Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System Check infection


  • Please log in to reply

#1
smackattack

smackattack

    Member

  • Member
  • PipPip
  • 10 posts
Got drive by today visiting a site. Avira tried to stop one file from running then the system was totally hijacked. Start menu hijacked, avira stopped, cant access task manager and System check start running and telling you there are hard drive errors. Infection occurs even in safe mode.

Im pretty experienced in malware removal, but this thing looks nasty and i was seeing people who thought they had it clean come back looking for help, so I thought I might post here for some help with the latest tools out there. Thanks in advance for the help.

I found OTLPE on another site and had to use that to generate this. This is a windows xp sp3 computer.

OTL logfile created on: 3/28/2012 12:42:33 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 83.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 114.03 Gb Free Space | 76.51% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (TSCONSOLESERVICE)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2012/01/17 18:50:20 | 000,005,120 | ---- | M] (FedEx Corporation) [On_Demand] -- C:\Program Files\FedEx\ShipManager\BIN\ShipEngineService.exe -- (FedExShipService)
SRV - [2012/01/17 18:48:16 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe -- (FedExAdminService)
SRV - [2012/01/17 18:48:06 | 000,006,656 | ---- | M] (FedEx Corporation) [On_Demand] -- C:\Program Files\FedEx\ShipManager\BIN\TransEngineService.exe -- (FedExTransactionService)
SRV - [2012/01/17 18:47:22 | 000,007,168 | ---- | M] (FedEx Corporation) [Auto] -- C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe -- (FedExLoggingService)
SRV - [2012/01/17 18:44:10 | 000,141,176 | ---- | M] (iAnywhere Solutions, Inc.) [Auto] -- C:\Program Files\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe -- (FedExShipnetDBService)
SRV - [2011/10/11 18:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 18:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/02/15 14:11:30 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 18:00:32 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 18:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 18:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/04/11 06:30:16 | 000,018,304 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2007/04/11 06:09:08 | 000,321,024 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/09/20 23:53:18 | 002,278,784 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/03/25 13:50:46 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\siside.sys -- (siside)
DRV - [2002/10/17 11:14:46 | 000,049,024 | R--- | M] (Windows ® 2000 DDK provider) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/20 13:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2000/07/24 04:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\AV, = http://www.altavista...search/web?q=%s
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\FM, = http://www.filemirro...rch.src?file=%s
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\GGL, = http://www.google.com/search?q=%s
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\MSKB, = http://support.microsoft.com/?kbid=%s
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\MSN, = http://search.msn.com/results.asp?q=%s
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\insidesales1.VANPTC_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\insidesales1.VANPTC_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\insidesales1.VANPTC_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 79 53 C4 96 07 CD 01 [binary data]
IE - HKU\insidesales1.VANPTC_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\insidesales1.VANPTC_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/20 15:01:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/01 16:14:50 | 000,000,000 | ---D | M]

[2010/03/11 15:55:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Mozilla\Extensions
[2012/01/06 19:16:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Mozilla\Firefox\Profiles\ipnqueov.default\extensions
[2010/04/27 15:53:21 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Mozilla\Firefox\Profiles\ipnqueov.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/29 18:51:43 | 000,000,000 | -H-D | M] (Allow Right-Click) -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Mozilla\Firefox\Profiles\ipnqueov.default\extensions\{CCEA9629-894C-4eef-9F40-8301F3146527}
[2011/12/01 16:14:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\INSIDESALES1.VANPTC\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IPNQUEOV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/03/20 15:01:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/26 20:07:10 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/04 15:16:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/04 15:16:33 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2007/11/12 12:31:50 | 000,000,773 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.123.80 vpaccpac
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\insidesales1.VANPTC_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eCopy Scan Inbox Monitor] C:\Program Files\eCopy\Desktop 9.2\Bin\InboxMonitor.exe (eCopy, Inc.)
O4 - HKLM..\Run: [eDP2eD] C:\Program Files\eCopy\Desktop 9.2\Bin\eDP2eD.exe (eCopy, Inc.)
O4 - HKLM..\Run: [kOVWhuUpjWR.exe] C:\Documents and Settings\All Users\Application Data\kOVWhuUpjWR.exe ( )
O4 - HKLM..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe ()
O4 - HKLM..\Run: [PrintBoss Stub] C:\WINDOWS\system32\PB32Stub.exe (Wellspring Software, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\insidesales1.VANPTC_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\insidesales1.VANPTC_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\insidesales1.VANPTC_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.238.64.12 68.238.96.12 4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vanptc.com
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/18 10:17:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/28 13:34:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\insidesales1.VANPTC\Recent
[2012/03/28 13:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\insidesales1.VANPTC\Start Menu\Programs\System Check
[2012/03/28 13:30:34 | 000,362,496 | -H-- | C] ( ) -- C:\Documents and Settings\All Users\Application Data\7B7iVCyeXU3Pdj.exe
[2012/03/28 13:27:20 | 000,457,728 | -H-- | C] ( ) -- C:\Documents and Settings\All Users\Application Data\kOVWhuUpjWR.exe
[2012/02/28 14:40:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FedEx Ship Manager
[2012/02/28 14:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/28 13:41:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/28 13:39:21 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/28 13:31:08 | 000,000,408 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\7B7iVCyeXU3Pdj
[2012/03/28 13:30:50 | 000,000,264 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~7B7iVCyeXU3Pdj
[2012/03/28 13:30:50 | 000,000,168 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~7B7iVCyeXU3Pdjr
[2012/03/28 13:30:49 | 000,000,835 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\System Check.lnk
[2012/03/28 13:30:34 | 000,362,496 | -H-- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\7B7iVCyeXU3Pdj.exe
[2012/03/28 13:30:17 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/03/28 13:30:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
[2012/03/28 13:30:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\UPS
[2012/03/28 13:30:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\TalkSwitch Attendant Console 1.10
[2012/03/28 13:30:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SiS VGA Utilities
[2012/03/28 13:30:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ShipRush
[2012/03/28 13:30:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Realtek Sound Manager
[2012/03/28 13:30:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerArchiver
[2012/03/28 13:30:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\POPFile
[2012/03/28 13:30:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Pervasive.SQL V8
[2012/03/28 13:30:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Outlook Email Address Extractor
[2012/03/28 13:30:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Network ScanGear
[2012/03/28 13:30:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/03/28 13:30:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Player Classic
[2012/03/28 13:30:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/28 13:30:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\LABEL MATRIX 7
[2012/03/28 13:30:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2012/03/28 13:30:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\IrfanView
[2012/03/28 13:30:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\IDEUtil
[2012/03/28 13:30:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\FedEx Ship Manager
[2012/03/28 13:30:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\FedEx
[2012/03/28 13:30:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\eMule
[2012/03/28 13:30:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Email Extractor 2
[2012/03/28 13:30:15 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/03/28 13:30:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\eCopy Applications
[2012/03/28 13:30:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Printers
[2012/03/28 13:30:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink PowerDVD
[2012/03/28 13:30:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Printer Uninstaller
[2012/03/28 13:30:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brother HL-1440
[2012/03/28 13:30:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2012/03/28 13:30:14 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2012/03/28 13:30:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ACCPAC
[2012/03/28 13:24:14 | 000,457,728 | -H-- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\kOVWhuUpjWR.exe
[2012/03/28 12:49:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/27 13:11:38 | 000,001,776 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\My Documents\Default.rdp
[2012/03/23 18:56:31 | 000,042,728 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\shore total office 095161.pdf
[2012/03/22 17:58:11 | 000,070,546 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\ampliaudio-095455.pdf
[2012/03/22 17:57:15 | 000,070,182 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\calasa-095454.pdf
[2012/03/20 14:17:38 | 000,179,038 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\20120320095228.pdf
[2012/03/19 14:40:44 | 000,155,321 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon BPD02-B products revised.pdf
[2012/03/19 14:20:17 | 000,163,060 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon BPD02-P products revised.pdf
[2012/03/19 14:11:10 | 000,162,994 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon BDP02-W products-revised.pdf
[2012/03/15 19:08:01 | 000,006,647 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\amazon-package bre.pdf
[2012/03/15 19:06:53 | 000,025,458 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon bre-3-15-12FBAFCKJSZ.pdf
[2012/03/15 19:04:53 | 000,008,245 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\amazon-package ind.pdf
[2012/03/15 19:03:03 | 000,058,078 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon IND-3-15-12FBAFCKJSZ.pdf
[2012/03/15 18:55:56 | 000,008,436 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\amazon-package phx.pdf
[2012/03/15 18:50:43 | 000,066,385 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon PHX-3-15-12FBAFCKJSZ.pdf
[2012/03/15 14:07:54 | 000,191,636 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\097918.pdf
[2012/03/15 13:55:52 | 000,047,093 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\oe-iv-pb-bro-2blank.pdf
[2012/03/14 15:03:13 | 000,093,503 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095318.pdf
[2012/03/14 15:02:40 | 000,134,469 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095317.pdf
[2012/03/14 15:01:55 | 000,219,666 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095304.pdf
[2012/03/14 15:01:14 | 000,193,920 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095145A.pdf
[2012/03/14 14:59:47 | 000,234,330 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095145.pdf
[2012/03/14 13:23:41 | 000,251,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 13:19:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/12 14:13:03 | 000,005,476 | ---- | M] () -- C:\WINDOWS\A4WINSTU.BAT
[2012/03/12 12:43:22 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/12 12:43:22 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/01 20:55:34 | 000,068,947 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\sas-095219-proforma.pdf
[2012/03/01 15:05:57 | 000,120,389 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Blank Invoice.pdf
[2012/02/29 18:25:05 | 000,205,069 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\BBCan-094611.pdf
[2012/02/29 18:19:18 | 000,203,461 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\BBCan-094537.pdf
[2012/02/28 18:00:33 | 000,186,732 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\20120228134537.pdf
[2012/02/28 18:00:08 | 000,187,708 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\20120228134512.pdf
[2012/02/28 14:37:04 | 000,004,346 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/02/27 18:32:18 | 000,069,983 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\calasa1511100-proforma.pdf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/28 13:39:21 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/28 13:30:50 | 000,000,264 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~7B7iVCyeXU3Pdj
[2012/03/28 13:30:50 | 000,000,168 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~7B7iVCyeXU3Pdjr
[2012/03/28 13:30:49 | 000,000,835 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\System Check.lnk
[2012/03/28 13:30:45 | 000,000,408 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\7B7iVCyeXU3Pdj
[2012/03/23 18:56:31 | 000,042,728 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\shore total office 095161.pdf
[2012/03/22 17:58:11 | 000,070,546 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\ampliaudio-095455.pdf
[2012/03/22 17:57:15 | 000,070,182 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\calasa-095454.pdf
[2012/03/20 14:07:19 | 000,179,038 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\20120320095228.pdf
[2012/03/19 14:40:39 | 000,155,321 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon BPD02-B products revised.pdf
[2012/03/19 14:20:12 | 000,163,060 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon BPD02-P products revised.pdf
[2012/03/19 14:05:48 | 000,162,994 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon BDP02-W products-revised.pdf
[2012/03/15 19:08:01 | 000,006,647 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\amazon-package bre.pdf
[2012/03/15 19:06:53 | 000,025,458 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon bre-3-15-12FBAFCKJSZ.pdf
[2012/03/15 19:04:53 | 000,008,245 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\amazon-package ind.pdf
[2012/03/15 19:03:03 | 000,058,078 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon IND-3-15-12FBAFCKJSZ.pdf
[2012/03/15 18:55:56 | 000,008,436 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\amazon-package phx.pdf
[2012/03/15 18:50:43 | 000,066,385 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon PHX-3-15-12FBAFCKJSZ.pdf
[2012/03/15 13:55:52 | 000,047,093 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\oe-iv-pb-bro-2blank.pdf
[2012/03/15 13:51:46 | 000,191,636 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\097918.pdf
[2012/03/09 15:33:27 | 000,093,503 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095318.pdf
[2012/03/09 15:33:13 | 000,134,469 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095317.pdf
[2012/03/09 15:32:50 | 000,219,666 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095304.pdf
[2012/03/09 15:32:30 | 000,193,920 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095145A.pdf
[2012/03/09 15:32:07 | 000,234,330 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095145.pdf
[2012/03/01 15:05:56 | 000,120,389 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Blank Invoice.pdf
[2012/02/29 16:39:07 | 000,068,947 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\sas-095219-proforma.pdf
[2012/02/28 18:19:31 | 000,203,461 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\BBCan-094537.pdf
[2012/02/28 18:16:05 | 000,205,069 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\BBCan-094611.pdf
[2012/02/28 18:00:31 | 000,186,732 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\20120228134537.pdf
[2012/02/28 18:00:05 | 000,187,708 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\20120228134512.pdf
[2012/02/27 18:32:18 | 000,069,983 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\calasa1511100-proforma.pdf
[2012/02/14 19:02:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/20 19:00:59 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\WSSEMAPHORES.dat
[2010/04/30 12:05:21 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\WSSEMAPHORES.dat
[2010/01/04 19:06:15 | 001,024,059 | ---- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\event.l00
[2009/12/28 18:34:22 | 000,000,458 | RHS- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\ntuser.pol
[2009/08/25 14:56:39 | 000,000,168 | ---- | C] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2009/06/18 17:31:06 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.insidesales1.ini
[2008/11/25 14:34:38 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1450.ini
[2007/07/25 13:45:16 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/07/24 18:42:44 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/24 18:09:58 | 000,000,059 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/07/24 18:09:58 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2007/07/24 18:09:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brohl144.ini
[2007/07/24 18:09:55 | 000,000,447 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2007/07/24 18:09:54 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/07/24 18:09:16 | 000,000,312 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2007/07/24 18:09:16 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2007/07/24 18:09:16 | 000,000,026 | ---- | C] () -- C:\WINDOWS\brpp2ka.ini
[2007/07/24 18:09:16 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/07/24 18:08:51 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/07/24 18:08:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\BRVPDNTA.DLL
[2007/07/24 18:08:51 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2007/07/24 18:08:51 | 000,011,568 | ---- | C] () -- C:\WINDOWS\HL-1440.INI
[2007/07/24 18:08:51 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2007/07/24 18:05:17 | 000,092,399 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2007/07/24 18:04:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\Progress.exe
[2007/07/24 18:04:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
[2007/07/24 18:04:24 | 000,078,173 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2007/07/24 13:36:29 | 000,005,809 | ---- | C] () -- C:\WINDOWS\lmw32.ini
[2007/07/24 13:25:57 | 000,169,472 | ---- | C] () -- C:\WINDOWS\System32\Mcw32.dll
[2007/07/23 13:31:09 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2007/07/23 12:52:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/07/20 18:22:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/07/20 17:13:34 | 000,856,064 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/07/20 17:13:34 | 000,568,850 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2007/07/20 17:13:34 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/07/20 17:13:33 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/07/20 17:13:32 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/07/20 16:41:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/07/20 16:33:24 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2007/07/20 16:33:22 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\Crutl14.dll
[2007/07/20 16:33:22 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[2007/07/20 16:30:17 | 000,000,184 | ---- | C] () -- C:\WINDOWS\bti.ini
[2007/07/20 16:29:42 | 000,043,760 | ---- | C] () -- C:\WINDOWS\System32\nwlocale.dll
[2007/07/20 15:38:02 | 000,000,873 | ---- | C] () -- C:\WINDOWS\DKAAJ2DD.ini
[2007/07/20 05:17:37 | 000,004,366 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/19 05:56:56 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2007/07/19 05:56:53 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/07/19 05:56:52 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/07/19 05:55:15 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2007/07/19 05:54:34 | 000,024,064 | ---- | C] () -- C:\WINDOWS\autoload.exe
[2007/07/18 12:09:24 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/18 12:07:50 | 000,251,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/07/18 10:32:24 | 000,000,165 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2007/07/18 10:32:19 | 000,000,197 | R--- | C] () -- C:\WINDOWS\Winamp5.ini
[2007/07/18 10:30:13 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/07/18 10:28:21 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/07/18 10:28:18 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2007/07/18 10:21:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/07/18 10:13:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/12/08 06:31:26 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lexdlls.dlL
[2006/01/19 13:34:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2005/10/07 18:13:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2005/10/07 18:13:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2005/09/20 12:41:48 | 000,000,460 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2005/09/20 12:40:35 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\Retestrak.dll
[2005/09/20 12:40:21 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.dll
[2005/02/18 14:05:43 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\setupold.exe
[2004/10/22 19:07:54 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\GetHostIP.exe
[2004/08/03 19:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/09/20 17:33:14 | 000,110,085 | ---- | C] () -- C:\WINDOWS\System32\CDIMAGE.EXE
[2003/08/18 13:45:18 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\cmdow.exe
[2003/08/14 13:59:40 | 000,026,013 | ---- | C] () -- C:\WINDOWS\System32\sleep.exe
[2003/04/08 16:41:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\nssckbi.dll
[2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,444,456 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,072,332 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/07/02 17:21:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\u2lmisys.dll

========== LOP Check ==========

[2011/11/14 20:07:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Downloaded Installations
[2011/10/03 13:28:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\POPFile
[2012/02/28 14:31:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\FedEx
[2011/07/26 14:36:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\FedEx Customer Tools
[2011/04/06 20:02:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11

========== Purity Check ==========


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c




:OTL
O4 - HKLM..\Run: [kOVWhuUpjWR.exe] C:\Documents and Settings\All Users\Application Data\kOVWhuUpjWR.exe ( )

:files
C:\Documents and Settings\insidesales1.VANPTC\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
C:\Documents and Settings\All Users\Application Data\7B7iVCyeXU3Pdj
C:\Documents and Settings\All Users\Application Data\~7B7iVCyeXU3Pdj
C:\Documents and Settings\All Users\Application Data\~7B7iVCyeXU3Pdjr
C:\Documents and Settings\insidesales1.VANPTC\Desktop\System Check.lnk
C:\Documents and Settings\All Users\Application Data\7B7iVCyeXU3Pdj.exe
     
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply. Then see if you can boot into regular mode and Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
smackattack

smackattack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for getting back to me and the help.

Running OTLPE with the first set of custom fixes, asked for a reboot to finish up, i rebooted back into the PE and started otl again but didnt get a log.

Started windows normally. Desktop is still blank, and the user menu still blank, but avira ran this time. Also, the system check was in the start menu, but it didnt pop up and try and scan like before.

Was able to launch IE and download OTL from your link. Saved to desktop, but it wasnt there, I had to find it through explorere and launch it from there. Pasted in your second set of fixes and ran a scan, here are the logs.

OTL.txt
OTL logfile created on: 3/29/2012 12:54:59 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\insidesales1.VANPTC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

1.47 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 61.69% Memory free
2.03 Gb Paging File | 1.49 Gb Available in Paging File | 73.68% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 114.58 Gb Free Space | 76.88% Space Free | Partition Type: NTFS
Drive S: | 279.45 Gb Total Space | 9.48 Gb Free Space | 3.39% Space Free | Partition Type: NTFS
Drive T: | 69.19 Gb Total Space | 24.02 Gb Free Space | 34.71% Space Free | Partition Type: NTFS
Drive W: | 69.19 Gb Total Space | 24.02 Gb Free Space | 34.71% Space Free | Partition Type: NTFS

Computer Name: IS1 | User Name: insidesales1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/29 12:52:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\OTL.exe
PRC - [2012/01/17 15:53:10 | 000,072,840 | ---- | M] (FedEx) -- C:\Program Files\FedEx\ShipManager\BIN\FXCONWND.EXE
PRC - [2012/01/17 15:48:16 | 000,024,576 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe
PRC - [2012/01/17 15:47:22 | 000,007,168 | ---- | M] (FedEx Corporation) -- C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe
PRC - [2012/01/17 15:44:10 | 000,141,176 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe
PRC - [2011/10/11 15:00:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 15:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 15:00:08 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 15:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2008/07/02 22:45:54 | 000,020,480 | ---- | M] () -- C:\UPS\WSTD\UPSNA1Msgr.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 19:28:22 | 000,144,648 | ---- | M] (eCopy, Inc.) -- C:\Program Files\eCopy\Desktop 9.2\Bin\eDP2eD.exe
PRC - [2004/08/12 11:16:46 | 000,148,480 | ---- | M] (Wellspring Software, Inc.) -- C:\WINDOWS\system32\PB32Stub.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/15 10:37:56 | 007,982,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\vjslib\e7a84e361b3a51a77c45bc349ac182d2\vjslib.ni.dll
MOD - [2012/02/15 10:37:05 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
MOD - [2012/02/15 10:36:52 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
MOD - [2012/02/15 10:36:51 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/15 10:36:40 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012/02/15 10:36:35 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
MOD - [2012/02/15 10:35:03 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/15 10:32:40 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/15 10:32:32 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/15 10:32:12 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/15 10:31:49 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
MOD - [2012/02/15 10:29:57 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/14 17:45:45 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/02/14 17:45:40 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/02/14 17:45:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/01/17 15:53:02 | 000,018,112 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Communication.CommLogger.DLL
MOD - [2012/01/17 15:50:12 | 000,237,568 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\AdminLogic.dll
MOD - [2012/01/17 15:49:04 | 000,053,248 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\AdminComm.dll
MOD - [2012/01/17 15:48:22 | 000,405,504 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.ShipEngine.Route.BusinessLogic.dll
MOD - [2012/01/17 15:48:16 | 000,024,576 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe
MOD - [2012/01/17 15:48:04 | 000,120,832 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\Snapshot.dll
MOD - [2012/01/17 15:48:00 | 000,040,960 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.ShipEngine.ServiceInterfaces.dll
MOD - [2012/01/17 15:47:56 | 000,663,552 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.ShipEngine.DataAccess.dll
MOD - [2012/01/17 15:47:48 | 000,169,984 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\UvSDKWrapper.dll
MOD - [2012/01/17 15:47:44 | 000,235,008 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.ShipEngine.ABDataAccess.dll
MOD - [2012/01/17 15:47:42 | 000,053,248 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\AdminEntities.dll
MOD - [2012/01/17 15:47:40 | 000,036,864 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.ShipEngine.Route.Entities.dll
MOD - [2012/01/17 15:47:38 | 000,020,480 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.ShipEngine.FSMDataAccess.dll
MOD - [2012/01/17 15:47:24 | 000,724,992 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.ShipEngine.Entities.dll
MOD - [2012/01/17 15:47:20 | 000,921,600 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.Languafier.dll
MOD - [2012/01/17 15:47:04 | 000,460,288 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\eSRGApi.dll
MOD - [2012/01/17 15:46:56 | 000,032,768 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.Logging.dll
MOD - [2012/01/17 15:46:48 | 000,082,944 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\FxZipFile.dll
MOD - [2012/01/17 15:46:04 | 000,045,056 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.ConfigManager.dll
MOD - [2012/01/17 15:45:16 | 000,155,648 | ---- | M] () -- C:\Program Files\FedEx\ShipManager\BIN\sasv.dll
MOD - [2011/10/24 10:02:43 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/11 15:00:22 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/07/02 22:46:50 | 000,049,152 | ---- | M] () -- C:\UPS\WSTD\PolicyMgr\UPS.Components.PolicyHolder.dll
MOD - [2008/07/02 22:46:50 | 000,024,576 | ---- | M] () -- C:\UPS\WSTD\PolicyMgr\Microsoft.ApplicationBlocks.Data.dll
MOD - [2008/07/02 22:45:54 | 000,020,480 | ---- | M] () -- C:\UPS\WSTD\UPSNA1Msgr.exe
MOD - [2008/07/02 22:45:52 | 000,045,056 | ---- | M] () -- C:\UPS\WSTD\PolicyMgr\UPS.Components.NA1MessengerServer.dll
MOD - [2003/07/02 15:10:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\lexdlls.dlL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\insidesales1\Desktop\TALKSWITCH\Attendant Console 1.10\Server\TalkSwitchConsoleServer.exe -- (TSCONSOLESERVICE)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/01/17 15:50:20 | 000,005,120 | ---- | M] (FedEx Corporation) [On_Demand | Stopped] -- C:\Program Files\FedEx\ShipManager\BIN\ShipEngineService.exe -- (FedExShipService)
SRV - [2012/01/17 15:48:16 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe -- (FedExAdminService)
SRV - [2012/01/17 15:48:06 | 000,006,656 | ---- | M] (FedEx Corporation) [On_Demand | Stopped] -- C:\Program Files\FedEx\ShipManager\BIN\TransEngineService.exe -- (FedExTransactionService)
SRV - [2012/01/17 15:47:22 | 000,007,168 | ---- | M] (FedEx Corporation) [Auto | Running] -- C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe -- (FedExLoggingService)
SRV - [2012/01/17 15:44:10 | 000,141,176 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe -- (FedExShipnetDBService)
SRV - [2011/10/11 15:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 15:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/02/15 11:11:30 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 15:00:32 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 15:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/04/11 03:30:16 | 000,018,304 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2007/04/11 03:09:08 | 000,321,024 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/09/20 20:53:18 | 002,278,784 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/03/25 10:50:46 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\siside.sys -- (siside)
DRV - [2002/10/17 08:14:46 | 000,049,024 | R--- | M] (Windows ® 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/20 10:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BRPAR.SYS -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 76 FF 16 E5 0D CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/20 12:01:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/01 13:14:50 | 000,000,000 | ---D | M]

[2010/03/11 12:55:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Mozilla\Extensions
[2012/01/06 16:16:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Mozilla\Firefox\Profiles\ipnqueov.default\extensions
[2010/04/27 12:53:21 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Mozilla\Firefox\Profiles\ipnqueov.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/29 15:51:43 | 000,000,000 | -H-D | M] (Allow Right-Click) -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Mozilla\Firefox\Profiles\ipnqueov.default\extensions\{CCEA9629-894C-4eef-9F40-8301F3146527}
[2011/12/01 13:14:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\INSIDESALES1.VANPTC\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IPNQUEOV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/03/20 12:01:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/26 17:07:10 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/04 12:16:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/04 12:16:33 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2007/11/12 09:31:50 | 000,000,773 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.123.80 vpaccpac
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eCopy Scan Inbox Monitor] C:\Program Files\eCopy\Desktop 9.2\Bin\InboxMonitor.exe (eCopy, Inc.)
O4 - HKLM..\Run: [eDP2eD] C:\Program Files\eCopy\Desktop 9.2\Bin\eDP2eD.exe (eCopy, Inc.)
O4 - HKLM..\Run: [kOVWhuUpjWR.exe] C:\Documents and Settings\All Users\Application Data\kOVWhuUpjWR.exe File not found
O4 - HKLM..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe ()
O4 - HKLM..\Run: [PrintBoss Stub] C:\WINDOWS\system32\PB32Stub.exe (Wellspring Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.238.64.12 68.238.96.12 4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vanptc.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9156D09A-02F1-4458-A672-439691979C7A}: DhcpNameServer = 68.238.64.12 68.238.96.12 4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9156D09A-02F1-4458-A672-439691979C7A}: NameServer = 68.238.64.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\insidesales1.VANPTC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\insidesales1.VANPTC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/18 07:17:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Utility Tray.lnk - - File not found
MsConfig - StartUpReg: Acrobat Assistant 7.0 - hkey= - key= - C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: AC_TSAutoUpdate - hkey= - key= - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: eCopy Scan Inbox Monitor - hkey= - key= - C:\Program Files\eCopy\Desktop 9.2\Bin\InboxMonitor.exe (eCopy, Inc.)
MsConfig - StartUpReg: eDP2eD - hkey= - key= - C:\Program Files\eCopy\Desktop 9.2\Bin\eDP2eD.exe (eCopy, Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SiSPower - hkey= - key= - File not found
MsConfig - StartUpReg: SiSUSBRG - hkey= - key= - C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: TalkSwitch Attendant Console Tray - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6B32C748-0503-715D-0444-1D11E816A743} - Vector Graphics Rendering (VML)
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: VIDC.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/29 12:52:06 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\OTL.exe
[2012/03/29 08:38:52 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012/03/29 08:34:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/28 10:34:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\insidesales1.VANPTC\Recent
[2012/03/28 10:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\insidesales1.VANPTC\Start Menu\Programs\System Check
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/29 12:52:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\OTL.exe
[2012/03/29 12:48:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/29 12:48:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/27 10:11:38 | 000,001,776 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\My Documents\Default.rdp
[2012/03/23 15:56:31 | 000,042,728 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\shore total office 095161.pdf
[2012/03/22 14:58:11 | 000,070,546 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\ampliaudio-095455.pdf
[2012/03/22 14:57:15 | 000,070,182 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\calasa-095454.pdf
[2012/03/20 11:17:38 | 000,179,038 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\20120320095228.pdf
[2012/03/19 11:40:44 | 000,155,321 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon BPD02-B products revised.pdf
[2012/03/19 11:20:17 | 000,163,060 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon BPD02-P products revised.pdf
[2012/03/19 11:11:10 | 000,162,994 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon BDP02-W products-revised.pdf
[2012/03/15 16:08:01 | 000,006,647 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\amazon-package bre.pdf
[2012/03/15 16:06:53 | 000,025,458 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon bre-3-15-12FBAFCKJSZ.pdf
[2012/03/15 16:04:53 | 000,008,245 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\amazon-package ind.pdf
[2012/03/15 16:03:03 | 000,058,078 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon IND-3-15-12FBAFCKJSZ.pdf
[2012/03/15 15:55:56 | 000,008,436 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\amazon-package phx.pdf
[2012/03/15 15:50:43 | 000,066,385 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon PHX-3-15-12FBAFCKJSZ.pdf
[2012/03/15 11:07:54 | 000,191,636 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\097918.pdf
[2012/03/15 10:55:52 | 000,047,093 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\oe-iv-pb-bro-2blank.pdf
[2012/03/14 12:03:13 | 000,093,503 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095318.pdf
[2012/03/14 12:02:40 | 000,134,469 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095317.pdf
[2012/03/14 12:01:55 | 000,219,666 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095304.pdf
[2012/03/14 12:01:14 | 000,193,920 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095145A.pdf
[2012/03/14 11:59:47 | 000,234,330 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095145.pdf
[2012/03/14 10:23:41 | 000,251,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 10:19:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/12 11:13:03 | 000,005,476 | ---- | M] () -- C:\WINDOWS\A4WINSTU.BAT
[2012/03/12 09:43:22 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/12 09:43:22 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/01 17:55:34 | 000,068,947 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\sas-095219-proforma.pdf
[2012/03/01 12:05:57 | 000,120,389 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Blank Invoice.pdf
[2012/02/29 15:25:05 | 000,205,069 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\BBCan-094611.pdf
[2012/02/29 15:19:18 | 000,203,461 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\BBCan-094537.pdf
[2012/02/28 15:00:33 | 000,186,732 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\20120228134537.pdf
[2012/02/28 15:00:08 | 000,187,708 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\20120228134512.pdf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/23 15:56:31 | 000,042,728 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\shore total office 095161.pdf
[2012/03/22 14:58:11 | 000,070,546 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\ampliaudio-095455.pdf
[2012/03/22 14:57:15 | 000,070,182 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\calasa-095454.pdf
[2012/03/20 11:07:19 | 000,179,038 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\20120320095228.pdf
[2012/03/19 11:40:39 | 000,155,321 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon BPD02-B products revised.pdf
[2012/03/19 11:20:12 | 000,163,060 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon BPD02-P products revised.pdf
[2012/03/19 11:05:48 | 000,162,994 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon BDP02-W products-revised.pdf
[2012/03/15 16:08:01 | 000,006,647 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\amazon-package bre.pdf
[2012/03/15 16:06:53 | 000,025,458 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon bre-3-15-12FBAFCKJSZ.pdf
[2012/03/15 16:04:53 | 000,008,245 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\amazon-package ind.pdf
[2012/03/15 16:03:03 | 000,058,078 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon IND-3-15-12FBAFCKJSZ.pdf
[2012/03/15 15:55:56 | 000,008,436 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\amazon-package phx.pdf
[2012/03/15 15:50:43 | 000,066,385 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon PHX-3-15-12FBAFCKJSZ.pdf
[2012/03/15 10:55:52 | 000,047,093 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\oe-iv-pb-bro-2blank.pdf
[2012/03/15 10:51:46 | 000,191,636 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\097918.pdf
[2012/03/09 12:33:27 | 000,093,503 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095318.pdf
[2012/03/09 12:33:13 | 000,134,469 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095317.pdf
[2012/03/09 12:32:50 | 000,219,666 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095304.pdf
[2012/03/09 12:32:30 | 000,193,920 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095145A.pdf
[2012/03/09 12:32:07 | 000,234,330 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095145.pdf
[2012/03/01 12:05:56 | 000,120,389 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Blank Invoice.pdf
[2012/02/29 13:39:07 | 000,068,947 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\sas-095219-proforma.pdf
[2012/02/28 15:19:31 | 000,203,461 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\BBCan-094537.pdf
[2012/02/28 15:16:05 | 000,205,069 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\BBCan-094611.pdf
[2012/02/28 15:00:31 | 000,186,732 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\20120228134537.pdf
[2012/02/28 15:00:05 | 000,187,708 | -H-- | C] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\20120228134512.pdf
[2012/02/14 16:02:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/20 16:00:59 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\WSSEMAPHORES.dat

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD1600JB-00GVA0
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 149.00GB
Starting Offset: 32256
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >
[2007/07/24 16:17:08 | 000,081,920 | ---- | M] (Apple Inc.) -- C:\dns-sd.exe
[2011/07/12 19:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe

< %SYSTEMDRIVE%\*.exe >
[2007/07/24 16:17:08 | 000,081,920 | ---- | M] (Apple Inc.) -- C:\dns-sd.exe
[2011/07/12 19:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/03/19 11:04:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Adobe
[2010/10/14 08:45:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\AdobeUM
[2011/10/20 12:40:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Avira
[2011/11/07 15:51:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\CyberLink
[2011/11/14 17:07:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Downloaded Installations
[2010/01/04 16:16:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Help
[2009/12/28 15:35:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Identities
[2009/12/29 16:07:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Macromedia
[2010/03/11 14:57:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Malwarebytes
[2010/03/16 10:59:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Media Player Classic
[2011/04/20 10:52:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Microsoft
[2011/11/14 17:16:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Mozilla
[2011/10/03 10:28:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\POPFile
[2010/10/26 17:01:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\Sun
[2010/03/11 17:00:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\insidesales1.VANPTC\Application Data\SUPERAntiSpyware.com

< MD5 for: ATAPI.SYS >
[2004/08/03 16:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 13:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 13:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/03 15:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/03 15:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/03 15:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/03 15:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/20 12:01:16 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/20 12:01:16 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/20 12:01:16 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/20 12:01:17 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/20 12:01:17 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/20 12:01:17 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 05:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 05:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 05:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< >

< End of report >



---------------------

extras.txt

OTL Extras logfile created on: 3/29/2012 12:54:59 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\insidesales1.VANPTC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

1.47 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 61.69% Memory free
2.03 Gb Paging File | 1.49 Gb Available in Paging File | 73.68% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 114.58 Gb Free Space | 76.88% Space Free | Partition Type: NTFS
Drive S: | 279.45 Gb Total Space | 9.48 Gb Free Space | 3.39% Space Free | Partition Type: NTFS
Drive T: | 69.19 Gb Total Space | 24.02 Gb Free Space | 34.71% Space Free | Partition Type: NTFS
Drive W: | 69.19 Gb Total Space | 24.02 Gb Free Space | 34.71% Space Free | Partition Type: NTFS

Computer Name: IS1 | User Name: insidesales1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Adobe\Adobe GoLive CS2\GoLive.exe" "%1" (Adobe Systems Incorporated)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"6160:TCP" = 6160:TCP:*:Enabled:Seagull Driver Networking
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Outlook Email Address Extractor\Oee.exe" = C:\Program Files\Outlook Email Address Extractor\Oee.exe:*:Enabled:Outlook Email Address Extractor -- (LmhSoft.com)
"C:\Program Files\FedEx\ShipManager\SQLANYWHERE\BIN32\DBENG11.EXE" = C:\Program Files\FedEx\ShipManager\SQLANYWHERE\BIN32\DBENG11.EXE:*:Enabled:FedEx Upgrade Database Service -- (iAnywhere Solutions, Inc.)
"C:\Program Files\FedEx\ShipManager\SQLANYWHERE\BIN32\DBSRV11.EXE" = C:\Program Files\FedEx\ShipManager\SQLANYWHERE\BIN32\DBSRV11.EXE:*:Enabled:FedEx Shipnet Database Service -- (iAnywhere Solutions, Inc.)
"C:\Program Files\FedEx\ShipManager\BIN\BACKUPDATABASEUTILITY.EXE" = C:\Program Files\FedEx\ShipManager\BIN\BACKUPDATABASEUTILITY.EXE:*:Enabled:FedEx Database Backup Utility -- (fedex)
"C:\Program Files\FedEx\ShipManager\BIN\FSMREGISTRATION.EXE" = C:\Program Files\FedEx\ShipManager\BIN\FSMREGISTRATION.EXE:*:Enabled:FedEx Ship Manager Registration -- ()
"C:\Program Files\FedEx\ShipManager\BIN\GSMCOMMSETUP.EXE" = C:\Program Files\FedEx\ShipManager\BIN\GSMCOMMSETUP.EXE:*:Enabled:FedEx GsmCommSetup -- (Fedex)
"C:\Program Files\FedEx\ShipManager\BIN\LDSEDIT.EXE" = C:\Program Files\FedEx\ShipManager\BIN\LDSEDIT.EXE:*:Enabled:FedEx LDSEDIT -- (FedEx)
"C:\Program Files\FedEx\ShipManager\BIN\ADMINSERVICE.EXE" = C:\Program Files\FedEx\ShipManager\BIN\ADMINSERVICE.EXE:*:Enabled:FedEx Administration Service -- ()
"C:\Program Files\FedEx\ShipManager\BIN\SHIPENGINESERVICE.EXE" = C:\Program Files\FedEx\ShipManager\BIN\SHIPENGINESERVICE.EXE:*:Enabled:FedEx Shipping Engine -- (FedEx Corporation)
"C:\Program Files\FedEx\ShipManager\BIN\TRANSENGINESERVICE.EXE" = C:\Program Files\FedEx\ShipManager\BIN\TRANSENGINESERVICE.EXE:*:Enabled:FedEx Transaction Engine -- (FedEx Corporation)
"C:\Program Files\FedEx\ShipManager\BIN\FEDEX.GSM.CAFE.APPLICATIONENGINE.GUI.EXE" = C:\Program Files\FedEx\ShipManager\BIN\FEDEX.GSM.CAFE.APPLICATIONENGINE.GUI.EXE:*:Enabled:FedEx Ship Manager -- (FedEx Services)
"C:\Program Files\FedEx\ShipManager\BIN\FEDEX.GSM.EXTERNAL.VERIFI.SERVICE.EXE" = C:\Program Files\FedEx\ShipManager\BIN\FEDEX.GSM.EXTERNAL.VERIFI.SERVICE.EXE:*:Enabled:FedEx Verifi Service -- ()
"C:\Program Files\FedEx\ShipManager\BIN\REPORTPROCESSING.EXE" = C:\Program Files\FedEx\ShipManager\BIN\REPORTPROCESSING.EXE:*:Enabled:FedEx Report Processing -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Outlook Email Address Extractor\Oee.exe" = C:\Program Files\Outlook Email Address Extractor\Oee.exe:*:Enabled:Outlook Email Address Extractor -- (LmhSoft.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell Printer Software
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{257856D2-A188-4C78-8B6C-2830440EA409}" = ACCPAC System Manager 5.3A
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2A033A00-FE0D-4609-B0E8-2C49CC494FC8}" = WorldShip
"{2E96D781-FE8C-4888-8B41-9F8B2F6118F7}" = FedEx Ship Manager
"{31821EFE-1B31-4744-9FB0-208F92BD7168}" = Visual FoxPro ODBC Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{33035862-543C-4405-9CC6-08593CF2C25F}" = ReportServer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390160B4-D276-4A04-8002-8D3101A0D367}" = UPSICC
"{39A3DC93-4EE4-40A8-A85E-6188BDABD651}" = Pervasive.SQL V8 Client (v8.6)
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54319E6C-5EDF-4ECA-AE4E-34C2C355873A}" = ACCPAC - Crystal Reports 9 Runtime Files
"{56B59C2A-EFB8-44AC-88F5-3280171E4522}" = PolicyManager
"{5AE59A84-B2F3-42CC-A246-5AF80F6EE770}" = Reconciler
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM Beta2
"{66332652-9C28-58B1-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL.Policy (x86) WinSXS MSM Beta2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{68AF09E3-1167-4771-903C-CCCDCF7E171C}" = NRF
"{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM Beta2
"{7CFEB8AC-81E3-4D09-8E84-0755F03D1416}" = MISys Manufacturing v5.3A
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{865FE643-F643-4DFE-98BC-ABAD70871C8E}" = Winamp
"{8C5BD501-AD5D-4A75-9321-076509B438FC}" = WebHelp
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F881647-AC08-4E13-9782-D347FBA634AD}" = ShipRush for FedEx - Ecommerce Edition
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
"{95749C5B-BC37-41E3-8D39-EEF4C21A2825}" = CCC
"{96327C3C-96BE-4C7A-A6F7-A71635E5949A}" = Microsoft SQL Server 2005 Backward compatibility
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM Beta2
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM Beta2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC (x86) WinSXS MSM Beta2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{B00A7ECF-F388-4E75-8874-EB3C7E4FD27A}" = VBA (2627.01)
"{B11CC4B0-72DF-4674-B169-741A47416A16}" = ACCPAC Purchase Orders 5.3B
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BBE3E502-F1D6-4FC9-9844-CC0850B7C516}" = Network ScanGear Ver.2.21
"{BC728F95-2D3F-4D05-9E1E-F2A3CEBF3FE8}" = FormsComponent
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C30E30A6-0AB5-470A-AB67-D322938F5429}" = SupportUtility
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C9D43B38-34AD-4EC2-B696-46F42D49D174}" = MSIChecker
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1
"{CD5DC4AA-7D62-48D9-B756-5925471001FE}" = Microsoft OLE DB Provider for Visual FoxPro
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D44E7219-947E-4F1B-830E-66EF11ACC543}" = NA1Messenger
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DB2C58E0-6284-4B48-97F2-22A980B6360B}" = System
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E}" = UPSlinkHTTP
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA9629DA-5715-48BA-B054-28169702B176}" = FOSS
"{ED782024-4713-4DD6-85FA-B2B038DE4007}" = RRU
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6933C3F-8B88-46C6-8001-81BD53A1CB47}" = eCopy Desktop 9.2
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Brother 1440" = Brother 1440
"BROWNIE" = Brownie
"Dell Printer Software Uninstall" = Dell Printer Software Uninstall
"Edisoft Merchant 3.0 for Accpac" = Edisoft Merchant 3.0 for Accpac
"Email Extractor 2.6_is1" = Email Extractor 2.6 + Mailbox SDK + Web Extractor + Email Addre
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{54319E6C-5EDF-4ECA-AE4E-34C2C355873A}" = ACCPAC - Crystal Reports 9 Runtime Files
"InstallShield_{BBE3E502-F1D6-4FC9-9844-CC0850B7C516}" = Network ScanGear Ver.2.21
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.72 Full
"LABEL MATRIX 7" = LABEL MATRIX 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 1.1 SP1 (1033)" = Microsoft .NET Framework 1.1 SP1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Outlook Email Address Extractor_is1" = Outlook Email Address Extractor 2.8
"Pervasive System Analyzer" = Pervasive System Analyzer
"POPFile" = POPFile 1.1.0
"PowerArchiver_is1" = PowerArchiver 2006 v9.60
"SiS VGA Driver" = SiS VGA Utilities
"UPS WorldShip" = UPS WorldShip
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2ec9e9d1bf522caa" = FedEx Desktop Customer Tools - 1
"POPFile_Data" = POPFile Data (insidesales1)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/28/2012 12:50:50 PM | Computer Name = IS1 | Source = UserInit | ID = 1000
Description = Could not execute the following script reporttranser.bat. The system
cannot find the file specified. .

Error - 3/28/2012 1:34:07 PM | Computer Name = IS1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 3/28/2012 1:34:24 PM | Computer Name = IS1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 3/28/2012 1:37:47 PM | Computer Name = IS1 | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The specified
domain either does not exist or could not be contacted. ). Group Policy processing
aborted.

Error - 3/28/2012 1:38:02 PM | Computer Name = IS1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 3/28/2012 1:38:24 PM | Computer Name = IS1 | Source = UserInit | ID = 1000
Description = Could not execute the following script reporttranser.bat. The system
cannot find the file specified. .

Error - 3/29/2012 3:49:24 PM | Computer Name = IS1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 3/29/2012 3:49:40 PM | Computer Name = IS1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 3/29/2012 3:51:11 PM | Computer Name = IS1 | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The specified
domain either does not exist or could not be contacted. ). Group Policy processing
aborted.

Error - 3/29/2012 3:51:33 PM | Computer Name = IS1 | Source = UserInit | ID = 1000
Description = Could not execute the following script reporttranser.bat. The system
cannot find the file specified. .

[ System Events ]
Error - 3/28/2012 1:36:11 PM | Computer Name = IS1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/28/2012 1:37:15 PM | Computer Name = IS1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avipbb avkmgr Fips intelppm ssmdrv

Error - 3/28/2012 1:37:17 PM | Computer Name = IS1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/28/2012 1:37:18 PM | Computer Name = IS1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/28/2012 1:37:49 PM | Computer Name = IS1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/28/2012 1:39:07 PM | Computer Name = IS1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/28/2012 1:41:47 PM | Computer Name = IS1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/29/2012 3:49:08 PM | Computer Name = IS1 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain VANPTC due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 3/29/2012 3:50:04 PM | Computer Name = IS1 | Source = Service Control Manager | ID = 7000
Description = The Attendant Console Communications Manager service failed to start
due to the following error: %%2

Error - 3/29/2012 3:50:21 PM | Computer Name = IS1 | Source = Print | ID = 33
Description = The PrintQueue Container could not be found because the DNS Domain
name could not be retrieved. Error: 54b


< End of report >
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
1. Open Avira AntiVir Personal. (There is likely an icon on your desktop, or in your system tray by the clock.)
2. Click the "Configuration" link on the main screen. This opens the configuration panel.
3. Check the "Expert mode" option.
4. Click on General > Security.
5. *Uncheck* the option titled "Protect files and registry entries from manipulation".
6. Click the "OK" button.
7. Reboot your computer.


Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
O4 - HKLM..\Run: [kOVWhuUpjWR.exe] C:\Documents and Settings\All Users\Application Data\kOVWhuUpjWR.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config TSCONSOLESERVICE start= disabled /c
C:\Documents and Settings\insidesales1.VANPTC\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
C:\Documents and Settings\All Users\Application Data\7B7iVCyeXU3Pdj
C:\Documents and Settings\All Users\Application Data\~7B7iVCyeXU3Pdj
C:\Documents and Settings\All Users\Application Data\~7B7iVCyeXU3Pdjr
C:\Documents and Settings\insidesales1.VANPTC\Desktop\System Check.lnk
C:\Documents and Settings\All Users\Application Data\7B7iVCyeXU3Pdj.exe
C:\Documents and Settings\All Users\Application Data\kOVWhuUpjWR.exe
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Run OTL. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Download, Save unhide.exe from

http://download.blee...nler/unhide.exe

Run it.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan. Allow the Avast Engine.
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply.


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 20
J2SE Runtime Environment 5.0 Update 4

Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar, McAfee Security Scan or other foistware.

Right click on any System Check icons you see and Delete.
  • 0

#5
smackattack

smackattack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Whoa, thats a big run of stuff, im going to post each log in its own post, hope that doesnt make it harder.

Unhide brought back my Start-Programs list, but all the shortcuts inside are gone. That temp folder is gone, i think im hosed on getting that stuff back and will have to manually add shortcuts back. I had to do the generic win xp rebuild to get stuff to show up too. Quicklaunch is gone too. Oh well.

First up, OTL log after reboot.

========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kOVWhuUpjWR.exe deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\ deleted successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\insidesales1.VANPTC\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\insidesales1.VANPTC\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\insidesales1.VANPTC\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\insidesales1.VANPTC\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\insidesales1.VANPTC\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\insidesales1.VANPTC\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\insidesales1.VANPTC\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\insidesales1.VANPTC\Desktop\cmd.txt deleted successfully.
< sc config TSCONSOLESERVICE start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\insidesales1.VANPTC\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\insidesales1.VANPTC\Desktop\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\insidesales1.VANPTC\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk not found.
File\Folder C:\Documents and Settings\All Users\Application Data\7B7iVCyeXU3Pdj not found.
File\Folder C:\Documents and Settings\All Users\Application Data\~7B7iVCyeXU3Pdj not found.
File\Folder C:\Documents and Settings\All Users\Application Data\~7B7iVCyeXU3Pdjr not found.
File\Folder C:\Documents and Settings\insidesales1.VANPTC\Desktop\System Check.lnk not found.
File\Folder C:\Documents and Settings\All Users\Application Data\7B7iVCyeXU3Pdj.exe not found.
File\Folder C:\Documents and Settings\All Users\Application Data\kOVWhuUpjWR.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User

User: insidesales1.VANPTC
->Flash cache emptied: 459 bytes

User: LocalService.NT AUTHORITY

User: NetworkService.NT AUTHORITY

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: insidesales1.VANPTC
->Java cache emptied: 0 bytes

User: LocalService.NT AUTHORITY

User: NetworkService.NT AUTHORITY

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 03292012_145240

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#6
smackattack

smackattack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Combofix

ComboFix 12-03-29.02 - insidesales1 03/29/2012 15:34:15.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1503.1017 [GMT -7:00]
Running from: c:\documents and settings\insidesales1.VANPTC\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\insidesales1.VANPTC\Start Menu\Programs\System Check
c:\documents and settings\insidesales1.VANPTC\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\insidesales1.VANPTC\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\windows\dasetup.log
c:\windows\system32\dllcache\dlimport.exe
c:\windows\TEMP\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_0\dbdata.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 15:38 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe
2012-03-29 15:34 . 2012-03-29 15:34 -------- d-----w- C:\_OTL
2012-03-20 19:01 . 2012-03-20 19:01 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-20 19:01 . 2012-03-20 19:01 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-12 18:13 . 2007-07-20 21:05 5476 ----a-w- c:\windows\A4WINSTU.BAT
2012-02-22 17:39 . 2011-05-23 16:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 18:11 . 2011-10-20 19:40 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-03 09:22 . 2004-08-03 21:17 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-14 23:02 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2007-07-18 14:12 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-20 19:01 . 2011-12-01 20:14 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PrintBoss Stub"="c:\windows\system32\PB32Stub.exe" [2004-08-12 148480]
"NA1Messenger"="c:\ups\WSTD\UPSNA1Msgr.exe" [2008-07-03 20480]
"eCopy Scan Inbox Monitor"="c:\program files\eCopy\Desktop 9.2\Bin\InboxMonitor.exe" [2008-01-30 79112]
"eDP2eD"="c:\program files\eCopy\Desktop 9.2\Bin\eDP2eD.exe" [2008-01-30 144648]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-436374069-261478967-839522115-1122\Scripts\Logon\0\0]
"Script"=reporttranser.bat
.
[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Utility Tray.lnk]
path=c:\docume~1\ALLUSE~1\Start Menu\Programs\Startup\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 09:08 483328 ----a-w- c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCopy Scan Inbox Monitor]
2008-01-30 02:40 79112 ----a-w- c:\program files\eCopy\Desktop 9.2\Bin\InboxMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDP2eD]
2008-01-30 02:28 144648 ----a-w- c:\program files\eCopy\Desktop 9.2\Bin\eDP2eD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2007-04-11 10:06 53248 ----a-w- c:\windows\system32\SiSPower.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
2004-02-13 09:30 106496 ----a-w- c:\windows\SiSUSBrg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-09-16 04:39 69632 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Outlook Email Address Extractor\\Oee.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/20/2011 12:40 PM 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/20/2011 12:40 PM 86224]
R2 FedExAdminService;FedEx Administration Service;c:\program files\FedEx\ShipManager\BIN\AdminService.exe [1/17/2012 3:48 PM 24576]
R2 FedExLoggingService;FedEx Logging Service;c:\program files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe [1/17/2012 3:47 PM 7168]
R2 FedExShipnetDBService;FedEx Shipnet Database Service;c:\program files\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe [1/17/2012 3:44 PM 141176]
S3 FedExShipService;FedEx Shipping Engine;c:\program files\FedEx\ShipManager\BIN\ShipEngineService.exe [1/17/2012 3:50 PM 5120]
S3 FedExTransactionService;FedEx Transaction Engine;c:\program files\FedEx\ShipManager\BIN\TransEngineService.exe [1/17/2012 3:48 PM 6656]
S4 TSCONSOLESERVICE;Attendant Console Communications Manager;c:\documents and settings\insidesales1\Desktop\TALKSWITCH\Attendant Console 1.10\Server\TalkSwitchConsoleServer.exe --> c:\documents and settings\insidesales1\Desktop\TALKSWITCH\Attendant Console 1.10\Server\TalkSwitchConsoleServer.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.238.64.12 68.238.96.12 4.2.2.1
TCP: Interfaces\{9156D09A-02F1-4458-A672-439691979C7A}: NameServer = 68.238.64.12
FF - ProfilePath - c:\documents and settings\insidesales1.VANPTC\Application Data\Mozilla\Firefox\Profiles\ipnqueov.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AC_TSAutoUpdate - c:\documents and settings\insidesales1\Desktop\TALKSWITCH\Attendant Console 1.10\Server\TSAutoUpdate.exe
MSConfigStartUp-TalkSwitch Attendant Console Tray - c:\documents and settings\insidesales1\Desktop\TALKSWITCH\Attendant Console 1.10\Server\AttendantConsoleServerTray.exe
AddRemove-HijackThis - e:\hijack this\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-29 16:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(168)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\brss01a.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Completion time: 2012-03-29 16:31:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-29 23:31
.
Pre-Run: 122,968,375,296 bytes free
Post-Run: 123,024,203,776 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - C4F3D86FFA29FE64345AB6AC1A475899
  • 0

#7
smackattack

smackattack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
TDSSKiller

first run found nothing, second run I skipped all the stuff It found since they were legit, here is the log

16:35:09.0640 2548 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
16:35:10.0578 2548 ============================================================
16:35:10.0578 2548 Current date / time: 2012/03/29 16:35:10.0578
16:35:10.0578 2548 SystemInfo:
16:35:10.0578 2548
16:35:10.0578 2548 OS Version: 5.1.2600 ServicePack: 3.0
16:35:10.0578 2548 Product type: Workstation
16:35:10.0578 2548 ComputerName: IS1
16:35:10.0578 2548 UserName: insidesales1
16:35:10.0578 2548 Windows directory: C:\WINDOWS
16:35:10.0578 2548 System windows directory: C:\WINDOWS
16:35:10.0578 2548 Processor architecture: Intel x86
16:35:10.0578 2548 Number of processors: 2
16:35:10.0578 2548 Page size: 0x1000
16:35:10.0578 2548 Boot type: Normal boot
16:35:10.0578 2548 ============================================================
16:35:11.0437 2548 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:35:11.0437 2548 \Device\Harddisk0\DR0:
16:35:11.0437 2548 MBR used
16:35:11.0437 2548 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
16:35:11.0453 2548 Initialize success
16:35:11.0453 2548 ============================================================
16:35:33.0781 2528 ============================================================
16:35:33.0781 2528 Scan started
16:35:33.0781 2528 Mode: Manual;
16:35:33.0781 2528 ============================================================
16:35:33.0984 2528 Abiosdsk - ok
16:35:34.0015 2528 abp480n5 - ok
16:35:34.0078 2528 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:35:34.0078 2528 ACPI - ok
16:35:34.0125 2528 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:35:34.0125 2528 ACPIEC - ok
16:35:34.0187 2528 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
16:35:34.0187 2528 Adobe LM Service - ok
16:35:34.0203 2528 adpu160m - ok
16:35:34.0250 2528 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:35:34.0265 2528 aec - ok
16:35:34.0312 2528 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:35:34.0312 2528 AFD - ok
16:35:34.0328 2528 Aha154x - ok
16:35:34.0359 2528 aic78u2 - ok
16:35:34.0375 2528 aic78xx - ok
16:35:34.0500 2528 ALCXWDM (292ce6f164008e825d71c07fd0265943) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:35:34.0562 2528 ALCXWDM - ok
16:35:34.0625 2528 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:35:34.0625 2528 Alerter - ok
16:35:34.0656 2528 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:35:34.0656 2528 ALG - ok
16:35:34.0671 2528 AliIde - ok
16:35:34.0687 2528 amsint - ok
16:35:34.0734 2528 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:35:34.0750 2528 AntiVirSchedulerService - ok
16:35:34.0765 2528 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:35:34.0765 2528 AntiVirService - ok
16:35:34.0843 2528 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
16:35:34.0843 2528 AppMgmt - ok
16:35:34.0875 2528 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:35:34.0875 2528 Arp1394 - ok
16:35:34.0906 2528 asc - ok
16:35:34.0921 2528 asc3350p - ok
16:35:34.0937 2528 asc3550 - ok
16:35:35.0046 2528 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:35:35.0046 2528 aspnet_state - ok
16:35:35.0078 2528 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:35:35.0078 2528 AsyncMac - ok
16:35:35.0109 2528 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:35:35.0109 2528 atapi - ok
16:35:35.0125 2528 Atdisk - ok
16:35:35.0156 2528 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:35:35.0171 2528 Atmarpc - ok
16:35:35.0218 2528 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:35:35.0218 2528 AudioSrv - ok
16:35:35.0250 2528 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:35:35.0250 2528 audstub - ok
16:35:35.0265 2528 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:35:35.0281 2528 avgntflt - ok
16:35:35.0312 2528 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:35:35.0312 2528 avipbb - ok
16:35:35.0328 2528 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
16:35:35.0328 2528 avkmgr - ok
16:35:35.0375 2528 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:35:35.0375 2528 Beep - ok
16:35:35.0406 2528 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:35:35.0421 2528 BITS - ok
16:35:35.0468 2528 Brother XP spl Service (34f2f5b6a6d28b8fb872dfd57c5323ac) C:\WINDOWS\system32\brsvc01a.exe
16:35:35.0468 2528 Brother XP spl Service - ok
16:35:35.0500 2528 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:35:35.0500 2528 Browser - ok
16:35:35.0531 2528 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
16:35:35.0546 2528 BrPar - ok
16:35:35.0546 2528 catchme - ok
16:35:35.0609 2528 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:35:35.0609 2528 cbidf2k - ok
16:35:35.0625 2528 cd20xrnt - ok
16:35:35.0640 2528 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:35:35.0640 2528 Cdaudio - ok
16:35:35.0671 2528 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:35:35.0671 2528 Cdfs - ok
16:35:35.0718 2528 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:35:35.0718 2528 Cdrom - ok
16:35:35.0734 2528 Changer - ok
16:35:35.0796 2528 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:35:35.0796 2528 CiSvc - ok
16:35:35.0812 2528 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:35:35.0812 2528 ClipSrv - ok
16:35:35.0875 2528 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:35:35.0890 2528 clr_optimization_v2.0.50727_32 - ok
16:35:35.0906 2528 CmdIde - ok
16:35:35.0921 2528 COMSysApp - ok
16:35:35.0953 2528 Cpqarray - ok
16:35:36.0015 2528 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:35:36.0015 2528 CryptSvc - ok
16:35:36.0031 2528 dac2w2k - ok
16:35:36.0062 2528 dac960nt - ok
16:35:36.0125 2528 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:35:36.0125 2528 DcomLaunch - ok
16:35:36.0156 2528 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:35:36.0156 2528 Dhcp - ok
16:35:36.0171 2528 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:35:36.0187 2528 Disk - ok
16:35:36.0203 2528 dmadmin - ok
16:35:36.0265 2528 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:35:36.0296 2528 dmboot - ok
16:35:36.0343 2528 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:35:36.0343 2528 dmio - ok
16:35:36.0375 2528 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:35:36.0390 2528 dmload - ok
16:35:36.0437 2528 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:35:36.0437 2528 dmserver - ok
16:35:36.0453 2528 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:35:36.0468 2528 DMusic - ok
16:35:36.0515 2528 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:35:36.0515 2528 Dnscache - ok
16:35:36.0593 2528 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:35:36.0593 2528 Dot3svc - ok
16:35:36.0609 2528 dpti2o - ok
16:35:36.0640 2528 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:35:36.0640 2528 drmkaud - ok
16:35:36.0687 2528 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:35:36.0687 2528 EapHost - ok
16:35:36.0718 2528 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:35:36.0718 2528 ERSvc - ok
16:35:36.0765 2528 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:35:36.0781 2528 Eventlog - ok
16:35:36.0828 2528 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
16:35:36.0828 2528 EventSystem - ok
16:35:36.0859 2528 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:35:36.0859 2528 Fastfat - ok
16:35:36.0906 2528 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:35:36.0906 2528 FastUserSwitchingCompatibility - ok
16:35:36.0937 2528 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:35:36.0937 2528 Fdc - ok
16:35:37.0031 2528 FedExAdminService (7a3b2c4cdcddcb9919fdd5e92c925263) C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe
16:35:37.0031 2528 FedExAdminService - ok
16:35:37.0046 2528 FedExLoggingService (58c8526b503f4800b92dbfb99a88efa3) C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe
16:35:37.0046 2528 FedExLoggingService - ok
16:35:37.0109 2528 FedExShipnetDBService (bb60972e2eb2d5cf1f1979c4032c2eec) C:\Program Files\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe
16:35:37.0109 2528 FedExShipnetDBService - ok
16:35:37.0125 2528 FedExShipService (6b30c5039260a82a6216e9505af6d62b) C:\Program Files\FedEx\ShipManager\BIN\ShipEngineService.exe
16:35:37.0125 2528 FedExShipService - ok
16:35:37.0140 2528 FedExTransactionService (36d9046df989e8d2bd8e983fc4c7a01e) C:\Program Files\FedEx\ShipManager\BIN\TransEngineService.exe
16:35:37.0156 2528 FedExTransactionService - ok
16:35:37.0171 2528 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:35:37.0171 2528 Fips - ok
16:35:37.0187 2528 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:35:37.0203 2528 Flpydisk - ok
16:35:37.0250 2528 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:35:37.0265 2528 FltMgr - ok
16:35:37.0328 2528 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:35:37.0343 2528 FontCache3.0.0.0 - ok
16:35:37.0375 2528 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:35:37.0375 2528 Fs_Rec - ok
16:35:37.0406 2528 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:35:37.0406 2528 Ftdisk - ok
16:35:37.0437 2528 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:35:37.0437 2528 Gpc - ok
16:35:37.0484 2528 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:35:37.0484 2528 helpsvc - ok
16:35:37.0500 2528 HidServ - ok
16:35:37.0531 2528 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:35:37.0531 2528 HidUsb - ok
16:35:37.0593 2528 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:35:37.0593 2528 hkmsvc - ok
16:35:37.0609 2528 hpn - ok
16:35:37.0671 2528 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:35:37.0671 2528 HTTP - ok
16:35:37.0687 2528 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:35:37.0687 2528 HTTPFilter - ok
16:35:37.0703 2528 i2omgmt - ok
16:35:37.0734 2528 i2omp - ok
16:35:37.0765 2528 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:35:37.0765 2528 i8042prt - ok
16:35:37.0843 2528 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:35:37.0843 2528 IDriverT - ok
16:35:37.0921 2528 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:35:37.0968 2528 idsvc - ok
16:35:38.0000 2528 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:35:38.0000 2528 Imapi - ok
16:35:38.0062 2528 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:35:38.0062 2528 ImapiService - ok
16:35:38.0078 2528 ini910u - ok
16:35:38.0109 2528 IntelIde - ok
16:35:38.0140 2528 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:35:38.0156 2528 intelppm - ok
16:35:38.0187 2528 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:35:38.0187 2528 Ip6Fw - ok
16:35:38.0234 2528 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:35:38.0234 2528 IpFilterDriver - ok
16:35:38.0265 2528 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:35:38.0265 2528 IpInIp - ok
16:35:38.0296 2528 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:35:38.0296 2528 IpNat - ok
16:35:38.0328 2528 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:35:38.0328 2528 IPSec - ok
16:35:38.0359 2528 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:35:38.0359 2528 IRENUM - ok
16:35:38.0390 2528 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:35:38.0390 2528 isapnp - ok
16:35:38.0500 2528 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe
16:35:38.0500 2528 JavaQuickStarterService - ok
16:35:38.0531 2528 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:35:38.0531 2528 Kbdclass - ok
16:35:38.0562 2528 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:35:38.0562 2528 kmixer - ok
16:35:38.0593 2528 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:35:38.0609 2528 KSecDD - ok
16:35:38.0640 2528 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:35:38.0656 2528 lanmanserver - ok
16:35:38.0687 2528 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:35:38.0703 2528 lanmanworkstation - ok
16:35:38.0718 2528 lbrtfdc - ok
16:35:38.0765 2528 LexBceS (f93eb7b8a5ea70e14b2d1a1da0b9a623) C:\WINDOWS\system32\LEXBCES.EXE
16:35:38.0765 2528 LexBceS - ok
16:35:38.0796 2528 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:35:38.0796 2528 LmHosts - ok
16:35:38.0828 2528 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:35:38.0828 2528 Messenger - ok
16:35:38.0859 2528 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:35:38.0859 2528 mnmdd - ok
16:35:38.0906 2528 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
16:35:38.0906 2528 mnmsrvc - ok
16:35:38.0937 2528 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:35:38.0937 2528 Modem - ok
16:35:38.0968 2528 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:35:38.0968 2528 Mouclass - ok
16:35:39.0000 2528 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:35:39.0000 2528 mouhid - ok
16:35:39.0031 2528 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:35:39.0031 2528 MountMgr - ok
16:35:39.0046 2528 mraid35x - ok
16:35:39.0078 2528 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:35:39.0078 2528 MRxDAV - ok
16:35:39.0156 2528 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:35:39.0156 2528 MRxSmb - ok
16:35:39.0187 2528 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
16:35:39.0187 2528 MSDTC - ok
16:35:39.0234 2528 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:35:39.0234 2528 Msfs - ok
16:35:39.0250 2528 MSIServer - ok
16:35:39.0281 2528 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:35:39.0281 2528 MSKSSRV - ok
16:35:39.0312 2528 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:35:39.0312 2528 MSPCLOCK - ok
16:35:39.0328 2528 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:35:39.0328 2528 MSPQM - ok
16:35:39.0375 2528 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:35:39.0375 2528 mssmbios - ok
16:35:39.0406 2528 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:35:39.0421 2528 Mup - ok
16:35:39.0546 2528 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:35:39.0546 2528 napagent - ok
16:35:39.0625 2528 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:35:39.0625 2528 NDIS - ok
16:35:39.0656 2528 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:35:39.0656 2528 NdisTapi - ok
16:35:39.0687 2528 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:35:39.0687 2528 Ndisuio - ok
16:35:39.0734 2528 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:35:39.0734 2528 NdisWan - ok
16:35:39.0781 2528 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:35:39.0781 2528 NDProxy - ok
16:35:39.0796 2528 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:35:39.0796 2528 NetBIOS - ok
16:35:39.0843 2528 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:35:39.0843 2528 NetBT - ok
16:35:39.0890 2528 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:35:39.0890 2528 NetDDE - ok
16:35:39.0906 2528 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:35:39.0906 2528 NetDDEdsdm - ok
16:35:39.0937 2528 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:35:39.0953 2528 Netlogon - ok
16:35:39.0984 2528 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:35:39.0984 2528 Netman - ok
16:35:40.0062 2528 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:35:40.0062 2528 NetTcpPortSharing - ok
16:35:40.0109 2528 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:35:40.0109 2528 NIC1394 - ok
16:35:40.0171 2528 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:35:40.0171 2528 Nla - ok
16:35:40.0187 2528 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:35:40.0203 2528 Npfs - ok
16:35:40.0250 2528 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:35:40.0265 2528 Ntfs - ok
16:35:40.0281 2528 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:35:40.0296 2528 NtLmSsp - ok
16:35:40.0375 2528 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:35:40.0375 2528 NtmsSvc - ok
16:35:40.0421 2528 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:35:40.0421 2528 Null - ok
16:35:40.0468 2528 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:35:40.0468 2528 NwlnkFlt - ok
16:35:40.0500 2528 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:35:40.0500 2528 NwlnkFwd - ok
16:35:40.0515 2528 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:35:40.0515 2528 ohci1394 - ok
16:35:40.0578 2528 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:35:40.0578 2528 ose - ok
16:35:40.0609 2528 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:35:40.0609 2528 Parport - ok
16:35:40.0640 2528 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:35:40.0640 2528 PartMgr - ok
16:35:40.0671 2528 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:35:40.0671 2528 ParVdm - ok
16:35:40.0703 2528 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:35:40.0703 2528 PCI - ok
16:35:40.0718 2528 PCIDump - ok
16:35:40.0750 2528 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:35:40.0750 2528 PCIIde - ok
16:35:40.0812 2528 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:35:40.0812 2528 Pcmcia - ok
16:35:40.0828 2528 PDCOMP - ok
16:35:40.0859 2528 PDFRAME - ok
16:35:40.0875 2528 PDRELI - ok
16:35:40.0906 2528 PDRFRAME - ok
16:35:40.0921 2528 perc2 - ok
16:35:40.0937 2528 perc2hib - ok
16:35:41.0015 2528 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:35:41.0015 2528 PlugPlay - ok
16:35:41.0062 2528 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:35:41.0062 2528 PolicyAgent - ok
16:35:41.0078 2528 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:35:41.0078 2528 PptpMiniport - ok
16:35:41.0093 2528 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:35:41.0109 2528 ProtectedStorage - ok
16:35:41.0125 2528 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:35:41.0125 2528 PSched - ok
16:35:41.0156 2528 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:35:41.0156 2528 Ptilink - ok
16:35:41.0171 2528 ql1080 - ok
16:35:41.0203 2528 Ql10wnt - ok
16:35:41.0218 2528 ql12160 - ok
16:35:41.0234 2528 ql1240 - ok
16:35:41.0265 2528 ql1280 - ok
16:35:41.0281 2528 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:35:41.0296 2528 RasAcd - ok
16:35:41.0343 2528 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:35:41.0343 2528 RasAuto - ok
16:35:41.0390 2528 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:35:41.0390 2528 Rasl2tp - ok
16:35:41.0437 2528 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:35:41.0437 2528 RasMan - ok
16:35:41.0453 2528 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:35:41.0468 2528 RasPppoe - ok
16:35:41.0484 2528 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:35:41.0484 2528 Raspti - ok
16:35:41.0515 2528 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:35:41.0515 2528 Rdbss - ok
16:35:41.0531 2528 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:35:41.0546 2528 RDPCDD - ok
16:35:41.0578 2528 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:35:41.0578 2528 rdpdr - ok
16:35:41.0640 2528 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
16:35:41.0640 2528 RDPWD - ok
16:35:41.0671 2528 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:35:41.0671 2528 RDSessMgr - ok
16:35:41.0687 2528 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:35:41.0703 2528 redbook - ok
16:35:41.0750 2528 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:35:41.0750 2528 RemoteAccess - ok
16:35:41.0781 2528 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
16:35:41.0796 2528 RemoteRegistry - ok
16:35:41.0812 2528 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
16:35:41.0812 2528 RpcLocator - ok
16:35:41.0875 2528 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
16:35:41.0875 2528 RpcSs - ok
16:35:41.0921 2528 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
16:35:41.0921 2528 RSVP - ok
16:35:41.0968 2528 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
16:35:41.0968 2528 rtl8139 - ok
16:35:41.0984 2528 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:35:41.0984 2528 SamSs - ok
16:35:42.0015 2528 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:35:42.0015 2528 SCardSvr - ok
16:35:42.0046 2528 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:35:42.0046 2528 Schedule - ok
16:35:42.0109 2528 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:35:42.0109 2528 Secdrv - ok
16:35:42.0156 2528 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:35:42.0156 2528 seclogon - ok
16:35:42.0187 2528 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:35:42.0187 2528 SENS - ok
16:35:42.0218 2528 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:35:42.0218 2528 serenum - ok
16:35:42.0250 2528 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:35:42.0250 2528 Serial - ok
16:35:42.0296 2528 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:35:42.0296 2528 Sfloppy - ok
16:35:42.0359 2528 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:35:42.0359 2528 SharedAccess - ok
16:35:42.0406 2528 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:35:42.0406 2528 ShellHWDetection - ok
16:35:42.0421 2528 Simbad - ok
16:35:42.0484 2528 SiS315 (c14863dece98b65195429df2dcc038bc) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
16:35:42.0484 2528 SiS315 - ok
16:35:42.0531 2528 siside (b4485881bd8aed9b157a2e6cf43c2d51) C:\WINDOWS\system32\DRIVERS\siside.sys
16:35:42.0531 2528 siside - ok
16:35:42.0562 2528 sisidex (6225224b8e846ac230f8d9b343635910) C:\WINDOWS\system32\drivers\sisidex.sys
16:35:42.0578 2528 sisidex - ok
16:35:42.0593 2528 SiSkp (c29363d5855c4b55012a31ef6436013c) C:\WINDOWS\system32\DRIVERS\srvkp.sys
16:35:42.0593 2528 SiSkp - ok
16:35:42.0609 2528 sisperf (596d4a7052002d2bd344d8937da6f66d) C:\WINDOWS\system32\drivers\sisperf.sys
16:35:42.0609 2528 sisperf - ok
16:35:42.0640 2528 Sparrow - ok
16:35:42.0687 2528 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:35:42.0687 2528 splitter - ok
16:35:42.0734 2528 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:35:42.0734 2528 Spooler - ok
16:35:42.0750 2528 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:35:42.0750 2528 sr - ok
16:35:42.0812 2528 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
16:35:42.0812 2528 srservice - ok
16:35:42.0843 2528 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:35:42.0859 2528 Srv - ok
16:35:42.0890 2528 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:35:42.0890 2528 SSDPSRV - ok
16:35:42.0937 2528 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:35:42.0937 2528 ssmdrv - ok
16:35:42.0984 2528 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:35:43.0000 2528 stisvc - ok
16:35:43.0015 2528 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:35:43.0031 2528 swenum - ok
16:35:43.0046 2528 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:35:43.0046 2528 swmidi - ok
16:35:43.0078 2528 SwPrv - ok
16:35:43.0093 2528 symc810 - ok
16:35:43.0125 2528 symc8xx - ok
16:35:43.0140 2528 sym_hi - ok
16:35:43.0171 2528 sym_u3 - ok
16:35:43.0187 2528 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:35:43.0187 2528 sysaudio - ok
16:35:43.0218 2528 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:35:43.0218 2528 SysmonLog - ok
16:35:43.0250 2528 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:35:43.0265 2528 TapiSrv - ok
16:35:43.0328 2528 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:35:43.0328 2528 Tcpip - ok
16:35:43.0359 2528 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:35:43.0375 2528 TDPIPE - ok
16:35:43.0390 2528 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:35:43.0390 2528 TDTCP - ok
16:35:43.0421 2528 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:35:43.0421 2528 TermDD - ok
16:35:43.0453 2528 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:35:43.0453 2528 TermService - ok
16:35:43.0500 2528 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:35:43.0515 2528 Themes - ok
16:35:43.0546 2528 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
16:35:43.0562 2528 TlntSvr - ok
16:35:43.0578 2528 TosIde - ok
16:35:43.0609 2528 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:35:43.0609 2528 TrkWks - ok
16:35:43.0640 2528 TSCONSOLESERVICE - ok
16:35:43.0687 2528 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
16:35:43.0703 2528 uagp35 - ok
16:35:43.0734 2528 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:35:43.0734 2528 Udfs - ok
16:35:43.0750 2528 ultra - ok
16:35:43.0796 2528 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:35:43.0812 2528 Update - ok
16:35:43.0843 2528 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:35:43.0843 2528 upnphost - ok
16:35:43.0859 2528 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:35:43.0875 2528 UPS - ok
16:35:43.0906 2528 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:35:43.0906 2528 usbehci - ok
16:35:43.0921 2528 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:35:43.0921 2528 usbhub - ok
16:35:43.0953 2528 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:35:43.0953 2528 usbohci - ok
16:35:43.0968 2528 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:35:43.0968 2528 usbprint - ok
16:35:44.0015 2528 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:35:44.0015 2528 usbscan - ok
16:35:44.0046 2528 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:35:44.0046 2528 USBSTOR - ok
16:35:44.0093 2528 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:35:44.0093 2528 VgaSave - ok
16:35:44.0109 2528 ViaIde - ok
16:35:44.0140 2528 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:35:44.0140 2528 VolSnap - ok
16:35:44.0218 2528 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:35:44.0218 2528 VSS - ok
16:35:44.0281 2528 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
16:35:44.0281 2528 W32Time - ok
16:35:44.0312 2528 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:35:44.0328 2528 Wanarp - ok
16:35:44.0343 2528 WDICA - ok
16:35:44.0359 2528 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:35:44.0375 2528 wdmaud - ok
16:35:44.0390 2528 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:35:44.0390 2528 WebClient - ok
16:35:44.0468 2528 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:35:44.0468 2528 winmgmt - ok
16:35:44.0515 2528 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
16:35:44.0531 2528 WmdmPmSN - ok
16:35:44.0593 2528 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
16:35:44.0609 2528 Wmi - ok
16:35:44.0640 2528 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:35:44.0656 2528 WmiApSrv - ok
16:35:44.0687 2528 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:35:44.0687 2528 WS2IFSL - ok
16:35:44.0734 2528 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
16:35:44.0750 2528 wscsvc - ok
16:35:44.0781 2528 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:35:44.0781 2528 wuauserv - ok
16:35:44.0812 2528 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:35:44.0828 2528 WudfPf - ok
16:35:44.0859 2528 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
16:35:44.0859 2528 WudfSvc - ok
16:35:44.0921 2528 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
16:35:44.0937 2528 WZCSVC - ok
16:35:45.0000 2528 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:35:45.0000 2528 xmlprov - ok
16:35:45.0031 2528 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:35:45.0156 2528 \Device\Harddisk0\DR0 - ok
16:35:45.0156 2528 Boot (0x1200) (ba668818beba9da1653ea9a8324ce6fd) \Device\Harddisk0\DR0\Partition0
16:35:45.0156 2528 \Device\Harddisk0\DR0\Partition0 - ok
16:35:45.0171 2528 ============================================================
16:35:45.0171 2528 Scan finished
16:35:45.0171 2528 ============================================================
16:35:45.0187 2612 Detected object count: 0
16:35:45.0187 2612 Actual detected object count: 0
16:36:07.0562 0512 ============================================================
16:36:07.0562 0512 Scan started
16:36:07.0562 0512 Mode: Manual; SigCheck; TDLFS;
16:36:07.0562 0512 ============================================================
16:36:07.0765 0512 Abiosdsk - ok
16:36:07.0781 0512 abp480n5 - ok
16:36:07.0828 0512 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:36:08.0171 0512 ACPI - ok
16:36:08.0218 0512 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:36:08.0375 0512 ACPIEC - ok
16:36:08.0437 0512 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
16:36:08.0453 0512 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
16:36:08.0453 0512 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
16:36:08.0468 0512 adpu160m - ok
16:36:08.0500 0512 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:36:08.0671 0512 aec - ok
16:36:08.0718 0512 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:36:08.0750 0512 AFD - ok
16:36:08.0765 0512 Aha154x - ok
16:36:08.0796 0512 aic78u2 - ok
16:36:08.0812 0512 aic78xx - ok
16:36:08.0937 0512 ALCXWDM (292ce6f164008e825d71c07fd0265943) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:36:09.0125 0512 ALCXWDM - ok
16:36:09.0203 0512 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:36:09.0375 0512 Alerter - ok
16:36:09.0406 0512 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:36:09.0578 0512 ALG - ok
16:36:09.0593 0512 AliIde - ok
16:36:09.0609 0512 amsint - ok
16:36:09.0687 0512 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:36:09.0718 0512 AntiVirSchedulerService - ok
16:36:09.0750 0512 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:36:09.0765 0512 AntiVirService - ok
16:36:09.0828 0512 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
16:36:10.0000 0512 AppMgmt - ok
16:36:10.0031 0512 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:36:10.0218 0512 Arp1394 - ok
16:36:10.0234 0512 asc - ok
16:36:10.0250 0512 asc3350p - ok
16:36:10.0265 0512 asc3550 - ok
16:36:10.0375 0512 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:36:10.0390 0512 aspnet_state - ok
16:36:10.0421 0512 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:36:10.0593 0512 AsyncMac - ok
16:36:10.0625 0512 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:36:10.0796 0512 atapi - ok
16:36:10.0812 0512 Atdisk - ok
16:36:10.0859 0512 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:36:11.0031 0512 Atmarpc - ok
16:36:11.0093 0512 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:36:11.0250 0512 AudioSrv - ok
16:36:11.0281 0512 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:36:11.0453 0512 audstub - ok
16:36:11.0484 0512 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:36:11.0953 0512 avgntflt - ok
16:36:11.0984 0512 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:36:12.0000 0512 avipbb - ok
16:36:12.0015 0512 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
16:36:12.0031 0512 avkmgr - ok
16:36:12.0078 0512 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:36:12.0265 0512 Beep - ok
16:36:12.0312 0512 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:36:12.0484 0512 BITS - ok
16:36:12.0515 0512 Brother XP spl Service (34f2f5b6a6d28b8fb872dfd57c5323ac) C:\WINDOWS\system32\brsvc01a.exe
16:36:12.0578 0512 Brother XP spl Service - ok
16:36:12.0640 0512 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:36:12.0796 0512 Browser - ok
16:36:12.0828 0512 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
16:36:12.0843 0512 BrPar ( UnsignedFile.Multi.Generic ) - warning
16:36:12.0843 0512 BrPar - detected UnsignedFile.Multi.Generic (1)
16:36:12.0859 0512 catchme - ok
16:36:12.0921 0512 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:36:13.0109 0512 cbidf2k - ok
16:36:13.0125 0512 cd20xrnt - ok
16:36:13.0171 0512 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:36:13.0359 0512 Cdaudio - ok
16:36:13.0375 0512 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:36:13.0531 0512 Cdfs - ok
16:36:13.0562 0512 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:36:13.0718 0512 Cdrom - ok
16:36:13.0734 0512 Changer - ok
16:36:13.0765 0512 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:36:13.0937 0512 CiSvc - ok
16:36:13.0953 0512 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:36:14.0125 0512 ClipSrv - ok
16:36:14.0187 0512 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:36:14.0203 0512 clr_optimization_v2.0.50727_32 - ok
16:36:14.0234 0512 CmdIde - ok
16:36:14.0250 0512 COMSysApp - ok
16:36:14.0281 0512 Cpqarray - ok
16:36:14.0328 0512 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:36:14.0484 0512 CryptSvc - ok
16:36:14.0500 0512 dac2w2k - ok
16:36:14.0531 0512 dac960nt - ok
16:36:14.0593 0512 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:36:14.0625 0512 DcomLaunch - ok
16:36:14.0656 0512 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:36:14.0828 0512 Dhcp - ok
16:36:14.0875 0512 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:36:15.0031 0512 Disk - ok
16:36:15.0046 0512 dmadmin - ok
16:36:15.0109 0512 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:36:15.0312 0512 dmboot - ok
16:36:15.0343 0512 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:36:15.0500 0512 dmio - ok
16:36:15.0531 0512 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:36:15.0718 0512 dmload - ok
16:36:15.0765 0512 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:36:15.0937 0512 dmserver - ok
16:36:15.0968 0512 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:36:16.0140 0512 DMusic - ok
16:36:16.0187 0512 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:36:16.0203 0512 Dnscache - ok
16:36:16.0281 0512 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:36:16.0437 0512 Dot3svc - ok
16:36:16.0453 0512 dpti2o - ok
16:36:16.0500 0512 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:36:16.0671 0512 drmkaud - ok
16:36:16.0703 0512 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:36:16.0875 0512 EapHost - ok
16:36:16.0921 0512 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:36:17.0093 0512 ERSvc - ok
16:36:17.0140 0512 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:36:17.0171 0512 Eventlog - ok
16:36:17.0218 0512 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
16:36:17.0250 0512 EventSystem - ok
16:36:17.0265 0512 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:36:17.0437 0512 Fastfat - ok
16:36:17.0484 0512 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:36:17.0515 0512 FastUserSwitchingCompatibility - ok
16:36:17.0546 0512 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:36:17.0703 0512 Fdc - ok
16:36:17.0796 0512 FedExAdminService (7a3b2c4cdcddcb9919fdd5e92c925263) C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe
16:36:17.0796 0512 FedExAdminService ( UnsignedFile.Multi.Generic ) - warning
16:36:17.0796 0512 FedExAdminService - detected UnsignedFile.Multi.Generic (1)
16:36:17.0812 0512 FedExLoggingService (58c8526b503f4800b92dbfb99a88efa3) C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe
16:36:17.0828 0512 FedExLoggingService ( UnsignedFile.Multi.Generic ) - warning
16:36:17.0828 0512 FedExLoggingService - detected UnsignedFile.Multi.Generic (1)
16:36:17.0890 0512 FedExShipnetDBService (bb60972e2eb2d5cf1f1979c4032c2eec) C:\Program Files\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe
16:36:17.0906 0512 FedExShipnetDBService - ok
16:36:17.0953 0512 FedExShipService (6b30c5039260a82a6216e9505af6d62b) C:\Program Files\FedEx\ShipManager\BIN\ShipEngineService.exe
16:36:17.0953 0512 FedExShipService ( UnsignedFile.Multi.Generic ) - warning
16:36:17.0953 0512 FedExShipService - detected UnsignedFile.Multi.Generic (1)
16:36:17.0984 0512 FedExTransactionService (36d9046df989e8d2bd8e983fc4c7a01e) C:\Program Files\FedEx\ShipManager\BIN\TransEngineService.exe
16:36:17.0984 0512 FedExTransactionService ( UnsignedFile.Multi.Generic ) - warning
16:36:17.0984 0512 FedExTransactionService - detected UnsignedFile.Multi.Generic (1)
16:36:18.0015 0512 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:36:18.0187 0512 Fips - ok
16:36:18.0203 0512 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:36:18.0375 0512 Flpydisk - ok
16:36:18.0437 0512 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:36:18.0593 0512 FltMgr - ok
16:36:18.0671 0512 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:36:18.0687 0512 FontCache3.0.0.0 - ok
16:36:18.0734 0512 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:36:18.0906 0512 Fs_Rec - ok
16:36:18.0953 0512 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:36:19.0140 0512 Ftdisk - ok
16:36:19.0156 0512 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:36:19.0328 0512 Gpc - ok
16:36:19.0359 0512 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:36:19.0515 0512 helpsvc - ok
16:36:19.0531 0512 HidServ - ok
16:36:19.0562 0512 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:36:19.0718 0512 HidUsb - ok
16:36:19.0781 0512 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:36:19.0953 0512 hkmsvc - ok
16:36:19.0968 0512 hpn - ok
16:36:20.0031 0512 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:36:20.0062 0512 HTTP - ok
16:36:20.0093 0512 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:36:20.0250 0512 HTTPFilter - ok
16:36:20.0281 0512 i2omgmt - ok
16:36:20.0296 0512 i2omp - ok
16:36:20.0328 0512 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:36:20.0484 0512 i8042prt - ok
16:36:20.0546 0512 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:36:20.0562 0512 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:36:20.0562 0512 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:36:20.0656 0512 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:36:20.0703 0512 idsvc - ok
16:36:20.0734 0512 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:36:20.0890 0512 Imapi - ok
16:36:20.0953 0512 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:36:21.0125 0512 ImapiService - ok
16:36:21.0140 0512 ini910u - ok
16:36:21.0171 0512 IntelIde - ok
16:36:21.0203 0512 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:36:21.0359 0512 intelppm - ok
16:36:21.0406 0512 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:36:21.0578 0512 Ip6Fw - ok
16:36:21.0625 0512 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:36:21.0828 0512 IpFilterDriver - ok
16:36:21.0843 0512 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:36:22.0000 0512 IpInIp - ok
16:36:22.0031 0512 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:36:22.0187 0512 IpNat - ok
16:36:22.0218 0512 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:36:22.0375 0512 IPSec - ok
16:36:22.0406 0512 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:36:22.0578 0512 IRENUM - ok
16:36:22.0609 0512 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:36:22.0765 0512 isapnp - ok
16:36:22.0875 0512 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe
16:36:22.0890 0512 JavaQuickStarterService - ok
16:36:22.0921 0512 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:36:23.0093 0512 Kbdclass - ok
16:36:23.0109 0512 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:36:23.0265 0512 kmixer - ok
16:36:23.0312 0512 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:36:23.0375 0512 KSecDD - ok
16:36:23.0437 0512 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:36:23.0468 0512 lanmanserver - ok
16:36:23.0531 0512 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:36:23.0546 0512 lanmanworkstation - ok
16:36:23.0578 0512 lbrtfdc - ok
16:36:23.0640 0512 LexBceS (f93eb7b8a5ea70e14b2d1a1da0b9a623) C:\WINDOWS\system32\LEXBCES.EXE
16:36:23.0656 0512 LexBceS ( UnsignedFile.Multi.Generic ) - warning
16:36:23.0656 0512 LexBceS - detected UnsignedFile.Multi.Generic (1)
16:36:23.0703 0512 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:36:23.0859 0512 LmHosts - ok
16:36:23.0890 0512 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:36:24.0046 0512 Messenger - ok
16:36:24.0078 0512 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:36:24.0265 0512 mnmdd - ok
16:36:24.0312 0512 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
16:36:24.0468 0512 mnmsrvc - ok
16:36:24.0515 0512 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:36:24.0671 0512 Modem - ok
16:36:24.0703 0512 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:36:24.0843 0512 Mouclass - ok
16:36:24.0890 0512 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:36:25.0062 0512 mouhid - ok
16:36:25.0093 0512 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:36:25.0250 0512 MountMgr - ok
16:36:25.0265 0512 mraid35x - ok
16:36:25.0296 0512 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:36:25.0453 0512 MRxDAV - ok
16:36:25.0531 0512 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:36:25.0593 0512 MRxSmb - ok
16:36:25.0640 0512 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
16:36:25.0796 0512 MSDTC - ok
16:36:25.0828 0512 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:36:26.0000 0512 Msfs - ok
16:36:26.0015 0512 MSIServer - ok
16:36:26.0062 0512 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:36:26.0203 0512 MSKSSRV - ok
16:36:26.0234 0512 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:36:26.0390 0512 MSPCLOCK - ok
16:36:26.0421 0512 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:36:26.0593 0512 MSPQM - ok
16:36:26.0625 0512 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:36:26.0765 0512 mssmbios - ok
16:36:26.0812 0512 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:36:26.0859 0512 Mup - ok
16:36:26.0968 0512 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:36:27.0140 0512 napagent - ok
16:36:27.0171 0512 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:36:27.0328 0512 NDIS - ok
16:36:27.0375 0512 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:36:27.0390 0512 NdisTapi - ok
16:36:27.0421 0512 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:36:27.0593 0512 Ndisuio - ok
16:36:27.0625 0512 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:36:27.0765 0512 NdisWan - ok
16:36:27.0812 0512 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:36:27.0843 0512 NDProxy - ok
16:36:27.0875 0512 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:36:28.0031 0512 NetBIOS - ok
16:36:28.0062 0512 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:36:28.0218 0512 NetBT - ok
16:36:28.0265 0512 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:36:28.0437 0512 NetDDE - ok
16:36:28.0437 0512 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:36:28.0593 0512 NetDDEdsdm - ok
16:36:28.0640 0512 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:36:28.0812 0512 Netlogon - ok
16:36:28.0843 0512 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:36:29.0000 0512 Netman - ok
16:36:29.0078 0512 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:36:29.0093 0512 NetTcpPortSharing - ok
16:36:29.0125 0512 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:36:29.0281 0512 NIC1394 - ok
16:36:29.0328 0512 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:36:29.0359 0512 Nla - ok
16:36:29.0390 0512 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:36:29.0562 0512 Npfs - ok
16:36:29.0625 0512 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:36:29.0796 0512 Ntfs - ok
16:36:29.0859 0512 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:36:30.0015 0512 NtLmSsp - ok
16:36:30.0093 0512 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:36:30.0281 0512 NtmsSvc - ok
16:36:30.0328 0512 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:36:30.0484 0512 Null - ok
16:36:30.0546 0512 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:36:30.0718 0512 NwlnkFlt - ok
16:36:30.0765 0512 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:36:30.0953 0512 NwlnkFwd - ok
16:36:31.0000 0512 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:36:31.0156 0512 ohci1394 - ok
16:36:31.0203 0512 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:36:31.0218 0512 ose - ok
16:36:31.0250 0512 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:36:31.0421 0512 Parport - ok
16:36:31.0437 0512 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:36:31.0609 0512 PartMgr - ok
16:36:31.0640 0512 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:36:31.0812 0512 ParVdm - ok
16:36:31.0843 0512 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:36:32.0000 0512 PCI - ok
16:36:32.0031 0512 PCIDump - ok
16:36:32.0062 0512 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:36:32.0250 0512 PCIIde - ok
16:36:32.0312 0512 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:36:32.0468 0512 Pcmcia - ok
16:36:32.0484 0512 PDCOMP - ok
16:36:32.0500 0512 PDFRAME - ok
16:36:32.0531 0512 PDRELI - ok
16:36:32.0546 0512 PDRFRAME - ok
16:36:32.0578 0512 perc2 - ok
16:36:32.0593 0512 perc2hib - ok
16:36:32.0671 0512 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:36:32.0703 0512 PlugPlay - ok
16:36:32.0734 0512 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:36:32.0890 0512 PolicyAgent - ok
16:36:32.0921 0512 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:36:33.0078 0512 PptpMiniport - ok
16:36:33.0109 0512 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:36:33.0250 0512 ProtectedStorage - ok
16:36:33.0281 0512 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:36:33.0453 0512 PSched - ok
16:36:33.0484 0512 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:36:33.0656 0512 Ptilink - ok
16:36:33.0671 0512 ql1080 - ok
16:36:33.0703 0512 Ql10wnt - ok
16:36:33.0718 0512 ql12160 - ok
16:36:33.0750 0512 ql1240 - ok
16:36:33.0765 0512 ql1280 - ok
16:36:33.0796 0512 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:36:33.0953 0512 RasAcd - ok
16:36:34.0015 0512 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:36:34.0171 0512 RasAuto - ok
16:36:34.0203 0512 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:36:34.0375 0512 Rasl2tp - ok
16:36:34.0421 0512 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:36:34.0578 0512 RasMan - ok
16:36:34.0609 0512 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:36:34.0765 0512 RasPppoe - ok
16:36:34.0796 0512 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:36:34.0968 0512 Raspti - ok
16:36:35.0000 0512 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:36:35.0156 0512 Rdbss - ok
16:36:35.0171 0512 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:36:35.0343 0512 RDPCDD - ok
16:36:35.0390 0512 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:36:35.0546 0512 rdpdr - ok
16:36:35.0609 0512 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
16:36:35.0625 0512 RDPWD - ok
16:36:35.0656 0512 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:36:35.0828 0512 RDSessMgr - ok
16:36:35.0843 0512 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:36:36.0000 0512 redbook - ok
16:36:36.0062 0512 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:36:36.0203 0512 RemoteAccess - ok
16:36:36.0250 0512 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
16:36:36.0421 0512 RemoteRegistry - ok
16:36:36.0437 0512 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
16:36:36.0593 0512 RpcLocator - ok
16:36:36.0656 0512 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
16:36:36.0687 0512 RpcSs - ok
16:36:36.0734 0512 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
16:36:36.0906 0512 RSVP - ok
16:36:36.0968 0512 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
16:36:37.0109 0512 rtl8139 - ok
16:36:37.0140 0512 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:36:37.0296 0512 SamSs - ok
16:36:37.0328 0512 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:36:37.0484 0512 SCardSvr - ok
16:36:37.0531 0512 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:36:37.0703 0512 Schedule - ok
16:36:37.0750 0512 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:36:37.0921 0512 Secdrv - ok
16:36:37.0937 0512 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:36:38.0093 0512 seclogon - ok
16:36:38.0125 0512 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:36:38.0281 0512 SENS - ok
16:36:38.0328 0512 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:36:38.0484 0512 serenum - ok
16:36:38.0515 0512 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:36:38.0671 0512 Serial - ok
16:36:38.0734 0512 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:36:38.0890 0512 Sfloppy - ok
16:36:38.0953 0512 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:36:39.0125 0512 SharedAccess - ok
16:36:39.0156 0512 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:36:39.0187 0512 ShellHWDetection - ok
16:36:39.0203 0512 Simbad - ok
16:36:39.0250 0512 SiS315 (c14863dece98b65195429df2dcc038bc) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
16:36:39.0296 0512 SiS315 - ok
16:36:39.0343 0512 siside (b4485881bd8aed9b157a2e6cf43c2d51) C:\WINDOWS\system32\DRIVERS\siside.sys
16:36:39.0375 0512 siside - ok
16:36:39.0421 0512 sisidex (6225224b8e846ac230f8d9b343635910) C:\WINDOWS\system32\drivers\sisidex.sys
16:36:39.0437 0512 sisidex ( UnsignedFile.Multi.Generic ) - warning
16:36:39.0437 0512 sisidex - detected UnsignedFile.Multi.Generic (1)
16:36:39.0468 0512 SiSkp (c29363d5855c4b55012a31ef6436013c) C:\WINDOWS\system32\DRIVERS\srvkp.sys
16:36:39.0484 0512 SiSkp - ok
16:36:39.0500 0512 sisperf (596d4a7052002d2bd344d8937da6f66d) C:\WINDOWS\system32\drivers\sisperf.sys
16:36:39.0531 0512 sisperf ( UnsignedFile.Multi.Generic ) - warning
16:36:39.0531 0512 sisperf - detected UnsignedFile.Multi.Generic (1)
16:36:39.0562 0512 Sparrow - ok
16:36:39.0609 0512 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:36:39.0765 0512 splitter - ok
16:36:39.0812 0512 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:36:39.0828 0512 Spooler - ok
16:36:39.0859 0512 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:36:40.0015 0512 sr - ok
16:36:40.0078 0512 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
16:36:40.0218 0512 srservice - ok
16:36:40.0281 0512 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:36:40.0328 0512 Srv - ok
16:36:40.0359 0512 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:36:40.0515 0512 SSDPSRV - ok
16:36:40.0546 0512 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:36:40.0562 0512 ssmdrv - ok
16:36:40.0625 0512 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:36:40.0796 0512 stisvc - ok
16:36:40.0828 0512 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:36:40.0968 0512 swenum - ok
16:36:41.0000 0512 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:36:41.0171 0512 swmidi - ok
16:36:41.0187 0512 SwPrv - ok
16:36:41.0218 0512 symc810 - ok
16:36:41.0234 0512 symc8xx - ok
16:36:41.0250 0512 sym_hi - ok
16:36:41.0281 0512 sym_u3 - ok
16:36:41.0312 0512 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:36:41.0484 0512 sysaudio - ok
16:36:41.0500 0512 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:36:41.0671 0512 SysmonLog - ok
16:36:41.0703 0512 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:36:41.0875 0512 TapiSrv - ok
16:36:41.0937 0512 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:36:41.0953 0512 Tcpip - ok
16:36:41.0984 0512 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:36:42.0156 0512 TDPIPE - ok
16:36:42.0187 0512 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:36:42.0343 0512 TDTCP - ok
16:36:42.0359 0512 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:36:42.0515 0512 TermDD - ok
16:36:42.0562 0512 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:36:42.0718 0512 TermService - ok
16:36:42.0765 0512 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:36:42.0781 0512 Themes - ok
16:36:42.0828 0512 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
16:36:43.0000 0512 TlntSvr - ok
16:36:43.0015 0512 TosIde - ok
16:36:43.0046 0512 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:36:43.0203 0512 TrkWks - ok
16:36:43.0234 0512 TSCONSOLESERVICE - ok
16:36:43.0281 0512 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
16:36:43.0437 0512 uagp35 - ok
16:36:43.0500 0512 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:36:43.0671 0512 Udfs - ok
16:36:43.0687 0512 ultra - ok
16:36:43.0734 0512 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:36:43.0921 0512 Update - ok
16:36:43.0953 0512 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:36:44.0109 0512 upnphost - ok
16:36:44.0140 0512 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:36:44.0281 0512 UPS - ok
16:36:44.0328 0512 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:36:44.0484 0512 usbehci - ok
16:36:44.0515 0512 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:36:44.0671 0512 usbhub - ok
16:36:44.0687 0512 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:36:44.0859 0512 usbohci - ok
16:36:44.0890 0512 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:36:45.0046 0512 usbprint - ok
16:36:45.0078 0512 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:36:45.0250 0512 usbscan - ok
16:36:45.0281 0512 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:36:45.0437 0512 USBSTOR - ok
16:36:45.0468 0512 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:36:45.0625 0512 VgaSave - ok
16:36:45.0640 0512 ViaIde - ok
16:36:45.0671 0512 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:36:45.0828 0512 VolSnap - ok
16:36:45.0921 0512 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:36:46.0093 0512 VSS - ok
16:36:46.0140 0512 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
16:36:46.0296 0512 W32Time - ok
16:36:46.0328 0512 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:36:46.0484 0512 Wanarp - ok
16:36:46.0515 0512 WDICA - ok
16:36:46.0546 0512 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:36:46.0703 0512 wdmaud - ok
16:36:46.0734 0512 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:36:46.0906 0512 WebClient - ok
16:36:46.0968 0512 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:36:47.0125 0512 winmgmt - ok
16:36:47.0187 0512 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
16:36:47.0218 0512 WmdmPmSN - ok
16:36:47.0296 0512 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
16:36:47.0328 0512 Wmi - ok
16:36:47.0375 0512 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:36:47.0546 0512 WmiApSrv - ok
16:36:47.0609 0512 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:36:47.0796 0512 WS2IFSL - ok
16:36:47.0843 0512 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
16:36:48.0000 0512 wscsvc - ok
16:36:48.0031 0512 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:36:48.0203 0512 wuauserv - ok
16:36:48.0234 0512 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:36:48.0296 0512 WudfPf - ok
16:36:48.0328 0512 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
16:36:48.0359 0512 WudfSvc - ok
16:36:48.0406 0512 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
16:36:48.0578 0512 WZCSVC - ok
16:36:48.0656 0512 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:36:48.0796 0512 xmlprov - ok
16:36:48.0843 0512 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:36:49.0031 0512 \Device\Harddisk0\DR0 - ok
16:36:49.0031 0512 Boot (0x1200) (ba668818beba9da1653ea9a8324ce6fd) \Device\Harddisk0\DR0\Partition0
16:36:49.0031 0512 \Device\Harddisk0\DR0\Partition0 - ok
16:36:49.0046 0512 ============================================================
16:36:49.0046 0512 Scan finished
16:36:49.0046 0512 ============================================================
16:36:49.0171 0252 Detected object count: 10
16:36:49.0171 0252 Actual detected object count: 10
16:37:18.0562 0252 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:37:18.0562 0252 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:37:18.0562 0252 BrPar ( UnsignedFile.Multi.Generic ) - skipped by user
16:37:18.0562 0252 BrPar ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:37:18.0578 0252 FedExAdminService ( UnsignedFile.Multi.Generic ) - skipped by user
16:37:18.0578 0252 FedExAdminService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:37:18.0578 0252 FedExLoggingService ( UnsignedFile.Multi.Generic ) - skipped by user
16:37:18.0578 0252 FedExLoggingService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:37:18.0578 0252 FedExShipService ( UnsignedFile.Multi.Generic ) - skipped by user
16:37:18.0578 0252 FedExShipService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:37:18.0593 0252 FedExTransactionService ( UnsignedFile.Multi.Generic ) - skipped by user
16:37:18.0593 0252 FedExTransactionService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:37:18.0593 0252 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:37:18.0593 0252 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:37:18.0609 0252 LexBceS ( UnsignedFile.Multi.Generic ) - skipped by user
16:37:18.0609 0252 LexBceS ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:37:18.0609 0252 sisidex ( UnsignedFile.Multi.Generic ) - skipped by user
16:37:18.0609 0252 sisidex ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:37:18.0609 0252 sisperf ( UnsignedFile.Multi.Generic ) - skipped by user
16:37:18.0609 0252 sisperf ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:37:34.0828 2508 Deinitialize success
  • 0

#8
smackattack

smackattack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
malwarebytes. Didnt find anything but cmdow.exe, i told it to ignore, isnt that the classic virus scanner false positive? Think this is everything you asked for, ill await your next response. Removed and updated java as well.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.29.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
insidesales1 :: IS1 [administrator]

3/29/2012 5:20:42 PM
mbam-log-2012-03-29 (17-24-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196169
Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\system32\cmdow.exe (PUP.Tool) -> No action taken.

(end)
  • 0

#9
smackattack

smackattack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
oops sorry, forgot aswmbr.txt

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-29 16:38:38
-----------------------------
16:38:38.296 OS Version: Windows 5.1.2600 Service Pack 3
16:38:38.296 Number of processors: 2 586 0x303
16:38:38.296 ComputerName: IS1 UserName:
16:38:38.703 Initialize success
16:43:24.296 AVAST engine defs: 12032901
16:44:24.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:44:24.703 Disk 0 Vendor: WDC_WD1600JB-00GVA0 08.02D08 Size: 152627MB BusType: 3
16:44:24.718 Disk 0 MBR read successfully
16:44:24.718 Disk 0 MBR scan
16:44:24.750 Disk 0 Windows XP default MBR code
16:44:24.750 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
16:44:24.750 Disk 0 scanning sectors +312560640
16:44:24.828 Disk 0 scanning C:\WINDOWS\system32\drivers
16:44:35.234 Service scanning
16:44:46.015 Modules scanning
16:44:49.546 AVAST engine scan C:\WINDOWS
16:45:12.812 AVAST engine scan C:\WINDOWS\system32
16:47:33.359 AVAST engine scan C:\WINDOWS\system32\drivers
16:47:44.437 AVAST engine scan C:\Documents and Settings\insidesales1.VANPTC
16:48:41.937 AVAST engine scan C:\Documents and Settings\All Users
16:49:30.031 Scan finished successfully
17:16:56.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\insidesales1.VANPTC\Desktop\MBR.dat"
17:16:56.640 The log file has been saved successfully to "C:\Documents and Settings\insidesales1.VANPTC\Desktop\aswMBR.txt"
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Logs look clean. Let's see if there are any problems:

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.


File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.




Ron
  • 0

Advertisements


#11
smackattack

smackattack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ron, I wont be able to finish this up until monday, i will post back then with the results of your last post. Didnt want you to be checking back repeatedly or thinking I bailed. Thanks for all the help so far.
So im pretty much stuck as far as the start menu-all programs and the quick launch being hosed correct outside of just manually creating shortcuts and rebuilding by scratch right?
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Delays are not a problem. I don't keep track. I just reply when I get an email notification.
Most of your desktop icons are still there just hidden. See the H on each line?

[2012/03/27 10:11:38 | 000,001,776 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\My Documents\Default.rdp
[2012/03/23 15:56:31 | 000,042,728 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\shore total office 095161.pdf
[2012/03/22 14:58:11 | 000,070,546 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\ampliaudio-095455.pdf
[2012/03/22 14:57:15 | 000,070,182 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\calasa-095454.pdf
[2012/03/20 11:17:38 | 000,179,038 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\20120320095228.pdf
[2012/03/19 11:40:44 | 000,155,321 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon BPD02-B products revised.pdf
[2012/03/19 11:20:17 | 000,163,060 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon BPD02-P products revised.pdf
[2012/03/19 11:11:10 | 000,162,994 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon BDP02-W products-revised.pdf
[2012/03/15 16:08:01 | 000,006,647 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\amazon-package bre.pdf
[2012/03/15 16:06:53 | 000,025,458 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon bre-3-15-12FBAFCKJSZ.pdf
[2012/03/15 16:04:53 | 000,008,245 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\amazon-package ind.pdf
[2012/03/15 16:03:03 | 000,058,078 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon IND-3-15-12FBAFCKJSZ.pdf
[2012/03/15 15:55:56 | 000,008,436 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\amazon-package phx.pdf
[2012/03/15 15:50:43 | 000,066,385 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\Amazon PHX-3-15-12FBAFCKJSZ.pdf
[2012/03/15 11:07:54 | 000,191,636 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\097918.pdf
[2012/03/15 10:55:52 | 000,047,093 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\oe-iv-pb-bro-2blank.pdf
[2012/03/14 12:03:13 | 000,093,503 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095318.pdf
[2012/03/14 12:02:40 | 000,134,469 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095317.pdf
[2012/03/14 12:01:55 | 000,219,666 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095304.pdf
[2012/03/14 12:01:14 | 000,193,920 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095145A.pdf
[2012/03/14 11:59:47 | 000,234,330 | -H-- | M] () -- C:\Documents and Settings\insidesales1.VANPTC\Desktop\095145.pdf

Close all programs so that you are at your desktop.
Double-click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.


You should be able to right click on C:\Documents and Settings\insidesales1.VANPTC\Desktop and uncheck the Hidden box.

I thought unhide.exe would do that but I guess not.

Your Start, All Programs items are stored in two folders. Right click on Start and select Explore and it will put you close to one set. Right click on Start and select Explore All Users and you will get close to the others. See if the Hidden box is checked when you right click and select Properties.

C:\Documents and Settings\insidesales1.VANPTC\Start Menu\Programs\Startup

or

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
  • 0

#13
smackattack

smackattack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Better late than never....
Yeah, looks like something hosed the start menu short cuts and the quick launch. Hidden, system or otherwise they are not there.

Both event logs were empty after reboot.
here is the process explorer, doesnt seem to be any nasty gobbling up resources

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 98.44 0 K 16 K
procexp.exe 508 1.56 17,736 K 24,676 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
wmiprvse.exe 980 2,788 K 4,868 K WMI Microsoft Corporation (Verified) Microsoft Windows Component Publisher
winlogon.exe 568 6,632 K 4,396 K Windows NT Logon Application Microsoft Corporation (Verified) Microsoft Windows Component Publisher
UPSNA1Msgr.exe 1532 18,756 K 5,796 K (Unable to verify)
System 4 0 K 220 K
svchost.exe 808 2,976 K 4,856 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 856 1,776 K 4,296 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 924 15,384 K 26,024 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 996 1,348 K 3,676 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1052 1,476 K 3,984 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1356 1,288 K 3,816 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1736 2,368 K 4,160 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
spoolsv.exe 1244 8,068 K 11,900 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows Component Publisher
smss.exe 480 176 K 420 K Windows NT Session Manager Microsoft Corporation (Verified) Microsoft Windows Component Publisher
services.exe 612 1,760 K 3,472 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Component Publisher
sched.exe 1288 2,448 K 380 K Avira Scheduler Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
PB32Stub.exe 1484 388 K 1,404 K Stub for PrintBoss NT40 Printer Driver Wellspring Software, Inc. (Unable to verify) Wellspring Software, Inc.
lsass.exe 624 2,488 K 1,088 K LSA Shell (Export Version) Microsoft Corporation (Verified) Microsoft Windows Component Publisher
lexbces.exE 1208 1,644 K 4,168 K LexBce Service Lexmark International, Inc. (Unable to verify) Lexmark International, Inc.
jusched.exe 1716 816 K 3,020 K Java™ Update Scheduler Sun Microsystems, Inc. (Verified) Sun Microsystems, Inc.
jqs.exe 1636 2,032 K 1,400 K Java™ Quick Starter Service Sun Microsystems, Inc. (Verified) Sun Microsystems, Inc.
firefox.exe 3396 105,432 K 111,276 K Firefox Mozilla Corporation (Verified) Mozilla Corporation
FedEx.Gsm.Common.LoggingService.exe 1500 18,704 K 17,044 K FedEx.Gsm.LoggingService FedEx Corporation (Unable to verify) FedEx Corporation
explorer.exe 1272 14,112 K 20,496 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows Component Publisher
eDP2eD.exe 1468 428 K 2,056 K eDP2eD DLL eCopy, Inc. (Verified) eCopy, Inc
dbsrv11.exe 1588 23,136 K 17,280 K SQL Anywhere Network Server iAnywhere Solutions, Inc. (Verified) iAnywhere Solutions, Inc.
ctfmon.exe 1796 872 K 3,256 K CTF Loader Microsoft Corporation (Verified) Microsoft Windows Component Publisher
csrss.exe 540 1,704 K 4,028 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Component Publisher
BRSVC01A.EXE 1184 316 K 1,304 K brsvc01a brother Industries Ltd (Verified) Microsoft Windows Hardware Compatibility Publisher
BRSS01A.EXE 1220 504 K 2,200 K brss01a.exe brother Industries Ltd (Verified) Microsoft Windows Hardware Compatibility Publisher
avshadow.exe 2380 608 K 2,660 K Avira Shadow Copy Service Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
avguard.exe 1456 130,688 K 26,872 K Avira On-Access Service Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
avgnt.exe 668 6,152 K 4,528 K Avira System Tray Tool Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
alg.exe 2932 1,160 K 3,604 K Application Layer Gateway Service Microsoft Corporation (Verified) Microsoft Windows Component Publisher
AdminService.exe 1908 28,084 K 26,708 K AdminService (Unable to verify)
acrotray.exe 1712 764 K 2,808 K AcroTray Adobe Systems Inc. (Unable to verify) Adobe Systems Inc.
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Normally we see this bug hide the shortcuts in a folder called smtmp in the temp folder

%Temp%\smtmp

(To see what %Temp% is open a command prompt and type (with an Enter after the line):

cd  %\Temp%

This will change the prompt to the real location of the temp folder. You can look to see if the folder exists:

dir  /a  smtmp

(I use two spaces in the code box so you can see where 1 space goes.)
If the folder exists then you can restore the shortcuts by:
xcopy  %Temp%\smtmp\1  "%AllUsersProfile%\Start Menu"  /H  /I  /S  /Y 
xcopy  %Temp%\smtmp\2  "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch"  /H  /I  /S  /Y 
xcopy  %Temp%\smtmp\3  "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar"  /H  /I  /S  /Y 
xcopy  %Temp%\smtmp\4  "%AllUsersProfile%\Desktop"  /H  /I  /S  /Y

If the folder is not there

We have a procedure for repairing this:

Restore Accessories Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Ensure that the following check boxes are checked (as seen in this image below):

Posted Image

Once they are, click on the Restore button.



Restore Admin Tools Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Click on the Restore Administrative Tools Items button.

As seen in this image below:

Posted Image

This next one will produce the necessary shortcut links which you can cut and paste into the start menu folder
To use this download the attached Repair.zip file
Extract the repair.vbs file to your destop
Run the repair.vbs
It will ask for a folder name call it recovery
The tool will let you know when it is finished
On the desktop will be a recovery folder
Open the folder
Cut and Paste the links that you want to C:\documents and settings\insidesales1.VANPTC\start menu
Posted Image
Posted Image
  • 0

#15
smackattack

smackattack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Sorry to be a flake, been busier than a one legged man at the butt kicking contest at work.
System has been running great and appears to be clean.

That temp folder with shortcuts is not there. My accessories and admin start menu items were already recovered by the previous tool. The only things that are empty are the folders of shortcuts for installed programs in the start menu.

I ran that vbs script and it does not ask for a folder name, it just creates a txt file.

Outside of that, anything else we need to do as far as cleanup, or is it ok to close this thread?

Great help once again, mucho appreciation.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP