,112 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\a320raid.sys -- (a320raid)
DRV - [2004/04/07 16:14:30 | 000,048,140 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\aac.sys -- (aac)
DRV - [2003/04/28 10:15:38 | 000,140,544 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2001/08/17 11:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1801674531-1078145449-682003330-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.umd.edu
IE - HKU\S-1-5-21-1801674531-1078145449-682003330-1007\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1801674531-1078145449-682003330-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-1801674531-1078145449-682003330-1007\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKU\S-1-5-21-1801674531-1078145449-682003330-1007\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADBF_enUS312
IE - HKU\S-1-5-21-1801674531-1078145449-682003330-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {b17b1928-6018-4fdc-88ee-cc98f0135477}:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/19 22:12:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/21 02:03:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.17\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/22 21:38:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.17\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/09/10 16:22:26 | 000,000,000 | ---D | M]

[2011/11/09 20:16:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guest2\Application Data\Mozilla\Extensions
[2012/03/04 11:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guest2\Application Data\Mozilla\Firefox\Profiles\qgn3mkj1.default\extensions
[2012/03/04 11:45:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Guest2\Application Data\Mozilla\Firefox\Profiles\qgn3mkj1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/18 14:42:27 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Guest2\Application Data\Mozilla\Firefox\Profiles\qgn3mkj1.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}
[2012/03/04 11:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/21 19:29:07 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/10/12 19:02:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/12 19:02:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/12 19:02:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1801674531-1078145449-682003330-1007\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QimMTimICgL.exe] C:\Documents and Settings\All Users\Application Data\QimMTimICgL.exe File not found
O4 - HKLM..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-1801674531-1078145449-682003330-1007..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-1078145449-682003330-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1179673389281 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1223565266609 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC3DEEBC-DEDC-4B9A-9387-3BF5756B40A6}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/10 17:09:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (pgdfgsvc C 1)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: mqbkkrnl - (C:\WINDOWS\system32\cmstdupd.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/04 11:53:39 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Guest2\Desktop\OTL.exe
[2012/03/04 11:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest2\Local Settings\Application Data\AIM Toolbar
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/04 11:54:06 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest2\Desktop\OTL.exe
[2012/03/04 11:42:50 | 001,680,856 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/04 11:42:50 | 000,772,850 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/04 11:41:54 | 000,140,569 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/03/04 11:41:47 | 000,169,875 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/03/04 11:41:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/04 11:41:36 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/04 11:40:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/26 13:17:01 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/26 12:46:31 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/02/23 11:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/02/23 11:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/02/23 11:12:28 | 000,610,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/02/23 11:12:16 | 000,337,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/02/23 11:10:46 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/02/23 11:10:39 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/02/23 11:10:25 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/02/23 11:10:22 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/02/23 11:10:16 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/02/23 11:07:33 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/21 18:46:59 | 000,000,432 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LDMPQCdrBlgFTR
[2012/01/08 21:47:00 | 000,012,404 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ub245cl057ixwy67262hj75138h74sl486k3sp1n5hw265
[2011/12/26 16:06:26 | 000,010,428 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\06xp1102x88ndgc76kybh54u05b74u2o
[2011/07/25 09:03:53 | 000,048,586 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02030a.dtd
[2011/01/17 13:33:58 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\wbuahj.sys
[2010/04/15 06:45:46 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/03 18:17:13 | 000,011,772 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8s32
[2010/03/16 19:30:53 | 000,014,224 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\p4RkMAQM
[2010/03/05 13:19:39 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini

========== LOP Check ==========

[2008/10/10 07:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ACT 13\Application Data\.purple
[2007/04/18 09:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ACT 13\Application Data\IsolatedStorage
[2007/05/10 07:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ACT 13\Application Data\Thunderbird
[2008/10/09 10:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ACT 13\Application Data\Windows Desktop Search
[2009/01/26 16:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2011/01/17 13:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2007/04/11 08:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2009/02/04 01:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/09/10 16:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/12/30 13:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/08/10 18:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/06/10 00:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/06/07 23:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Watermark Factory
[2012/01/21 18:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest3\Application Data\Windows Search
[2011/02/16 13:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mmiller\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/22 15:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mmiller\Application Data\DVDVideoSoft
[2011/10/22 15:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mmiller\Application Data\DVDVideoSoftIEHelpers
[2010/08/23 22:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mmiller\Application Data\FrostWire
[2011/07/06 06:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mmiller\Application Data\Image Zone Express
[2009/06/13 11:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mmiller\Application Data\Leadertech
[2011/11/14 18:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mmiller\Application Data\Spotify
[2011/08/30 19:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mmiller\Application Data\StreamTorrent
[2011/05/20 18:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mmiller\Application Data\Thunderbird
[2010/08/10 18:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mmiller\Application Data\TomTom
[2009/06/10 00:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mmiller\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/11/01 12:06:52 | 000,215,928 | ---- | M] (Sysinternals) -- C:\pagedfrg.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 6
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{0EF9DBC9-1C86-4E8E-874D-49CA3FCB4BF6}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{12453CF2-10F0-459B-9CC7-4A0A8D9E94B1}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{AB05A10B-03FC-4F00-88A8-E8591F644A0D}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{B206D0E9-DD50-496C-A4D6-DEAE7D4722F8}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{B7A9E600-A1AF-4ADB-B7F8-DA1BF1D23ECD}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{FC3DEEBC-DEDC-4B9A-9387-3BF5756B40A6}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{FC5D42C2-6940-471B-8402-EF562BD52A59}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 06 01 05 01 04 01 03 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 6
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/04 07:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< >

< End of report >

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-04 12:24:10
-----------------------------
12:24:10.618 OS Version: Windows 5.1.2600 Service Pack 3
12:24:10.618 Number of processors: 2 586 0xF06
12:24:10.618 ComputerName: UMDGPH0NB1 UserName: Guest2
12:24:11.634 Initialize success
12:24:15.415 AVAST engine defs: 12030400
12:24:54.431 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:24:54.431 Disk 0 Vendor: ST980813AS 3.ADB Size: 76319MB BusType: 3
12:24:54.478 Disk 0 MBR read successfully
12:24:54.478 Disk 0 MBR scan
12:24:54.556 Disk 0 Windows XP default MBR code
12:24:54.556 Disk 0 MBR hidden
12:24:54.556 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 76316 MB offset 63
12:24:54.587 Disk 0 Partition 2 80 (A) 17 Hidd HPFS/NTFS NTFS 2 MB offset 156296385
12:24:54.587 Disk 0 Partition 2 **INFECTED** MBR:Alureon-K [Rtk]
12:24:54.587 Disk 0 scanning sectors +156301472
12:24:55.868 Disk 0 scanning C:\WINDOWS\system32\drivers
12:25:05.259 Service scanning
12:25:05.587 Service .redbook \? **LOCKED** 123
12:25:05.603 Service .serial \* **LOCKED** 123
12:25:18.728 Modules scanning
12:25:27.978 Disk 0 trace - called modules:
12:25:27.993 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a82afa9]<<
12:25:27.993 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7ddab8]
12:25:27.993 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\00000094[0x8a8c0260]
12:25:27.993 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a847d98]
12:25:27.993 \Driver\atapi[0x8a8c1210] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a82afa9
12:25:28.603 AVAST engine scan C:\WINDOWS
12:25:42.962 AVAST engine scan C:\WINDOWS\system32
12:27:46.493 AVAST engine scan C:\WINDOWS\system32\drivers
12:28:02.478 AVAST engine scan C:\Documents and Settings\Guest2
12:28:27.087 AVAST engine scan C:\Documents and Settings\All Users
12:38:31.540 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Guest2\Desktop\MBR.dat"
12:38:31.556 The log file has been saved successfully to "C:\Documents and Settings\Guest2\Desktop\aswMBR.txt"



I am not sure that the MBR scan was done - it looked like it was so I saved to log. I will try running it again and if the log shows more I'll reply. I am afraid of this computer shutting down and losing all the logs.
  • 0

#5
GregMiller

GregMiller

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
I reran the scan and it looks like it did have more scanning to do The log I am posting does show both scans.



aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-04 12:24:10
-----------------------------
12:24:10.618 OS Version: Windows 5.1.2600 Service Pack 3
12:24:10.618 Number of processors: 2 586 0xF06
12:24:10.618 ComputerName: UMDGPH0NB1 UserName: Guest2
12:24:11.634 Initialize success
12:24:15.415 AVAST engine defs: 12030400
12:24:54.431 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:24:54.431 Disk 0 Vendor: ST980813AS 3.ADB Size: 76319MB BusType: 3
12:24:54.478 Disk 0 MBR read successfully
12:24:54.478 Disk 0 MBR scan
12:24:54.556 Disk 0 Windows XP default MBR code
12:24:54.556 Disk 0 MBR hidden
12:24:54.556 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 76316 MB offset 63
12:24:54.587 Disk 0 Partition 2 80 (A) 17 Hidd HPFS/NTFS NTFS 2 MB offset 156296385
12:24:54.587 Disk 0 Partition 2 **INFECTED** MBR:Alureon-K [Rtk]
12:24:54.587 Disk 0 scanning sectors +156301472
12:24:55.868 Disk 0 scanning C:\WINDOWS\system32\drivers
12:25:05.259 Service scanning
12:25:05.587 Service .redbook \? **LOCKED** 123
12:25:05.603 Service .serial \* **LOCKED** 123
12:25:18.728 Modules scanning
12:25:27.978 Disk 0 trace - called modules:
12:25:27.993 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a82afa9]<<
12:25:27.993 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7ddab8]
12:25:27.993 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\00000094[0x8a8c0260]
12:25:27.993 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a847d98]
12:25:27.993 \Driver\atapi[0x8a8c1210] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a82afa9
12:25:28.603 AVAST engine scan C:\WINDOWS
12:25:42.962 AVAST engine scan C:\WINDOWS\system32
12:27:46.493 AVAST engine scan C:\WINDOWS\system32\drivers
12:28:02.478 AVAST engine scan C:\Documents and Settings\Guest2
12:28:27.087 AVAST engine scan C:\Documents and Settings\All Users
12:38:31.540 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Guest2\Desktop\MBR.dat"
12:38:31.556 The log file has been saved successfully to "C:\Documents and Settings\Guest2\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-04 12:43:59
-----------------------------
12:43:59.400 OS Version: Windows 5.1.2600 Service Pack 3
12:43:59.400 Number of processors: 2 586 0xF06
12:43:59.400 ComputerName: UMDGPH0NB1 UserName: Guest2
12:44:00.446 Initialize success
12:44:03.478 AVAST engine defs: 12030400
12:44:07.071 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:44:07.071 Disk 0 Vendor: ST980813AS 3.ADB Size: 76319MB BusType: 3
12:44:07.134 Disk 0 MBR read successfully
12:44:07.150 Disk 0 MBR scan
12:44:07.150 Disk 0 Windows XP default MBR code
12:44:07.150 Disk 0 MBR hidden
12:44:07.150 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 76316 MB offset 63
12:44:07.196 Disk 0 Partition 2 80 (A) 17 Hidd HPFS/NTFS NTFS 2 MB offset 156296385
12:44:07.196 Disk 0 Partition 2 **INFECTED** MBR:Alureon-K [Rtk]
12:44:07.243 Disk 0 scanning sectors +156301472
12:44:08.618 Disk 0 scanning C:\WINDOWS\system32\drivers
12:44:44.228 Service scanning
12:44:44.571 Service .redbook \? **LOCKED** 123
12:44:44.571 Service .serial \* **LOCKED** 123
12:44:57.759 Modules scanning
12:45:38.071 Disk 0 trace - called modules:
12:45:38.103 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a82afa9]<<
12:45:38.103 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7ddab8]
12:45:38.118 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\00000094[0x8a8c0260]
12:45:38.118 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a847d98]
12:45:38.118 \Driver\atapi[0x8a8c1210] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a82afa9
12:45:39.165 AVAST engine scan C:\WINDOWS
12:46:25.321 AVAST engine scan C:\WINDOWS\system32
12:52:44.884 AVAST engine scan C:\WINDOWS\system32\drivers
12:53:43.150 AVAST engine scan C:\Documents and Settings\Guest2
12:54:55.478 AVAST engine scan C:\Documents and Settings\All Users
13:31:19.931 Scan finished successfully
13:53:45.978 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Guest2\Desktop\MBR.dat"
13:53:45.978 The log file has been saved successfully to "C:\Documents and Settings\Guest2\Desktop\aswMBR.txt"
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets kill the baddest one first



Press the Windows and R key together to open the run box

In the run box type or copy and paste the following :

aswMBR.exe -ap 1

Reboot as soon as aswMBR has completed the run

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.serial)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.redbook)
    O4 - HKLM..\Run: [QimMTimICgL.exe] C:\Documents and Settings\All Users\Application Data\QimMTimICgL.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O36 - AppCertDlls: mqbkkrnl - (C:\WINDOWS\system32\cmstdupd.dll) - File not found
    [2012/01/21 18:46:59 | 000,000,432 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LDMPQCdrBlgFTR
    [2012/01/08 21:47:00 | 000,012,404 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ub245cl057ixwy67262hj75138h74sl486k3sp1n5hw265
    [2011/12/26 16:06:26 | 000,010,428 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\06xp1102x88ndgc76kybh54u05b74u2o
    [2011/07/25 09:03:53 | 000,048,586 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02030a.dtd
    [2011/01/17 13:33:58 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\wbuahj.sys
    [2010/04/03 18:17:13 | 000,011,772 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8s32
    [2010/03/16 19:30:53 | 000,014,224 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\p4RkMAQM

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


NEXT

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
GregMiller

GregMiller

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
At step one when I past tMBR in to the run box I get the error message that it xcannot find aswMBR.exe

Now what?
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I have just found out that this variant messes with aswMBR

So replace the aswMBR step with this please - run it first and then move on to OTL and Combofix

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#9
GregMiller

GregMiller

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
ComboFix 12-03-04.01 - Guest2 03/04/2012 20:13:51.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1627 [GMT -5:00]
Running from: c:\documents and settings\Guest2\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ACT 13\Application Data\Mozilla\Firefox\Profiles\a9iihnj9.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}
c:\documents and settings\ACT 13\Application Data\Mozilla\Firefox\Profiles\a9iihnj9.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}\chrome.manifest
c:\documents and settings\ACT 13\Application Data\Mozilla\Firefox\Profiles\a9iihnj9.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}\chrome\xulcache.jar
c:\documents and settings\ACT 13\Application Data\Mozilla\Firefox\Profiles\a9iihnj9.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}\defaults\preferences\xulcache.js
c:\documents and settings\ACT 13\Application Data\Mozilla\Firefox\Profiles\a9iihnj9.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}\install.rdf
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\kfleuice.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\kfleuice.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}\chrome.manifest
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\kfleuice.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}\chrome\xulcache.jar
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\kfleuice.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}\defaults\preferences\xulcache.js
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\kfleuice.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}\install.rdf
c:\documents and settings\Guest2\Application Data\Mozilla\Firefox\Profiles\qgn3mkj1.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}
c:\documents and settings\Guest2\Application Data\Mozilla\Firefox\Profiles\qgn3mkj1.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}\chrome.manifest
c:\documents and settings\Guest2\Application Data\Mozilla\Firefox\Profiles\qgn3mkj1.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}\chrome\xulcache.jar
c:\documents and settings\Guest2\Application Data\Mozilla\Firefox\Profiles\qgn3mkj1.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}\defaults\preferences\xulcache.js
c:\documents and settings\Guest2\Application Data\Mozilla\Firefox\Profiles\qgn3mkj1.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}\install.rdf
c:\documents and settings\Guest3\Application Data\Mozilla\Firefox\Profiles\89xf9qfr.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}
c:\documents and settings\Guest3\Application Data\Mozilla\Firefox\Profiles\89xf9qfr.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}\chrome.manifest
c:\documents and settings\Guest3\Application Data\Mozilla\Firefox\Profiles\89xf9qfr.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}\chrome\xulcache.jar
c:\documents and settings\Guest3\Application Data\Mozilla\Firefox\Profiles\89xf9qfr.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}\defaults\preferences\xulcache.js
c:\documents and settings\Guest3\Application Data\Mozilla\Firefox\Profiles\89xf9qfr.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}\install.rdf
c:\documents and settings\Mmiller\Application Data\Mozilla\Firefox\Profiles\5mdss29b.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}
c:\documents and settings\Mmiller\Application Data\Mozilla\Firefox\Profiles\5mdss29b.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}\chrome.manifest
c:\documents and settings\Mmiller\Application Data\Mozilla\Firefox\Profiles\5mdss29b.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}\chrome\xulcache.jar
c:\documents and settings\Mmiller\Application Data\Mozilla\Firefox\Profiles\5mdss29b.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}\defaults\preferences\xulcache.js
c:\documents and settings\Mmiller\Application Data\Mozilla\Firefox\Profiles\5mdss29b.default\extensions\{b17b1928-6018-4fdc-88ee-cc98f0135477}\install.rdf
c:\documents and settings\Mmiller\Desktop\System Check.lnk
c:\documents and settings\Mmiller\My Documents\~WRL0001.tmp
c:\documents and settings\Mmiller\My Documents\~WRL0002.tmp
c:\documents and settings\Mmiller\My Documents\~WRL0144.tmp
c:\documents and settings\Mmiller\My Documents\~WRL0274.tmp
c:\documents and settings\Mmiller\My Documents\~WRL0482.tmp
c:\documents and settings\Mmiller\My Documents\~WRL0807.tmp
c:\documents and settings\Mmiller\My Documents\~WRL1217.tmp
c:\documents and settings\Mmiller\My Documents\~WRL1286.tmp
c:\documents and settings\Mmiller\My Documents\~WRL1896.tmp
c:\documents and settings\Mmiller\My Documents\~WRL2040.tmp
c:\documents and settings\Mmiller\My Documents\~WRL3181.tmp
c:\documents and settings\Mmiller\My Documents\~WRL3435.tmp
c:\documents and settings\Mmiller\My Documents\~WRL3643.tmp
c:\documents and settings\Mmiller\My Documents\~WRL3700.tmp
c:\documents and settings\Mmiller\Start Menu\Programs\System Check
c:\documents and settings\Mmiller\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\Mmiller\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\documents and settings\Mmiller\WINDOWS
c:\windows\$NtUninstallKB24113$
c:\windows\$NtUninstallKB24113$\2377908827
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 00:03 . 2012-03-05 00:03 -------- d-----w- C:\_OTL
2012-03-04 23:50 . 2012-03-04 23:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-04 16:42 . 2012-03-04 16:42 -------- d-----w- c:\documents and settings\Guest2\Local Settings\Application Data\AIM Toolbar
2012-02-26 16:16 . 2012-02-26 16:16 -------- d-----w- c:\documents and settings\Guest3\Local Settings\Application Data\AIM Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 16:23 . 2011-01-17 18:48 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:23 . 2011-01-17 18:48 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-23 16:12 . 2011-12-27 04:20 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:12 . 2011-01-17 18:49 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-23 16:10 . 2011-01-17 18:49 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-23 16:10 . 2011-01-17 18:49 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-23 16:10 . 2011-01-17 18:49 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-02-23 16:10 . 2011-01-17 18:49 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-02-23 16:10 . 2011-01-17 18:49 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 16:07 . 2011-01-17 18:49 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-15 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"NvMediaCenter"="NvMCTray.dll" [2008-02-22 86016]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-12-19 421888]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Mmiller^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Mmiller\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 06:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-03-18 13:55 2521464 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 19:31 2144088 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 05:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-15 08:51 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Mmiller\\Application Data\\Spotify\\spotify.exe"=
.
R0 a320raid;a320raid;c:\windows\system32\drivers\A320RAID.SYS [12/12/2006 10:34 AM 218112]
R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\AAC.SYS [12/12/2006 10:34 AM 48140]
R0 aarich;aarich;c:\windows\system32\drivers\AARICH.SYS [12/12/2006 10:34 AM 204800]
R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\MEGASAS.SYS [12/12/2006 10:34 AM 17664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/26/2011 11:20 PM 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/17/2011 1:49 PM 337112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/17/2011 1:49 PM 20696]
S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys --> c:\windows\system32\drivers\vmscsi.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/3/2009 7:48 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/3/2009 7:48 PM 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 00:48]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 00:48]
.
.
------- Supplementary Scan -------
.
uStart Page = www.umd.edu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Guest2\Application Data\Mozilla\Firefox\Profiles\qgn3mkj1.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKLM-Run-ShStatEXE - c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE
HKLM-Run-McAfeeUpdaterUI - c:\program files\McAfee\Common Framework\UdaterUI.exe
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-04 22:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1320)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(4044)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2012-03-04 22:26:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-05 03:25
.
Pre-Run: 47,073,468,416 bytes free
Post-Run: 49,796,571,136 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E40E0C2462EB3B88DFA50B707767FDA9


It took about an hour and a half to run the Combo Fix.

I haven't had a chance to see how this unit runs, so I'm sending you the log.

I'll try it a bit and let you know.

Let me know if you think it's clean or if I should run any other programs.

Thanks so much for the help.
  • 0

#10
GregMiller

GregMiller

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
I had a few minutes to tyr out the system after all those fixes of yesterday. The unit appears to be working fine. No more hesitation and waiting, when you know things are running in the background.

The system is missing all the system tools and programs that are loaded in the computer (in the Program file folder on the C Drive) don't load from the start menu (the menu shows "empty"). But that was the way the computer was before the fixes and riddin gof the trojans and rootkits. I also temporaily desabled Avast but now it seems to have gone away, so one you give me the "all clear" I'll have to have it reinstalled.

So now I just have to find out how to get that stuff back.

This is my son's Dell so I am sure that he didn't make a restore disc and pretty sure that Dell was already in that mode where they no longer sent recovery discs with the new units.

Can you tell me how the logs looked? Does it really look like the ui=nit is totally clean?
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you run the TDSSKiller programme ? As that will take out the final bit

For the files/icons run the following programme and let me know if they return. If not we will re-create them

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.

    [list]
  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop. PLus the TDSSKiller log
  • 0

#12
GregMiller

GregMiller

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
18:48:57.0593 3684 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
18:48:58.0296 3684 ============================================================
18:48:58.0296 3684 Current date / time: 2012/03/04 18:48:58.0296
18:48:58.0296 3684 SystemInfo:
18:48:58.0296 3684
18:48:58.0296 3684 OS Version: 5.1.2600 ServicePack: 3.0
18:48:58.0296 3684 Product type: Workstation
18:48:58.0296 3684 ComputerName: UMDGPH0NB1
18:48:58.0296 3684 UserName: Guest2
18:48:58.0296 3684 Windows directory: C:\WINDOWS
18:48:58.0296 3684 System windows directory: C:\WINDOWS
18:48:58.0296 3684 Processor architecture: Intel x86
18:48:58.0296 3684 Number of processors: 2
18:48:58.0296 3684 Page size: 0x1000
18:48:58.0296 3684 Boot type: Normal boot
18:48:58.0296 3684 ============================================================
18:49:00.0609 3684 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:49:00.0609 3684 \Device\Harddisk0\DR0:
18:49:00.0609 3684 MBR used
18:49:00.0609 3684 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
18:49:00.0640 3684 Initialize success
18:49:00.0640 3684 ============================================================
18:49:20.0046 2620 ============================================================
18:49:20.0046 2620 Scan started
18:49:20.0046 2620 Mode: Manual;
18:49:20.0046 2620 ============================================================
18:49:20.0281 2620 .redbook - ok
18:49:20.0281 2620 .serial - ok
18:49:20.0359 2620 a320raid (28615e07c5b8803841a038418406b98e) C:\WINDOWS\system32\DRIVERS\a320raid.sys
18:49:20.0359 2620 a320raid - ok
18:49:20.0390 2620 aac (74365ea0c390d9af5d2ee720c65be2a9) C:\WINDOWS\system32\DRIVERS\aac.sys
18:49:20.0390 2620 aac - ok
18:49:20.0421 2620 aarich (b7dbe200b5395fe2937ea2b69e413dad) C:\WINDOWS\system32\DRIVERS\aarich.sys
18:49:20.0437 2620 aarich - ok
18:49:20.0484 2620 Aavmker4 (fdba5bb4c8171cda00b2233d5389ee5f) C:\WINDOWS\system32\drivers\Aavmker4.sys
18:49:20.0484 2620 Aavmker4 - ok
18:49:20.0515 2620 Abiosdsk - ok
18:49:20.0546 2620 abp480n5 - ok
18:49:20.0609 2620 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:49:20.0609 2620 ACPI - ok
18:49:20.0671 2620 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:49:20.0671 2620 ACPIEC - ok
18:49:20.0703 2620 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:49:20.0718 2620 adpu160m - ok
18:49:20.0734 2620 adpu320 (e4e13ce4c85c7e45a643ba54b8c8b16b) C:\WINDOWS\system32\drivers\adpu320.sys
18:49:20.0750 2620 adpu320 - ok
18:49:20.0796 2620 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:49:20.0796 2620 aec - ok
18:49:20.0843 2620 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:49:20.0859 2620 AFD - ok
18:49:20.0875 2620 Aha154x - ok
18:49:20.0906 2620 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:49:20.0921 2620 aic78u2 - ok
18:49:20.0937 2620 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:49:20.0937 2620 aic78xx - ok
18:49:20.0968 2620 AliIde - ok
18:49:21.0000 2620 amsint - ok
18:49:21.0046 2620 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
18:49:21.0046 2620 ApfiltrService - ok
18:49:21.0093 2620 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
18:49:21.0093 2620 APPDRV - ok
18:49:21.0125 2620 asc - ok
18:49:21.0140 2620 asc3350p - ok
18:49:21.0156 2620 asc3550 - ok
18:49:21.0218 2620 aswFsBlk (581b82df5dbcc1dda6b775fac0d92472) C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:49:21.0218 2620 aswFsBlk - ok
18:49:21.0234 2620 aswMon2 (4310e0977b48ec9bc5cca6931f806e6d) C:\WINDOWS\system32\drivers\aswMon2.sys
18:49:21.0250 2620 aswMon2 - ok
18:49:21.0281 2620 aswRdr (0b44ee90b3db93582b260a80b28b7ffd) C:\WINDOWS\system32\drivers\aswRdr.sys
18:49:21.0281 2620 aswRdr - ok
18:49:21.0359 2620 aswSnx (ca9601cd277a1e510b80422a40240a95) C:\WINDOWS\system32\drivers\aswSnx.sys
18:49:21.0375 2620 aswSnx - ok
18:49:21.0437 2620 aswSP (05ea22dde5ca7ee3a865046aff2f0229) C:\WINDOWS\system32\drivers\aswSP.sys
18:49:21.0437 2620 aswSP - ok
18:49:21.0484 2620 aswTdi (3ac73a9e7378848d1bde174b4bb39212) C:\WINDOWS\system32\drivers\aswTdi.sys
18:49:21.0484 2620 aswTdi - ok
18:49:21.0515 2620 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:49:21.0515 2620 AsyncMac - ok
18:49:21.0546 2620 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:49:21.0546 2620 atapi - ok
18:49:21.0562 2620 Atdisk - ok
18:49:21.0609 2620 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:49:21.0609 2620 Atmarpc - ok
18:49:21.0671 2620 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:49:21.0671 2620 audstub - ok
18:49:21.0718 2620 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
18:49:21.0734 2620 b57w2k - ok
18:49:21.0781 2620 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
18:49:21.0796 2620 BCM43XX - ok
18:49:21.0828 2620 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:49:21.0828 2620 Beep - ok
18:49:21.0875 2620 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:49:21.0875 2620 cbidf2k - ok
18:49:21.0921 2620 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:49:21.0921 2620 CCDECODE - ok
18:49:21.0953 2620 cd20xrnt - ok
18:49:22.0000 2620 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:49:22.0000 2620 Cdaudio - ok
18:49:22.0046 2620 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:49:22.0046 2620 Cdfs - ok
18:49:22.0093 2620 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:49:22.0109 2620 Cdrom - ok
18:49:22.0156 2620 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
18:49:22.0156 2620 cercsr6 - ok
18:49:22.0203 2620 Changer - ok
18:49:22.0265 2620 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:49:22.0265 2620 CmBatt - ok
18:49:22.0296 2620 CmdIde - ok
18:49:22.0328 2620 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:49:22.0328 2620 Compbatt - ok
18:49:22.0359 2620 Cpqarray - ok
18:49:22.0421 2620 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
18:49:22.0437 2620 CVirtA - ok
18:49:22.0468 2620 CVPNDRVA (26deef07394624247d1f549bd94f0b15) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
18:49:22.0484 2620 CVPNDRVA - ok
18:49:22.0515 2620 dac2w2k - ok
18:49:22.0546 2620 dac960nt - ok
18:49:22.0609 2620 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:49:22.0609 2620 Disk - ok
18:49:22.0656 2620 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:49:22.0703 2620 dmboot - ok
18:49:22.0781 2620 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:49:22.0781 2620 dmio - ok
18:49:22.0828 2620 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:49:22.0828 2620 dmload - ok
18:49:22.0875 2620 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:49:22.0875 2620 DMusic - ok
18:49:22.0921 2620 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
18:49:22.0921 2620 DNE - ok
18:49:22.0968 2620 dpti2o - ok
18:49:23.0046 2620 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:49:23.0062 2620 drmkaud - ok
18:49:23.0109 2620 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:49:23.0125 2620 Fastfat - ok
18:49:23.0171 2620 fasttx2k (b62ba9f5e991d64c28dd75121aa38c81) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
18:49:23.0171 2620 fasttx2k - ok
18:49:23.0203 2620 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:49:23.0218 2620 Fdc - ok
18:49:23.0234 2620 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:49:23.0250 2620 Fips - ok
18:49:23.0265 2620 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:49:23.0281 2620 Flpydisk - ok
18:49:23.0328 2620 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:49:23.0343 2620 FltMgr - ok
18:49:23.0375 2620 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:49:23.0375 2620 Fs_Rec - ok
18:49:23.0421 2620 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:49:23.0421 2620 Ftdisk - ok
18:49:23.0484 2620 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:49:23.0484 2620 Gpc - ok
18:49:23.0515 2620 guardian2 (7dadeb7f2215b1f883267cad67f091c1) C:\WINDOWS\system32\Drivers\oz776.sys
18:49:23.0531 2620 guardian2 - ok
18:49:23.0578 2620 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:49:23.0593 2620 HDAudBus - ok
18:49:23.0625 2620 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:49:23.0625 2620 hidusb - ok
18:49:23.0656 2620 hpn - ok
18:49:23.0718 2620 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:49:23.0734 2620 HPZid412 - ok
18:49:23.0781 2620 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:49:23.0781 2620 HPZipr12 - ok
18:49:23.0796 2620 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:49:23.0812 2620 HPZius12 - ok
18:49:23.0921 2620 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
18:49:23.0937 2620 HSF_DPV - ok
18:49:23.0968 2620 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
18:49:23.0984 2620 HSXHWAZL - ok
18:49:24.0031 2620 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:49:24.0031 2620 HTTP - ok
18:49:24.0062 2620 i2omgmt - ok
18:49:24.0078 2620 i2omp - ok
18:49:24.0109 2620 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:49:24.0109 2620 i8042prt - ok
18:49:24.0156 2620 iastor (1c77a81756d4777ccb0425ae8107fe96) C:\WINDOWS\system32\DRIVERS\iaStor.sys
18:49:24.0171 2620 iastor - ok
18:49:24.0203 2620 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:49:24.0203 2620 Imapi - ok
18:49:24.0218 2620 ini910u - ok
18:49:24.0250 2620 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:49:24.0265 2620 IntelIde - ok
18:49:24.0281 2620 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:49:24.0296 2620 intelppm - ok
18:49:24.0328 2620 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:49:24.0343 2620 Ip6Fw - ok
18:49:24.0375 2620 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:49:24.0390 2620 IpFilterDriver - ok
18:49:24.0421 2620 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:49:24.0421 2620 IpInIp - ok
18:49:24.0468 2620 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:49:24.0484 2620 IpNat - ok
18:49:24.0531 2620 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:49:24.0546 2620 IPSec - ok
18:49:24.0593 2620 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
18:49:24.0593 2620 irda - ok
18:49:24.0625 2620 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:49:24.0625 2620 IRENUM - ok
18:49:24.0656 2620 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:49:24.0656 2620 isapnp - ok
18:49:24.0687 2620 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:49:24.0687 2620 Kbdclass - ok
18:49:24.0734 2620 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:49:24.0734 2620 kbdhid - ok
18:49:24.0796 2620 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:49:24.0812 2620 kmixer - ok
18:49:24.0875 2620 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:49:24.0875 2620 KSecDD - ok
18:49:24.0906 2620 lbrtfdc - ok
18:49:24.0984 2620 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
18:49:24.0984 2620 LVUSBSta - ok
18:49:25.0062 2620 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
18:49:25.0078 2620 mcdbus - ok
18:49:25.0109 2620 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:49:25.0109 2620 mdmxsdk - ok
18:49:25.0156 2620 megasas (b9ca93897ee500c87471d4353707ee43) C:\WINDOWS\system32\drivers\megasas.sys
18:49:25.0156 2620 megasas - ok
18:49:25.0187 2620 mferkdk - ok
18:49:25.0250 2620 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:49:25.0250 2620 mnmdd - ok
18:49:25.0312 2620 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:49:25.0312 2620 Modem - ok
18:49:25.0359 2620 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:49:25.0359 2620 Mouclass - ok
18:49:25.0406 2620 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:49:25.0406 2620 mouhid - ok
18:49:25.0437 2620 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:49:25.0453 2620 MountMgr - ok
18:49:25.0468 2620 mraid35x - ok
18:49:25.0484 2620 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:49:25.0500 2620 MRxDAV - ok
18:49:25.0578 2620 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:49:25.0593 2620 MRxSmb - ok
18:49:25.0640 2620 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:49:25.0640 2620 Msfs - ok
18:49:25.0671 2620 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:49:25.0671 2620 MSKSSRV - ok
18:49:25.0703 2620 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:49:25.0703 2620 MSPCLOCK - ok
18:49:25.0718 2620 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:49:25.0718 2620 MSPQM - ok
18:49:25.0765 2620 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:49:25.0781 2620 mssmbios - ok
18:49:25.0828 2620 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:49:25.0828 2620 MSTEE - ok
18:49:25.0890 2620 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:49:25.0906 2620 Mup - ok
18:49:25.0953 2620 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:49:25.0953 2620 NABTSFEC - ok
18:49:26.0000 2620 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:49:26.0000 2620 NDIS - ok
18:49:26.0046 2620 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:49:26.0046 2620 NdisIP - ok
18:49:26.0093 2620 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:49:26.0109 2620 NdisTapi - ok
18:49:26.0125 2620 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:49:26.0140 2620 Ndisuio - ok
18:49:26.0156 2620 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:49:26.0156 2620 NdisWan - ok
18:49:26.0218 2620 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:49:26.0218 2620 NDProxy - ok
18:49:26.0281 2620 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:49:26.0281 2620 NetBIOS - ok
18:49:26.0328 2620 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:49:26.0343 2620 NetBT - ok
18:49:26.0484 2620 NETw3x32 (f43da6b7e26fff9ac4d3210f2f9b5d8c) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
18:49:26.0546 2620 NETw3x32 - ok
18:49:26.0671 2620 NETw4x32 (d57258165aba8162de8e29d71487fc4b) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
18:49:26.0765 2620 NETw4x32 - ok
18:49:26.0937 2620 NETw5x32 (aa88346ab7849a1cb34bd3424febfece) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
18:49:27.0078 2620 NETw5x32 - ok
18:49:27.0156 2620 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:49:27.0156 2620 Npfs - ok
18:49:27.0203 2620 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:49:27.0234 2620 Ntfs - ok
18:49:27.0281 2620 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:49:27.0281 2620 Null - ok
18:49:27.0562 2620 nv (0390b9368ea20dfb9e416a520b28a555) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:49:27.0828 2620 nv - ok
18:49:27.0906 2620 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:49:27.0906 2620 NwlnkFlt - ok
18:49:27.0937 2620 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:49:27.0937 2620 NwlnkFwd - ok
18:49:27.0953 2620 omci - ok
18:49:28.0062 2620 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:49:28.0078 2620 Parport - ok
18:49:28.0109 2620 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:49:28.0109 2620 PartMgr - ok
18:49:28.0156 2620 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:49:28.0156 2620 ParVdm - ok
18:49:28.0203 2620 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:49:28.0203 2620 PCI - ok
18:49:28.0218 2620 PCIDump - ok
18:49:28.0250 2620 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:49:28.0265 2620 PCIIde - ok
18:49:28.0312 2620 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:49:28.0328 2620 Pcmcia - ok
18:49:28.0343 2620 PDCOMP - ok
18:49:28.0375 2620 PDFRAME - ok
18:49:28.0390 2620 PDRELI - ok
18:49:28.0406 2620 PDRFRAME - ok
18:49:28.0437 2620 perc2 - ok
18:49:28.0468 2620 perc2hib - ok
18:49:28.0609 2620 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
18:49:28.0703 2620 PID_PEPI - ok
18:49:28.0781 2620 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:49:28.0781 2620 PptpMiniport - ok
18:49:28.0812 2620 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:49:28.0812 2620 PSched - ok
18:49:28.0828 2620 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:49:28.0843 2620 Ptilink - ok
18:49:28.0890 2620 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:49:28.0906 2620 PxHelp20 - ok
18:49:28.0921 2620 ql1080 - ok
18:49:28.0937 2620 Ql10wnt - ok
18:49:28.0968 2620 ql12160 - ok
18:49:28.0984 2620 ql1240 - ok
18:49:29.0046 2620 ql1280 - ok
18:49:29.0078 2620 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:49:29.0093 2620 RasAcd - ok
18:49:29.0125 2620 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
18:49:29.0140 2620 Rasirda - ok
18:49:29.0171 2620 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:49:29.0187 2620 Rasl2tp - ok
18:49:29.0203 2620 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:49:29.0218 2620 RasPppoe - ok
18:49:29.0234 2620 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:49:29.0234 2620 Raspti - ok
18:49:29.0281 2620 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:49:29.0281 2620 Rdbss - ok
18:49:29.0312 2620 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:49:29.0312 2620 RDPCDD - ok
18:49:29.0359 2620 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:49:29.0375 2620 rdpdr - ok
18:49:29.0421 2620 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:49:29.0437 2620 RDPWD - ok
18:49:29.0531 2620 s24trans (87940243ea2ad3ebe274f5409c5e9072) C:\WINDOWS\system32\DRIVERS\s24trans.sys
18:49:29.0531 2620 s24trans - ok
18:49:29.0578 2620 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:49:29.0593 2620 Secdrv - ok
18:49:29.0656 2620 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:49:29.0671 2620 serenum - ok
18:49:29.0703 2620 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
18:49:29.0703 2620 Sfloppy - ok
18:49:29.0750 2620 Simbad - ok
18:49:29.0796 2620 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:49:29.0796 2620 SLIP - ok
18:49:29.0843 2620 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
18:49:29.0843 2620 SMCIRDA - ok
18:49:29.0859 2620 Sparrow - ok
18:49:29.0921 2620 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:49:29.0921 2620 splitter - ok
18:49:29.0937 2620 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:49:29.0953 2620 sr - ok
18:49:30.0000 2620 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:49:30.0015 2620 Srv - ok
18:49:30.0125 2620 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
18:49:30.0140 2620 STHDA - ok
18:49:30.0187 2620 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:49:30.0187 2620 streamip - ok
18:49:30.0218 2620 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:49:30.0234 2620 swenum - ok
18:49:30.0250 2620 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:49:30.0265 2620 swmidi - ok
18:49:30.0296 2620 symc810 - ok
18:49:30.0328 2620 symc8xx - ok
18:49:30.0375 2620 Symmpi (e16380d5911fa00e90452f90f49ed352) C:\WINDOWS\system32\DRIVERS\symmpi.sys
18:49:30.0375 2620 Symmpi - ok
18:49:30.0437 2620 sym_hi - ok
18:49:30.0468 2620 sym_u3 - ok
18:49:30.0515 2620 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:49:30.0515 2620 sysaudio - ok
18:49:30.0593 2620 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:49:30.0609 2620 Tcpip - ok
18:49:30.0640 2620 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
18:49:30.0656 2620 TcUsb - ok
18:49:30.0703 2620 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:49:30.0718 2620 TDPIPE - ok
18:49:30.0750 2620 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:49:30.0765 2620 TDTCP - ok
18:49:30.0796 2620 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:49:30.0812 2620 TermDD - ok
18:49:30.0828 2620 TosIde - ok
18:49:30.0890 2620 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:49:30.0890 2620 Udfs - ok
18:49:30.0953 2620 ultra - ok
18:49:31.0000 2620 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:49:31.0015 2620 Update - ok
18:49:31.0109 2620 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:49:31.0125 2620 usbaudio - ok
18:49:31.0140 2620 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:49:31.0156 2620 usbccgp - ok
18:49:31.0203 2620 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
18:49:31.0203 2620 USBCCID - ok
18:49:31.0234 2620 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:49:31.0234 2620 usbehci - ok
18:49:31.0281 2620 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:49:31.0281 2620 usbhub - ok
18:49:31.0328 2620 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:49:31.0328 2620 usbprint - ok
18:49:31.0375 2620 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:49:31.0375 2620 usbscan - ok
18:49:31.0421 2620 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:49:31.0437 2620 USBSTOR - ok
18:49:31.0453 2620 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:49:31.0453 2620 usbuhci - ok
18:49:31.0500 2620 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:49:31.0515 2620 VgaSave - ok
18:49:31.0531 2620 ViaIde - ok
18:49:31.0562 2620 vmscsi - ok
18:49:31.0625 2620 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:49:31.0640 2620 VolSnap - ok
18:49:31.0734 2620 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
18:49:31.0796 2620 w39n51 - ok
18:49:31.0859 2620 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:49:31.0875 2620 Wanarp - ok
18:49:31.0890 2620 WDICA - ok
18:49:31.0921 2620 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:49:31.0937 2620 wdmaud - ok
18:49:32.0000 2620 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
18:49:32.0015 2620 winachsf - ok
18:49:32.0125 2620 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:49:32.0140 2620 WmiAcpi - ok
18:49:32.0187 2620 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:49:32.0203 2620 WpdUsb - ok
18:49:32.0281 2620 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:49:32.0281 2620 WSTCODEC - ok
18:49:32.0328 2620 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:49:32.0328 2620 WudfPf - ok
18:49:32.0359 2620 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:49:32.0359 2620 WudfRd - ok
18:49:32.0406 2620 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:49:32.0437 2620 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
18:49:32.0437 2620 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
18:49:32.0437 2620 Boot (0x1200) (ca73709d59cbe60beb128f618651d507) \Device\Harddisk0\DR0\Partition0
18:49:32.0453 2620 \Device\Harddisk0\DR0\Partition0 - ok
18:49:32.0453 2620 ============================================================
18:49:32.0453 2620 Scan finished
18:49:32.0453 2620 ============================================================
18:49:32.0468 3724 Detected object count: 1
18:49:32.0468 3724 Actual detected object count: 1
18:50:02.0593 3724 \Device\Harddisk0\DR0\# - copied to quarantine
18:50:02.0593 3724 \Device\Harddisk0\DR0 - copied to quarantine
18:50:02.0671 3724 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
18:50:02.0671 3724 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
18:50:02.0687 3724 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
18:50:02.0687 3724 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
18:50:02.0703 3724 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
18:50:02.0703 3724 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
18:50:08.0406 3724 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
18:50:08.0437 3724 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
18:50:08.0531 3724 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
18:50:08.0625 3724 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
18:50:08.0718 3724 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
18:50:08.0859 3724 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
18:50:08.0953 3724 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
18:50:09.0046 3724 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
18:50:09.0062 3724 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
18:50:09.0062 3724 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
18:50:09.0109 3724 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
18:50:09.0109 3724 \Device\Harddisk0\DR0 - ok
18:50:09.0109 3724 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
18:50:17.0328 1844 Deinitialize success


18:50:32.0812 0796 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
18:50:33.0515 0796 ============================================================
18:50:33.0515 0796 Current date / time: 2012/03/04 18:50:33.0515
18:50:33.0515 0796 SystemInfo:
18:50:33.0515 0796
18:50:33.0515 0796 OS Version: 5.1.2600 ServicePack: 3.0
18:50:33.0515 0796 Product type: Workstation
18:50:33.0515 0796 ComputerName: UMDGPH0NB1
18:50:33.0515 0796 UserName: Guest2
18:50:33.0515 0796 Windows directory: C:\WINDOWS
18:50:33.0515 0796 System windows directory: C:\WINDOWS
18:50:33.0515 0796 Processor architecture: Intel x86
18:50:33.0515 0796 Number of processors: 2
18:50:33.0515 0796 Page size: 0x1000
18:50:33.0515 0796 Boot type: Normal boot
18:50:33.0515 0796 ============================================================
18:50:34.0156 0796 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:50:34.0156 0796 \Device\Harddisk0\DR0:
18:50:34.0156 0796 MBR used
18:50:34.0156 0796 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
18:50:34.0171 0796 Initialize success
18:50:34.0171 0796 ============================================================
18:50:49.0859 3724 ============================================================
18:50:49.0859 3724 Scan started
18:50:49.0859 3724 Mode: Manual; SigCheck; TDLFS;
18:50:49.0859 3724 ============================================================
18:50:50.0140 3724 .redbook - ok
18:50:50.0156 3724 .serial - ok
18:50:50.0250 3724 a320raid (28615e07c5b8803841a038418406b98e) C:\WINDOWS\system32\DRIVERS\a320raid.sys
18:50:51.0109 3724 a320raid ( UnsignedFile.Multi.Generic ) - warning
18:50:51.0109 3724 a320raid - detected UnsignedFile.Multi.Generic (1)
18:50:51.0187 3724 aac (74365ea0c390d9af5d2ee720c65be2a9) C:\WINDOWS\system32\DRIVERS\aac.sys
18:50:51.0218 3724 aac ( UnsignedFile.Multi.Generic ) - warning
18:50:51.0218 3724 aac - detected UnsignedFile.Multi.Generic (1)
18:50:51.0265 3724 aarich (b7dbe200b5395fe2937ea2b69e413dad) C:\WINDOWS\system32\DRIVERS\aarich.sys
18:50:51.0328 3724 aarich ( UnsignedFile.Multi.Generic ) - warning
18:50:51.0328 3724 aarich - detected UnsignedFile.Multi.Generic (1)
18:50:51.0390 3724 Aavmker4 (fdba5bb4c8171cda00b2233d5389ee5f) C:\WINDOWS\system32\drivers\Aavmker4.sys
18:50:51.0640 3724 Aavmker4 - ok
18:50:51.0656 3724 Abiosdsk - ok
18:50:51.0671 3724 abp480n5 - ok
18:50:51.0718 3724 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:50:52.0093 3724 ACPI - ok
18:50:52.0203 3724 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:50:52.0546 3724 ACPIEC - ok
18:50:52.0640 3724 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:50:52.0968 3724 adpu160m - ok
18:50:53.0078 3724 adpu320 (e4e13ce4c85c7e45a643ba54b8c8b16b) C:\WINDOWS\system32\drivers\adpu320.sys
18:50:53.0109 3724 adpu320 ( UnsignedFile.Multi.Generic ) - warning
18:50:53.0109 3724 adpu320 - detected UnsignedFile.Multi.Generic (1)
18:50:53.0156 3724 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:50:53.0500 3724 aec - ok
18:50:53.0593 3724 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:50:53.0656 3724 AFD - ok
18:50:53.0687 3724 Aha154x - ok
18:50:53.0734 3724 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:50:54.0046 3724 aic78u2 - ok
18:50:54.0125 3724 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:50:54.0453 3724 aic78xx - ok
18:50:54.0515 3724 AliIde - ok
18:50:54.0546 3724 amsint - ok
18:50:54.0593 3724 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
18:50:54.0656 3724 ApfiltrService - ok
18:50:54.0703 3724 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
18:50:54.0734 3724 APPDRV ( UnsignedFile.Multi.Generic ) - warning
18:50:54.0734 3724 APPDRV - detected UnsignedFile.Multi.Generic (1)
18:50:54.0765 3724 asc - ok
18:50:54.0781 3724 asc3350p - ok
18:50:54.0812 3724 asc3550 - ok
18:50:54.0890 3724 aswFsBlk (581b82df5dbcc1dda6b775fac0d92472) C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:50:54.0921 3724 aswFsBlk - ok
18:50:54.0953 3724 aswMon2 (4310e0977b48ec9bc5cca6931f806e6d) C:\WINDOWS\system32\drivers\aswMon2.sys
18:50:54.0984 3724 aswMon2 - ok
18:50:55.0031 3724 aswRdr (0b44ee90b3db93582b260a80b28b7ffd) C:\WINDOWS\system32\drivers\aswRdr.sys
18:50:55.0062 3724 aswRdr - ok
18:50:55.0156 3724 aswSnx (ca9601cd277a1e510b80422a40240a95) C:\WINDOWS\system32\drivers\aswSnx.sys
18:50:55.0218 3724 aswSnx - ok
18:50:55.0296 3724 aswSP (05ea22dde5ca7ee3a865046aff2f0229) C:\WINDOWS\system32\drivers\aswSP.sys
18:50:55.0343 3724 aswSP - ok
18:50:55.0390 3724 aswTdi (3ac73a9e7378848d1bde174b4bb39212) C:\WINDOWS\system32\drivers\aswTdi.sys
18:50:55.0421 3724 aswTdi - ok
18:50:55.0468 3724 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:50:55.0796 3724 AsyncMac - ok
18:50:55.0859 3724 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:50:56.0187 3724 atapi - ok
18:50:56.0203 3724 Atdisk - ok
18:50:56.0390 3724 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:50:56.0718 3724 Atmarpc - ok
18:50:56.0796 3724 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:50:57.0125 3724 audstub - ok
18:50:57.0203 3724 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
18:50:57.0250 3724 b57w2k - ok
18:50:57.0328 3724 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
18:50:57.0390 3724 BCM43XX - ok
18:50:57.0437 3724 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:50:57.0765 3724 Beep - ok
18:50:57.0843 3724 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:50:58.0156 3724 cbidf2k - ok
18:50:58.0218 3724 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:50:58.0546 3724 CCDECODE - ok
18:50:58.0625 3724 cd20xrnt - ok
18:50:58.0656 3724 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:50:58.0968 3724 Cdaudio - ok
18:50:59.0062 3724 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:50:59.0406 3724 Cdfs - ok
18:50:59.0515 3724 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:50:59.0828 3724 Cdrom - ok
18:50:59.0921 3724 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
18:50:59.0953 3724 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
18:50:59.0953 3724 cercsr6 - detected UnsignedFile.Multi.Generic (1)
18:50:59.0968 3724 Changer - ok
18:51:00.0015 3724 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:51:00.0359 3724 CmBatt - ok
18:51:00.0406 3724 CmdIde - ok
18:51:00.0453 3724 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:51:00.0781 3724 Compbatt - ok
18:51:00.0859 3724 Cpqarray - ok
18:51:00.0921 3724 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
18:51:00.0968 3724 CVirtA - ok
18:51:01.0062 3724 CVPNDRVA (26deef07394624247d1f549bd94f0b15) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
18:51:01.0093 3724 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
18:51:01.0093 3724 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
18:51:01.0109 3724 dac2w2k - ok
18:51:01.0125 3724 dac960nt - ok
18:51:01.0187 3724 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:51:01.0500 3724 Disk - ok
18:51:01.0625 3724 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:51:01.0984 3724 dmboot - ok
18:51:02.0093 3724 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:51:02.0421 3724 dmio - ok
18:51:02.0515 3724 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:51:02.0828 3724 dmload - ok
18:51:02.0937 3724 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:51:03.0265 3724 DMusic - ok
18:51:03.0328 3724 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
18:51:03.0359 3724 DNE - ok
18:51:03.0390 3724 dpti2o - ok
18:51:03.0437 3724 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:51:03.0765 3724 drmkaud - ok
18:51:03.0843 3724 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:51:04.0187 3724 Fastfat - ok
18:51:04.0250 3724 fasttx2k (b62ba9f5e991d64c28dd75121aa38c81) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
18:51:04.0281 3724 fasttx2k ( UnsignedFile.Multi.Generic ) - warning
18:51:04.0281 3724 fasttx2k - detected UnsignedFile.Multi.Generic (1)
18:51:04.0312 3724 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:51:04.0625 3724 Fdc - ok
18:51:04.0734 3724 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:51:05.0062 3724 Fips - ok
18:51:05.0125 3724 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:51:05.0453 3724 Flpydisk - ok
18:51:05.0531 3724 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:51:05.0875 3724 FltMgr - ok
18:51:05.0937 3724 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:51:06.0265 3724 Fs_Rec - ok
18:51:06.0312 3724 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:51:06.0640 3724 Ftdisk - ok
18:51:06.0734 3724 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:51:07.0046 3724 Gpc - ok
18:51:07.0156 3724 guardian2 (7dadeb7f2215b1f883267cad67f091c1) C:\WINDOWS\system32\Drivers\oz776.sys
18:51:07.0203 3724 guardian2 - ok
18:51:07.0250 3724 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:51:07.0593 3724 HDAudBus - ok
18:51:07.0656 3724 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:51:07.0984 3724 hidusb - ok
18:51:08.0000 3724 hpn - ok
18:51:08.0078 3724 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:51:08.0140 3724 HPZid412 - ok
18:51:08.0203 3724 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:51:08.0265 3724 HPZipr12 - ok
18:51:08.0312 3724 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:51:08.0375 3724 HPZius12 - ok
18:51:08.0453 3724 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
18:51:08.0546 3724 HSF_DPV - ok
18:51:08.0625 3724 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
18:51:08.0671 3724 HSXHWAZL - ok
18:51:08.0734 3724 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:51:08.0796 3724 HTTP - ok
18:51:08.0828 3724 i2omgmt - ok
18:51:08.0875 3724 i2omp - ok
18:51:08.0906 3724 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:51:09.0250 3724 i8042prt - ok
18:51:09.0328 3724 iastor (1c77a81756d4777ccb0425ae8107fe96) C:\WINDOWS\system32\DRIVERS\iaStor.sys
18:51:09.0343 3724 iastor ( UnsignedFile.Multi.Generic ) - warning
18:51:09.0343 3724 iastor - detected UnsignedFile.Multi.Generic (1)
18:51:09.0406 3724 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:51:09.0734 3724 Imapi - ok
18:51:09.0812 3724 ini910u - ok
18:51:09.0875 3724 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:51:10.0203 3724 IntelIde - ok
18:51:10.0265 3724 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:51:10.0578 3724 intelppm - ok
18:51:10.0640 3724 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:51:10.0968 3724 Ip6Fw - ok
18:51:11.0062 3724 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:51:11.0406 3724 IpFilterDriver - ok
18:51:11.0484 3724 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:51:11.0796 3724 IpInIp - ok
18:51:11.0859 3724 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:51:12.0203 3724 IpNat - ok
18:51:12.0281 3724 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:51:12.0609 3724 IPSec - ok
18:51:12.0703 3724 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
18:51:13.0031 3724 irda - ok
18:51:13.0140 3724 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:51:13.0468 3724 IRENUM - ok
18:51:13.0546 3724 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:51:13.0875 3724 isapnp - ok
18:51:13.0937 3724 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:51:14.0265 3724 Kbdclass - ok
18:51:14.0328 3724 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:51:14.0656 3724 kbdhid - ok
18:51:14.0750 3724 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:51:15.0062 3724 kmixer - ok
18:51:15.0171 3724 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:51:15.0218 3724 KSecDD - ok
18:51:15.0265 3724 lbrtfdc - ok
18:51:15.0328 3724 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
18:51:15.0359 3724 LVUSBSta - ok
18:51:15.0421 3724 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
18:51:15.0453 3724 mcdbus ( UnsignedFile.Multi.Generic ) - warning
18:51:15.0453 3724 mcdbus - detected UnsignedFile.Multi.Generic (1)
18:51:15.0500 3724 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:51:15.0546 3724 mdmxsdk - ok
18:51:15.0578 3724 megasas (b9ca93897ee500c87471d4353707ee43) C:\WINDOWS\system32\drivers\megasas.sys
18:51:15.0609 3724 megasas ( UnsignedFile.Multi.Generic ) - warning
18:51:15.0609 3724 megasas - detected UnsignedFile.Multi.Generic (1)
18:51:15.0640 3724 mferkdk - ok
18:51:15.0703 3724 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:51:16.0031 3724 mnmdd - ok
18:51:16.0125 3724 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:51:16.0453 3724 Modem - ok
18:51:16.0562 3724 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:51:16.0875 3724 Mouclass - ok
18:51:16.0968 3724 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:51:17.0296 3724 mouhid - ok
18:51:17.0375 3724 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:51:17.0687 3724 MountMgr - ok
18:51:17.0703 3724 mraid35x - ok
18:51:17.0765 3724 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:51:18.0093 3724 MRxDAV - ok
18:51:18.0171 3724 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:51:18.0234 3724 MRxSmb - ok
18:51:18.0296 3724 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:51:18.0625 3724 Msfs - ok
18:51:18.0734 3724 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:51:19.0046 3724 MSKSSRV - ok
18:51:19.0109 3724 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:51:19.0437 3724 MSPCLOCK - ok
18:51:19.0546 3724 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:51:19.0859 3724 MSPQM - ok
18:51:19.0953 3724 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:51:20.0281 3724 mssmbios - ok
18:51:20.0328 3724 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:51:20.0640 3724 MSTEE - ok
18:51:20.0750 3724 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:51:20.0812 3724 Mup - ok
18:51:20.0859 3724 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:51:21.0187 3724 NABTSFEC - ok
18:51:21.0281 3724 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:51:21.0609 3724 NDIS - ok
18:51:21.0687 3724 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:51:22.0015 3724 NdisIP - ok
18:51:22.0093 3724 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:51:22.0125 3724 NdisTapi - ok
18:51:22.0171 3724 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:51:22.0500 3724 Ndisuio - ok
18:51:22.0593 3724 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:51:22.0921 3724 NdisWan - ok
18:51:23.0031 3724 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:51:23.0078 3724 NDProxy - ok
18:51:23.0109 3724 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:51:23.0437 3724 NetBIOS - ok
18:51:23.0546 3724 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:51:23.0875 3724 NetBT - ok
18:51:24.0046 3724 NETw3x32 (f43da6b7e26fff9ac4d3210f2f9b5d8c) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
18:51:24.0187 3724 NETw3x32 - ok
18:51:24.0343 3724 NETw4x32 (d57258165aba8162de8e29d71487fc4b) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
18:51:24.0531 3724 NETw4x32 - ok
18:51:24.0718 3724 NETw5x32 (aa88346ab7849a1cb34bd3424febfece) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
18:51:25.0109 3724 NETw5x32 - ok
18:51:25.0203 3724 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:51:25.0531 3724 Npfs - ok
18:51:25.0640 3724 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:51:26.0000 3724 Ntfs - ok
18:51:26.0109 3724 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:51:26.0421 3724 Null - ok
18:51:26.0718 3724 nv (0390b9368ea20dfb9e416a520b28a555) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:51:27.0109 3724 nv - ok
18:51:27.0187 3724 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:51:27.0515 3724 NwlnkFlt - ok
18:51:27.0609 3724 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:51:27.0953 3724 NwlnkFwd - ok
18:51:28.0031 3724 omci - ok
18:51:28.0093 3724 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:51:28.0406 3724 Parport - ok
18:51:28.0500 3724 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:51:28.0828 3724 PartMgr - ok
18:51:28.0906 3724 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:51:29.0234 3724 ParVdm - ok
18:51:29.0296 3724 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:51:29.0625 3724 PCI - ok
18:51:29.0687 3724 PCIDump - ok
18:51:29.0718 3724 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:51:30.0046 3724 PCIIde - ok
18:51:30.0140 3724 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:51:30.0468 3724 Pcmcia - ok
18:51:30.0546 3724 PDCOMP - ok
18:51:30.0562 3724 PDFRAME - ok
18:51:30.0578 3724 PDRELI - ok
18:51:30.0609 3724 PDRFRAME - ok
18:51:30.0640 3724 perc2 - ok
18:51:30.0656 3724 perc2hib - ok
18:51:30.0796 3724 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
18:51:30.0953 3724 PID_PEPI - ok
18:51:31.0031 3724 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:51:31.0343 3724 PptpMiniport - ok
18:51:31.0421 3724 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:51:31.0750 3724 PSched - ok
18:51:31.0812 3724 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:51:32.0140 3724 Ptilink - ok
18:51:32.0218 3724 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:51:32.0250 3724 PxHelp20 - ok
18:51:32.0281 3724 ql1080 - ok
18:51:32.0296 3724 Ql10wnt - ok
18:51:32.0312 3724 ql12160 - ok
18:51:32.0343 3724 ql1240 - ok
18:51:32.0359 3724 ql1280 - ok
18:51:32.0390 3724 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:51:32.0718 3724 RasAcd - ok
18:51:32.0812 3724 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
18:51:33.0000 3724 Rasirda - ok
18:51:33.0093 3724 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:51:33.0421 3724 Rasl2tp - ok
18:51:33.0515 3724 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:51:33.0843 3724 RasPppoe - ok
18:51:33.0921 3724 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:51:34.0250 3724 Raspti - ok
18:51:34.0359 3724 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:51:34.0671 3724 Rdbss - ok
18:51:34.0750 3724 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:51:35.0078 3724 RDPCDD - ok
18:51:35.0140 3724 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:51:35.0468 3724 rdpdr - ok
18:51:35.0578 3724 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:51:35.0625 3724 RDPWD - ok
18:51:35.0687 3724 s24trans (87940243ea2ad3ebe274f5409c5e9072) C:\WINDOWS\system32\DRIVERS\s24trans.sys
18:51:35.0734 3724 s24trans - ok
18:51:35.0812 3724 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:51:36.0125 3724 Secdrv - ok
18:51:36.0203 3724 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:51:36.0515 3724 serenum - ok
18:51:36.0578 3724 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
18:51:36.0906 3724 Sfloppy - ok
18:51:36.0937 3724 Simbad - ok
18:51:37.0000 3724 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:51:37.0328 3724 SLIP - ok
18:51:37.0390 3724 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
18:51:37.0578 3724 SMCIRDA - ok
18:51:37.0593 3724 Sparrow - ok
18:51:37.0671 3724 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:51:37.0984 3724 splitter - ok
18:51:38.0093 3724 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:51:38.0421 3724 sr - ok
18:51:38.0546 3724 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:51:38.0625 3724 Srv - ok
18:51:38.0703 3724 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
18:51:38.0796 3724 STHDA - ok
18:51:38.0875 3724 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:51:39.0203 3724 streamip - ok
18:51:39.0265 3724 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:51:39.0593 3724 swenum - ok
18:51:39.0656 3724 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:51:39.0968 3724 swmidi - ok
18:51:40.0000 3724 symc810 - ok
18:51:40.0015 3724 symc8xx - ok
18:51:40.0078 3724 Symmpi (e16380d5911fa00e90452f90f49ed352) C:\WINDOWS\system32\DRIVERS\symmpi.sys
18:51:40.0109 3724 Symmpi ( UnsignedFile.Multi.Generic ) - warning
18:51:40.0109 3724 Symmpi - detected UnsignedFile.Multi.Generic (1)
18:51:40.0125 3724 sym_hi - ok
18:51:40.0140 3724 sym_u3 - ok
18:51:40.0187 3724 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:51:40.0515 3724 sysaudio - ok
18:51:40.0625 3724 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:51:40.0703 3724 Tcpip - ok
18:51:40.0781 3724 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
18:51:40.0843 3724 TcUsb - ok
18:51:40.0875 3724 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:51:41.0203 3724 TDPIPE - ok
18:51:41.0312 3724 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:51:41.0625 3724 TDTCP - ok
18:51:41.0656 3724 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:51:41.0984 3724 TermDD - ok
18:51:42.0015 3724 TosIde - ok
18:51:42.0093 3724 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:51:42.0406 3724 Udfs - ok
18:51:42.0437 3724 ultra - ok
18:51:42.0515 3724 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:51:42.0859 3724 Update - ok
18:51:42.0984 3724 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:51:43.0296 3724 usbaudio - ok
18:51:43.0359 3724 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:51:43.0687 3724 usbccgp - ok
18:51:43.0718 3724 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
18:51:43.0765 3724 USBCCID - ok
18:51:43.0828 3724 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:51:44.0140 3724 usbehci - ok
18:51:44.0218 3724 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:51:44.0546 3724 usbhub - ok
18:51:44.0640 3724 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:51:44.0953 3724 usbprint - ok
18:51:45.0031 3724 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:51:45.0343 3724 usbscan - ok
18:51:45.0390 3724 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:51:45.0703 3724 USBSTOR - ok
18:51:45.0750 3724 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:51:46.0062 3724 usbuhci - ok
18:51:46.0125 3724 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:51:46.0437 3724 VgaSave - ok
18:51:46.0453 3724 ViaIde - ok
18:51:46.0484 3724 vmscsi - ok
18:51:46.0546 3724 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:51:46.0859 3724 VolSnap - ok
18:51:46.0984 3724 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
18:51:47.0093 3724 w39n51 - ok
18:51:47.0171 3724 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:51:47.0484 3724 Wanarp - ok
18:51:47.0578 3724 WDICA - ok
18:51:47.0609 3724 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:51:47.0937 3724 wdmaud - ok
18:51:48.0062 3724 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
18:51:48.0125 3724 winachsf - ok
18:51:48.0218 3724 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:51:48.0531 3724 WmiAcpi - ok
18:51:48.0609 3724 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:51:48.0671 3724 WpdUsb - ok
18:51:48.0750 3724 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:51:49.0062 3724 WSTCODEC - ok
18:51:49.0156 3724 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:51:49.0203 3724 WudfPf - ok
18:51:49.0265 3724 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:51:49.0328 3724 WudfRd - ok
18:51:49.0375 3724 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:51:49.0687 3724 \Device\Harddisk0\DR0 - ok
18:51:49.0703 3724 Boot (0x1200) (ca73709d59cbe60beb128f618651d507) \Device\Harddisk0\DR0\Partition0
18:51:49.0703 3724 \Device\Harddisk0\DR0\Partition0 - ok
18:51:49.0703 3724 ============================================================
18:51:49.0703 3724 Scan finished
18:51:49.0703 3724 ============================================================
18:51:49.0812 2356 Detected object count: 12
18:51:49.0812 2356 Actual detected object count: 12
18:53:09.0234 2356 a320raid ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:09.0234 2356 a320raid ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:53:09.0234 2356 aac ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:09.0234 2356 aac ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:53:09.0234 2356 aarich ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:09.0234 2356 aarich ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:53:09.0250 2356 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:09.0250 2356 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:53:09.0250 2356 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:09.0250 2356 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:53:09.0250 2356 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:09.0250 2356 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:53:09.0250 2356 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:09.0250 2356 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:53:09.0250 2356 fasttx2k ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:09.0250 2356 fasttx2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:53:09.0250 2356 iastor ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:09.0250 2356 iastor ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:53:09.0265 2356 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:09.0265 2356 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:53:09.0265 2356 megasas ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:09.0265 2356 megasas ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:53:09.0265 2356 Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:09.0265 2356 Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:01:29.0593 2320 Deinitialize success

All processes killed
========== OTL ==========
Error: No service named .serial was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.serial deleted successfully.
Error: No service named .redbook was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.redbook deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QimMTimICgL.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\mqbkkrnl deleted successfully.
C:\Documents and Settings\All Users\Application Data\LDMPQCdrBlgFTR moved successfully.
C:\Documents and Settings\All Users\Application Data\ub245cl057ixwy67262hj75138h74sl486k3sp1n5hw265 moved successfully.
C:\Documents and Settings\All Users\Application Data\06xp1102x88ndgc76kybh54u05b74u2o moved successfully.
C:\Documents and Settings\All Users\Application Data\xpif-v02030a.dtd moved successfully.
C:\WINDOWS\system32\drivers\wbuahj.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\8s32 moved successfully.
C:\Documents and Settings\All Users\Application Data\p4RkMAQM moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Guest2\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Guest2\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: ACT 13
->Temp folder emptied: 20062096 bytes
->Temporary Internet Files folder emptied: 636114 bytes
->FireFox cache emptied: 13607352 bytes
->Flash cache emptied: 611 bytes

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Guest
->Temp folder emptied: 11279191 bytes
->Temporary Internet Files folder emptied: 13828115 bytes
->FireFox cache emptied: 45641683 bytes
->Google Chrome cache emptied: 41183792 bytes
->Flash cache emptied: 4684 bytes

User: Guest2
->Temp folder emptied: 11572 bytes
->Temporary Internet Files folder emptied: 20085573 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3690877 bytes
->Flash cache emptied: 615 bytes

User: Guest3
->Temp folder emptied: 28782986 bytes
->Temporary Internet Files folder emptied: 7003508 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46830351 bytes
->Flash cache emptied: 2963 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 11666490 bytes

User: Mmiller
->Temp folder emptied: 3806765974 bytes
->Temporary Internet Files folder emptied: 67459825 bytes
->Java cache emptied: 2845644 bytes
->FireFox cache emptied: 22412686 bytes
->Flash cache emptied: 3370741 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12206957 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 243446423 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4,220.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.35.1 log created on 03042012_190306

Files\Folders moved on Reboot...
C:\Documents and Settings\Guest2\Local Settings\Temporary Internet Files\Content.IE5\OPEBGPQF\index[1].htm moved successfully.
C:\Documents and Settings\Guest2\Local Settings\Temporary Internet Files\Content.IE5\OPEBGPQF\index[2].htm moved successfully.
C:\Documents and Settings\Guest2\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

RogueKiller V7.3.0 [03/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Guest2 [Admin rights]
Mode: Scan -- Date: 03/08/2012 20:08:40

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[FILEASSO] HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Program Files\Intern") -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST980813AS +++++
--- User ---
[MBR] f8217365b9ffec48eb10632da6a591b0
[BSP] fc4c40929a7a5ba7b1b14288ff1e9b02 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V7.3.0 [03/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Guest2 [Admin rights]
Mode: Shortcuts HJfix -- Date: 03/08/2012 20:14:54

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 5 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 35 / Fail 0
My documents: Success 6 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1745 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

I think there are two RK eports becaue I did it twice??

The icons didn't return.
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets go for the manual restore, on completion can you let me know what problems remain

Restore Accessories Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Ensure that the following check boxes are checked (as seen in this image below):

Posted Image


Once they are, click on the Restore button.



Restore Admin Tools Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Click on the Restore Administrative Tools Items button.

As seen in this image below:

Posted Image


This next one will produce the necessary shortcut links which you can cut and paste into the start menu folder
Download the repair.vbs file to your destop
Run the repair.vbs
It will ask for a folder name call it recovery
The tool will let you know when it is finished
On the desktop will be a recovery folder
Open the folder
Cut and Paste the links that you want to C:\documents and settings\your name\start menu

Posted Image


Posted Image
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP