Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Module Rootkit starts multiple "Ping.exe" processes


  • Please log in to reply

#1
Wassertor

Wassertor

    Member

  • Member
  • PipPip
  • 11 posts
Hello

This is my first post to GeekstoGo, but I am a fairly savvy computer user.

I was doing a random web explore on the home computer and hit a site that popped up a blank window. Shortly thereafter, others using the computer noted that the CPU speed was dropping and some unsolicited sites were popping up on Firefox. I did a deep scan with Malwarebytes AntiMalware which found two rootkit virus signatures. I followed the reboot-to-kill process but found that the symptoms returned. I next used Sophos Rootkit Killer to see what it found. The scan showed two hidden signatures and a memory module rootkit in the registry. Sophos could not remove them either. I went on line and googled "Killing Rootkit Viruses" and found some old posts from your site. They mentioned GMER, which I downloaded and ran. The "Rootkit" portion of the scan showed a hidden memory module rootkit in the registry. When I right clicked the scan line, the only option available was "Dump to File". The "Processes" list in GMER showed a series of copies of "Ping.exe" highlighted in red that kept expanding the processes list. The longer the computer ran, the more red highlighted copies of "Ping.exe" showed up in the "Processes" list of GMER. On occasion, a red highlighted line referring to my e-mail program and Firefox would also appear. I used the "Kill Process" option to remove the copies, but they kept reappearing (possibly due to the rootkit?)

I have currently downloaded and run OTL.exe and have the OTL.txt and Extras.txt files on my desktop.

What can I do next?

Much appreciation for any help I can get.
  • 0

Advertisements


#2
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, Wassertor! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for Wassertor only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


Please could you post OTL.txt and Extras.txt in your next reply.
Please also do the following:

Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image


Things I want to see in your next reply

  • OTL.txt
  • Extras.txt
  • aswMBR.txt

  • 0

#3
Wassertor

Wassertor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello Nedklaw

I much appreciate you having the time to help. I ran OTL yesterday when I downloaded it. I did it again tonight. I noted that the Extras.txt log did not update from yesterday. One other thing, your note about aswMBR indicated that the download would be 1.8 Mb in size. What downloaded when I activated the link was 4.5Mb in size. Is this a problem?

Here is the contents of OTL.txt:

OTL logfile created on: 4/9/2012 9:25:32 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Jerri\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 73.42% Memory free
2.33 Gb Paging File | 1.93 Gb Available in Paging File | 82.80% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.26 Gb Total Space | 5.95 Gb Free Space | 10.39% Space Free | Partition Type: NTFS
Drive F: | 111.81 Gb Total Space | 75.29 Gb Free Space | 67.34% Space Free | Partition Type: NTFS
Drive G: | 111.81 Gb Total Space | 111.72 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

Computer Name: PAUL-QX8Y126H2L | User Name: Jerri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jerri\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\FXUxT232.com ()
PRC - C:\WINDOWS\system32\FXUxT232.com_ ()
PRC - F:\Gleep\minecraft\New Folder\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\PC Speed Up\PCSUService.exe ()
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
PRC - C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)
PRC - C:\WINDOWS\system32\carpserv.exe (Conexant Systems)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files\Steam\bin\avformat-53.dll ()
MOD - C:\WINDOWS\system32\FXUxT232.com_ ()
MOD - C:\WINDOWS\system32\FXUxT232.com ()
MOD - C:\Program Files\PC Speed Up\PCSUService.exe ()
MOD - C:\Program Files\PC Speed Up\Sqlite3.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (winpowermanager) -- %systemroot%\system32\ino_flpy.dll File not found
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe File not found
SRV - (RimSerPort) -- %systemroot%\system32\PTproct.dll File not found
SRV - (pdiddcci) -- %systemroot%\system32\2wirepcp.dll File not found
SRV - (MSDisk) -- C:\WINDOWS\System32\irdvxc.exe /service File not found
SRV - (cfosspeed) -- %systemroot%\system32\tones.dll File not found
SRV - (Hamachi2Svc) -- F:\Gleep\minecraft\New Folder\hamachi-2.exe (LogMeIn Inc.)
SRV - (PCSUService) -- C:\Program Files\PC Speed Up\PCSUService.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (CTUPnPSv) -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd)
SRV - (DCamUSBGrandTek) -- C:\WINDOWS\system32\fsRamDsk.dll (Oak Technology Inc.)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (CTDevice_Srv) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (WacomVKHid) -- system32\DRIVERS\WacomVKHid.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MEMSWEEP2) -- C:\WINDOWS\system32\D.tmp File not found
DRV - (lbrtfdc) -- File not found
DRV - (kfloypob) -- C:\DOCUME~1\Paul\LOCALS~1\Temp\kfloypob.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (dump_wmimmc) -- C:\WINDOWS\system32\drivers\dump_wmimmc.sys File not found
DRV - (Changer) -- File not found
DRV - (aswMBR) -- C:\DOCUME~1\Jerri\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (npkcrypt) -- C:\Program Files\NEXON\MapleStory\npkcrypt.sys (INCA Internet Co., Ltd.)
DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (fasttx2k) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys (Promise Technology, Inc.)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (Pnp680r) -- C:\WINDOWS\system32\drivers\pnp680r.sys (Silicon Image, Inc)
DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems)
DRV - (V124) -- C:\WINDOWS\system32\drivers\HSF_V124.sys (Conexant)
DRV - (Tones) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys (Conexant)
DRV - (hsf_msft) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys (Conexant)
DRV - (Rksample) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys (Conexant)
DRV - (K56) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys (Conexant)
DRV - (Fallback) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys (Conexant)
DRV - (SoftFax) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys (Conexant)
DRV - (Fsks) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys (Conexant)
DRV - (basic2) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys (Conexant)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {DAED9266-8C28-4C1C-8B58-5C66EFF1D302}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Jerri\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/14 06:40:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/02/06 01:09:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 18:05:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/15 00:01:35 | 000,000,000 | ---D | M]

[2008/08/26 17:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jerri\Application Data\Mozilla\Extensions
[2008/08/26 17:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jerri\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/05/07 13:24:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jerri\Application Data\Mozilla\Firefox\Profiles\v50mc64d.default\extensions
[2010/04/29 21:35:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jerri\Application Data\Mozilla\Firefox\Profiles\v50mc64d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/04/11 01:36:17 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\Jerri\Application Data\Mozilla\Firefox\Profiles\v50mc64d.default\searchplugins\search.xml
[2007/09/03 18:51:24 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Jerri\Application Data\Mozilla\Firefox\Profiles\v50mc64d.default\searchplugins\siteadvisor.xml
[2011/11/11 18:01:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/19 18:05:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/19 18:05:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/01/03 19:19:06 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2011/02/06 01:09:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/09/28 09:05:38 | 000,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2007/09/28 09:06:10 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2012/01/03 09:22:02 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/10/10 13:41:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/10/10 13:41:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/10/10 13:41:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/10/10 13:41:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/10/10 13:41:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/10/10 13:41:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/10/10 13:41:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2011/10/03 20:47:48 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2010/03/23 18:46:56 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2011/10/03 20:47:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/03/23 18:46:56 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2011/10/03 20:47:48 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2011/10/03 20:47:48 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/11/11 18:01:20 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2011/10/03 20:47:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/10/03 20:47:48 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [CARPService] C:\WINDOWS\System32\carpserv.exe (Conexant Systems)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [iTunesHelper] F:\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] F:\Gleep\minecraft\New Folder\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [PowerBar] File not found
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.micr...C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its50 {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\itss50.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jerri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jerri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (mcenspc.dll) - File not found
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/12/31 15:24:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/09 21:18:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jerri\Desktop\aswMBR.exe
[2012/04/08 15:38:08 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jerri\Desktop\OTL.exe
[2012/03/27 22:34:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/09 21:21:05 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jerri\Desktop\MBR.dat
[2012/04/09 21:18:57 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jerri\Desktop\aswMBR.exe
[2012/04/09 21:12:21 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/09 21:09:01 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2012/04/09 21:09:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2012/04/09 21:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2012/04/09 21:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2012/04/09 21:05:12 | 000,013,256 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/09 20:52:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2012/04/09 20:09:07 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2012/04/09 20:09:07 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012/04/09 20:09:07 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2012/04/09 20:09:07 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2012/04/09 19:29:10 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2012/04/09 19:29:09 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2012/04/09 19:29:08 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2012/04/09 19:12:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/09 19:09:07 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2012/04/09 18:21:18 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/09 18:21:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/09 15:31:19 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2012/04/09 15:31:19 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2012/04/09 15:30:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2012/04/09 15:09:07 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2012/04/08 17:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2012/04/08 17:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012/04/08 17:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2012/04/08 17:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2012/04/08 16:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2012/04/08 16:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2012/04/08 16:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2012/04/08 16:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2012/04/08 15:38:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerri\Desktop\OTL.exe
[2012/04/08 14:54:21 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2012/04/08 14:27:54 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2012/04/08 14:27:49 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2012/04/08 14:09:07 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2012/04/08 13:59:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2012/04/08 13:59:12 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2012/04/08 13:59:12 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2012/04/06 22:09:07 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2012/04/03 18:10:13 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2012/04/03 18:10:13 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2012/04/03 18:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2012/04/03 18:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2012/04/03 12:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2012/04/03 12:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012/04/03 12:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2012/04/03 12:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2012/04/03 11:10:14 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012/04/03 11:10:13 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2012/04/03 11:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2012/04/03 11:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012/04/03 10:09:08 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2012/04/03 10:09:08 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012/04/03 10:09:08 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2012/04/03 10:09:08 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012/04/03 09:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2012/04/03 09:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012/04/03 09:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2012/04/03 09:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012/04/03 08:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2012/04/03 08:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012/04/03 08:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2012/04/03 08:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012/04/03 07:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2012/04/03 07:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012/04/03 07:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2012/04/03 07:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012/04/03 06:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2012/04/03 06:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012/04/03 06:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2012/04/03 06:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2012/04/03 05:10:13 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012/04/03 05:10:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2012/04/03 05:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2012/04/03 05:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2012/04/03 04:10:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2012/04/03 04:10:13 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2012/04/03 04:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2012/04/03 04:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2012/04/03 03:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2012/04/03 03:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2012/04/03 03:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012/04/03 03:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2012/04/03 02:10:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012/04/03 02:10:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2012/04/03 02:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2012/04/03 02:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2012/04/03 01:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2012/04/03 01:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/04/03 01:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2012/04/03 01:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/04/03 00:10:25 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2012/04/03 00:09:14 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/04/03 00:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2012/04/03 00:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/04/02 23:11:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2012/04/02 23:11:13 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2012/04/02 23:11:13 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2012/04/02 23:09:07 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2012/04/02 13:30:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/02 13:10:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2012/04/02 13:10:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2012/04/02 13:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2012/04/02 13:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2012/03/25 22:36:02 | 000,438,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/25 20:51:20 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\3058gri7.exe_.b
[2012/03/25 20:51:20 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\3058gri7.exe.b
[2012/03/25 20:19:16 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\3058gri7.exe.d
[2012/03/23 13:15:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/23 10:45:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/22 22:19:10 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\be3477LE.dat
[2012/03/22 22:14:26 | 000,084,992 | ---- | M] () -- C:\WINDOWS\System32\FXUxT232.com_
[2012/03/22 22:14:26 | 000,084,992 | ---- | M] () -- C:\WINDOWS\System32\FXUxT232.com
[2012/03/22 22:14:26 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\3058gri7.exe
[2012/03/22 22:13:30 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\FXUxT232.com.b
[2012/03/19 21:08:18 | 002,552,184 | ---- | M] () -- C:\Documents and Settings\Jerri\My Documents\ITC Feb 22 12 Attendance001.jpg
[2012/03/12 18:40:35 | 000,214,016 | ---- | M] () -- C:\Documents and Settings\Jerri\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/11 23:10:21 | 000,448,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/11 23:10:21 | 000,074,452 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/09 21:21:05 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jerri\Desktop\MBR.dat
[2012/04/09 21:09:04 | 000,084,992 | ---- | C] () -- C:\WINDOWS\System32\FXUxT232.com
[2012/04/08 15:09:02 | 000,084,992 | ---- | C] () -- C:\WINDOWS\System32\FXUxT232.com_
[2012/03/25 20:51:20 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3058gri7.exe_.b
[2012/03/25 20:51:20 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3058gri7.exe.b
[2012/03/25 20:19:18 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3058gri7.exe
[2012/03/25 20:19:16 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3058gri7.exe.d
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2012/03/22 22:13:31 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2012/03/22 22:13:31 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2012/03/22 22:13:31 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2012/03/22 22:13:31 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2012/03/22 22:13:31 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2012/03/22 22:13:31 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2012/03/22 22:13:31 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2012/03/22 22:13:31 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2012/03/22 22:13:31 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2012/03/22 22:13:31 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2012/03/22 22:13:31 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2012/03/22 22:13:31 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2012/03/22 22:13:31 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2012/03/22 22:13:30 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2012/03/22 22:13:30 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2012/03/22 22:13:30 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2012/03/22 22:13:30 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2012/03/22 22:13:30 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2012/03/22 22:13:30 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2012/03/22 22:13:30 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2012/03/22 22:13:30 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2012/03/22 22:13:30 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2012/03/22 22:13:30 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2012/03/22 22:13:30 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2012/03/22 22:13:30 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2012/03/22 22:13:30 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2012/03/22 22:13:30 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2012/03/22 22:13:30 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2012/03/22 22:13:30 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2012/03/22 22:13:30 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2012/03/22 22:13:30 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2012/03/22 22:13:30 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2012/03/22 22:13:30 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2012/03/22 22:13:30 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2012/03/22 21:23:20 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/03/19 21:08:13 | 002,552,184 | ---- | C] () -- C:\Documents and Settings\Jerri\My Documents\ITC Feb 22 12 Attendance001.jpg
[2012/02/20 20:35:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/17 19:18:52 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\FXUxT232.com.b
[2011/12/16 22:14:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/16 21:56:02 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\be3477LE.dat
[2011/12/05 19:34:11 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/02/14 19:44:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/09/19 21:56:25 | 000,088,960 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/25 23:25:24 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin

========== LOP Check ==========

[2006/01/02 21:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/01/03 21:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011/06/12 23:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2006/01/14 23:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2011/06/12 23:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2008/05/03 18:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/08/08 23:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/04/25 23:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2012/04/09 21:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/01/02 21:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/09/19 21:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/08 16:36:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
[2009/06/17 11:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/07/08 16:35:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}
[2012/01/28 23:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\.minecraft
[2008/03/23 16:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\EPSON
[2007/04/02 20:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\LEGO Company
[2006/01/02 21:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\Nikon
[2008/11/27 23:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\PC Suite
[2004/08/04 20:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\Qualcomm
[2010/05/13 11:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\Research In Motion
[2009/08/15 21:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\Roblox
[2010/10/20 22:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\Smart PDF Creator
[2012/02/15 22:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\WTouch
[2012/04/03 00:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/04/03 04:10:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2012/04/03 05:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2012/04/03 05:10:13 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2012/04/03 06:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2012/04/03 06:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2012/04/03 07:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2012/04/03 07:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2012/04/03 08:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2012/04/03 08:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2012/04/03 09:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2012/04/03 00:09:14 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/04/03 09:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2012/04/03 10:09:08 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2012/04/03 10:09:08 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2012/04/03 11:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2012/04/03 11:10:14 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2012/04/03 12:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2012/04/03 12:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2012/04/02 13:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2012/04/02 13:10:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2012/04/08 14:54:21 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2012/04/03 01:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/04/08 14:27:49 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2012/04/09 15:31:19 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2012/04/09 15:30:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2012/04/08 16:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2012/04/08 16:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2012/04/08 17:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2012/04/08 17:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2012/04/03 18:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2012/04/03 18:10:13 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2012/04/09 19:29:10 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2012/04/03 01:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2012/04/09 19:09:07 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2012/04/09 20:09:07 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2012/04/09 20:09:07 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2012/04/09 21:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2012/04/09 21:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2012/04/08 13:59:12 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2012/04/08 13:59:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2012/04/02 23:11:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2012/04/02 23:11:13 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2012/04/03 00:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2012/04/03 02:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2012/04/03 00:10:25 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2012/04/03 01:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2012/04/03 01:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2012/04/03 02:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2012/04/03 02:10:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2012/04/03 03:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2012/04/03 03:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2012/04/03 04:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2012/04/03 04:10:13 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2012/04/03 05:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2012/04/03 02:10:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2012/04/03 05:10:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2012/04/03 06:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2012/04/03 06:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2012/04/03 07:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2012/04/03 07:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2012/04/03 08:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2012/04/03 08:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2012/04/03 09:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2012/04/03 09:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2012/04/03 10:09:08 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2012/04/03 03:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2012/04/03 10:09:08 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2012/04/03 11:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2012/04/03 11:10:13 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2012/04/03 12:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At73.job
[2012/04/03 12:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At74.job
[2012/04/02 13:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At75.job
[2012/04/02 13:10:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At76.job
[2012/04/08 14:27:54 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At77.job
[2012/04/08 14:09:07 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At78.job
[2012/04/09 15:31:19 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At79.job
[2012/04/03 03:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2012/04/09 15:09:07 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At80.job
[2012/04/08 16:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At81.job
[2012/04/08 16:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At82.job
[2012/04/08 17:09:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At83.job
[2012/04/08 17:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At84.job
[2012/04/03 18:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At85.job
[2012/04/03 18:10:13 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At86.job
[2012/04/09 19:29:09 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At87.job
[2012/04/09 19:29:08 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At88.job
[2012/04/09 20:09:07 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At89.job
[2012/04/03 04:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2012/04/09 20:09:07 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At90.job
[2012/04/09 21:09:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At91.job
[2012/04/09 21:09:01 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At92.job
[2012/04/08 13:59:12 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At93.job
[2012/04/06 22:09:07 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At94.job
[2012/04/02 23:11:13 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At95.job
[2012/04/02 23:09:07 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At96.job
[2012/04/09 20:52:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2012/02/26 21:19:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >


This is the contents of Extras.txt:

OTL Extras logfile created on: 4/8/2012 4:14:35 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Jerri\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 73.07% Memory free
2.33 Gb Paging File | 1.93 Gb Available in Paging File | 82.79% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.26 Gb Total Space | 5.96 Gb Free Space | 10.40% Space Free | Partition Type: NTFS
Drive F: | 111.81 Gb Total Space | 75.29 Gb Free Space | 67.34% Space Free | Partition Type: NTFS
Drive G: | 111.81 Gb Total Space | 111.72 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

Computer Name: PAUL-QX8Y126H2L | User Name: Jerri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Documents and Settings\Paul\Application Data\syssl.exe" = C:\Documents and Settings\Paul\Application Data\syssl.exe:*:Enabled:Win32load
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"F:\iTunes\iTunes.exe" = F:\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{EAB6F4ED-B18D-4BF5-B18E-3C7921560EC4}" = Corel Painter Sketch Pad
"{00D6C191-50A2-4D9C-9285-1817D8420FB6}" = IPM
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1" = Spy Sweeper
"{5BD093B2-58E6-467D-99E4-E88A5FFC412C}" = Painter Sketch Pad
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72F6D9F1-98C4-473F-A540-ECDCEB6D3D76}" = Registration
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7CF31609-270B-11D6-9445-000102308676}" = Java 2 Runtime Environment, SE v1.4.0_01
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1" = Free Opener
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}" = PC Connectivity Solution
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC1E4C93-C1E7-11D6-9D10-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.0_03
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AFBBF30D-ADA9-4313-464E-14458B6BE034}" = Adobe Photoshop.com Inspiration Browser
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D5577624-0626-4C4B-87AA-D966DA1739D6}" = Nokia PC Suite
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D695F627-7F16-429A-ACE7-57C535AC6ECB}" = MP3 player
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E7562F88-BDCC-44D3-9C6B-313FC43052B7}" = IconHandler 32 bit
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EAB6F4ED-B18D-4BF5-B18E-3C7921560EC4}" = Corel SketchPad - ICA
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{F99C5427-4D78-43E2-B97E-F4C4E622D612}" = MapleStory
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Audacity_is1" = Audacity 1.2.6
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_0281A0A0" = AOpen FM56-SVV Soft PCI Modem
"Color Efex Pro 3.0 Wacom Edition 6" = Color Efex Pro 3.0 Wacom Edition 6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Centrale" = Creative Centrale
"Creative MuVo C100 Media Explorer" = Creative MuVo C100 Media Explorer
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"EESInst 99" = Encarta Encyclopedia 99
"Electronic Arts Game Updater" = Electronic Arts Game Updater
"EPSON Scanner" = EPSON Scan
"Eudora" = Eudora
"HijackThis" = HijackThis 2.0.2
"HOTLLAMA Media Player" = HOTLLAMA Media Player
"HOTLLAMA Media Player - Update" = HOTLLAMA Media Player - Update
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InterActual Player" = InterActual Player
"Java Web Start" = Java Web Start
"JRE 1.3.0_02" = Java 2 Runtime Environment Standard Edition v1.3.0_02
"Jump" = Jump
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Lifeware Screensaver 2008_is1" = Lifeware Screensaver 2008
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MavisBeacon8" = Mavis Beacon Teaches Typing 8.0.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Ms3DMovie" = Microsoft 3D Movie Maker 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MuVo Driver" = MuVo Driver
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Office8.0" = Microsoft Office 97, Professional Edition
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"Online Documentation" = Online Documentation
"PCSU-SL_is1" = PC Speed Up - Complete uninstall
"Pen Tablet Driver" = Bamboo
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Shockwave" = Shockwave
"Silent Package Run-Time Sample" = EPSON Perf 4490P Guide
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"Toyland" = Learning in Toyland
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Tweak UI 2.10" = Tweak UI
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGTK-2_is1" = GTK+ 2.8.18-1 runtime environment
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"ZENXFI2UG" = Creative ZEN X-Fi2 Documentation

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/6/2012 2:23:14 PM | Computer Name = PAUL-QX8Y126H2L | Source = TabletServicePen | ID = 0
Description =

Error - 3/6/2012 4:03:30 PM | Computer Name = PAUL-QX8Y126H2L | Source = TabletServicePen | ID = 0
Description =

Error - 3/6/2012 5:52:46 PM | Computer Name = PAUL-QX8Y126H2L | Source = TabletServicePen | ID = 0
Description =

Error - 3/6/2012 9:44:17 PM | Computer Name = PAUL-QX8Y126H2L | Source = TabletServicePen | ID = 0
Description =

Error - 3/6/2012 9:54:01 PM | Computer Name = PAUL-QX8Y126H2L | Source = TabletServicePen | ID = 0
Description =

Error - 3/23/2012 6:43:23 AM | Computer Name = PAUL-QX8Y126H2L | Source = Application Error | ID = 1000
Description = Faulting application FXUxT232.com, version 0.0.0.0, faulting module
FXUxT232.com, version 0.0.0.0, fault address 0x00071046.

Error - 3/23/2012 7:03:50 AM | Computer Name = PAUL-QX8Y126H2L | Source = Application Error | ID = 1000
Description = Faulting application FXUxT232.com, version 0.0.0.0, faulting module
FXUxT232.com, version 0.0.0.0, fault address 0x00071046.

Error - 3/26/2012 10:45:27 PM | Computer Name = PAUL-QX8Y126H2L | Source = Application Hang | ID = 1002
Description = Hanging application Eudora.exe, version 5.2.0.9, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2012 11:21:31 PM | Computer Name = PAUL-QX8Y126H2L | Source = Application Hang | ID = 1002
Description = Hanging application Eudora.exe, version 5.2.0.9, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2012 11:22:04 PM | Computer Name = PAUL-QX8Y126H2L | Source = Application Hang | ID = 1002
Description = Hanging application Eudora.exe, version 5.2.0.9, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/8/2012 5:47:34 PM | Computer Name = PAUL-QX8Y126H2L | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/8/2012 5:47:41 PM | Computer Name = PAUL-QX8Y126H2L | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/8/2012 5:47:46 PM | Computer Name = PAUL-QX8Y126H2L | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/8/2012 5:47:51 PM | Computer Name = PAUL-QX8Y126H2L | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/8/2012 5:48:41 PM | Computer Name = PAUL-QX8Y126H2L | Source = Disk | ID = 262159
Description = The device, \Device\Harddisk3\D, is not ready for access yet.

Error - 4/8/2012 5:48:41 PM | Computer Name = PAUL-QX8Y126H2L | Source = Disk | ID = 262159
Description = The device, \Device\Harddisk3\D, is not ready for access yet.

Error - 4/8/2012 6:09:00 PM | Computer Name = PAUL-QX8Y126H2L | Source = Schedule | ID = 7901
Description = The At31.job command failed to start due to the following error: %%2147942402

Error - 4/8/2012 6:09:00 PM | Computer Name = PAUL-QX8Y126H2L | Source = Schedule | ID = 7901
Description = The At79.job command failed to start due to the following error: %%2147942402

Error - 4/8/2012 7:13:47 PM | Computer Name = PAUL-QX8Y126H2L | Source = Disk | ID = 262159
Description = The device, \Device\Harddisk3\D, is not ready for access yet.

Error - 4/8/2012 7:13:47 PM | Computer Name = PAUL-QX8Y126H2L | Source = Disk | ID = 262159
Description = The device, \Device\Harddisk3\D, is not ready for access yet.


< End of report >


This is the contents of aswMBR.txt

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-09 21:19:56
-----------------------------
21:19:56.906 OS Version: Windows 5.1.2600 Service Pack 3
21:19:56.906 Number of processors: 1 586 0x207
21:19:56.906 ComputerName: PAUL-QX8Y126H2L UserName: Jerri
21:19:57.375 Initialize success
21:20:07.093 AVAST engine download error: 0
21:20:26.921 Disk 0 \Device\Harddisk0\DR0 -> \Device\Scsi\Pnp680r1Port0Path0Target0Lun0
21:20:26.921 Disk 0 Vendor: SAMSUNG_ TL10 Size: 114498MB BusType: 1
21:20:26.921 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\Pnp680r1Port0Path0Target1Lun0
21:20:26.921 Disk 1 Vendor: SAMSUNG_ TL10 Size: 114498MB BusType: 1
21:20:26.937 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-3
21:20:26.937 Disk 2 Vendor: Maxtor_6Y060L0 YAR41VW0 Size: 58644MB BusType: 3
21:20:26.937 Disk 3 \Device\Harddisk3\DR3 -> \Device\Scsi\fasttx2k1Port3Path0Target0Lun0
21:20:26.937 Disk 3 Vendor: Size: 0MB BusType: 1
21:20:26.953 Disk 2 MBR read successfully
21:20:26.953 Disk 2 MBR scan
21:20:26.953 Disk 2 Windows XP default MBR code
21:20:26.953 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 58635 MB offset 63
21:20:26.953 Disk 2 scanning sectors +120085875
21:20:27.515 Disk 2 scanning C:\WINDOWS\system32\drivers
21:20:42.406 File: C:\WINDOWS\system32\drivers\udfreadr_xp.sys **SUSPICIOUS**
21:20:44.859 Disk 2 trace - called modules:
21:20:44.875 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89d92fd0]<<
21:20:44.890 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x8a4e7ab8]
21:20:44.890 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x8a0c8f08]
21:20:44.890 \Driver\00001573[0x8a0bc950] -> IRP_MJ_CREATE -> 0x89d92fd0
21:20:44.890 Scan finished successfully
21:21:05.125 Disk 2 MBR has been saved successfully to "C:\Documents and Settings\Jerri\Desktop\MBR.dat"
21:21:05.125 The log file has been saved successfully to "C:\Documents and Settings\Jerri\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-09 22:27:02
-----------------------------
22:27:02.546 OS Version: Windows 5.1.2600 Service Pack 3
22:27:02.546 Number of processors: 1 586 0x207
22:27:02.546 ComputerName: PAUL-QX8Y126H2L UserName: Jerri
22:27:03.015 Initialize success
22:30:04.343 AVAST engine defs: 12040901
22:31:28.812 Disk 0 \Device\Harddisk0\DR0 -> \Device\Scsi\Pnp680r1Port0Path0Target0Lun0
22:31:28.812 Disk 0 Vendor: SAMSUNG_ TL10 Size: 114498MB BusType: 1
22:31:28.812 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\Pnp680r1Port0Path0Target1Lun0
22:31:28.812 Disk 1 Vendor: SAMSUNG_ TL10 Size: 114498MB BusType: 1
22:31:28.812 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-3
22:31:28.812 Disk 2 Vendor: Maxtor_6Y060L0 YAR41VW0 Size: 58644MB BusType: 3
22:31:28.812 Disk 3 \Device\Harddisk3\DR3 -> \Device\Scsi\fasttx2k1Port3Path0Target0Lun0
22:31:28.812 Disk 3 Vendor: Size: 0MB BusType: 1
22:31:28.828 Disk 2 MBR read successfully
22:31:28.828 Disk 2 MBR scan
22:31:28.875 Disk 2 Windows XP default MBR code
22:31:28.906 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 58635 MB offset 63
22:31:28.906 Disk 2 scanning sectors +120085875
22:31:29.296 Disk 2 scanning C:\WINDOWS\system32\drivers
22:31:50.437 File: C:\WINDOWS\system32\drivers\udfreadr_xp.sys **INFECTED** Win32:Aluroot-B [Rtk]
22:31:53.046 Disk 2 trace - called modules:
22:31:53.062 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89d92fd0]<<
22:31:53.078 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x8a4e7ab8]
22:31:53.078 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x8a0c8f08]
22:31:53.078 \Driver\00001573[0x8a0bc950] -> IRP_MJ_CREATE -> 0x89d92fd0
22:31:53.906 AVAST engine scan C:\WINDOWS
22:32:27.640 AVAST engine scan C:\WINDOWS\system32
22:33:11.109 File: C:\WINDOWS\system32\fsRamDsk.dll **INFECTED** Win32:Sirefef-SM [Trj]
22:33:11.484 File: C:\WINDOWS\system32\FXUxT232.com **INFECTED** Win32:Malware-gen
22:33:11.578 File: C:\WINDOWS\system32\FXUxT232.com_ **INFECTED** Win32:Malware-gen
22:36:35.171 AVAST engine scan C:\WINDOWS\system32\drivers
22:36:59.906 File: C:\WINDOWS\system32\drivers\udfreadr_xp.sys **INFECTED** Win32:Aluroot-B [Rtk]
22:37:05.921 AVAST engine scan C:\Documents and Settings\Jerri
23:10:17.968 AVAST engine scan C:\Documents and Settings\All Users
23:22:14.421 Scan finished successfully
23:34:45.968 Disk 2 MBR has been saved successfully to "C:\Documents and Settings\Jerri\Desktop\MBR.dat"
23:34:45.968 The log file has been saved successfully to "C:\Documents and Settings\Jerri\Desktop\aswMBR.txt"


I hope this works for you

Thanks,

Wassertor
  • 0

#4
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

I noted that the Extras.txt log did not update from yesterday. One other thing, your note about aswMBR indicated that the download would be 1.8 Mb in size. What downloaded when I activated the link was 4.5Mb in size. Is this a problem?

Extras.txt is only created on the first run of OTL unless it is specifically asked to be created.
The file size of aswMBR isn't a problem, my speech just needs updating.


Step 1

Download ComboFix from one of these locations and set the Save as type to All Files before saving it.

Link 1
Link 2
Link 3


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log at C:\ComboFix.txt in your next reply.


Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Double-click on TDSSKiller.exe to run the application, then click on Change Parameters.

    Posted Image

  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image

  • Click the Start Scan button.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image

  • If malicious objects are found, they will show in the Scan results and offer 3 options.
  • Ensure Cure is selected, then click Continue --> Reboot Computer to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.


Things I want to see in your next reply

  • ComboFix.txt
  • TDSSKiller.[Version]_[Date]_[Time]_log.txt

  • 0

#5
Wassertor

Wassertor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello

I have run Combofix and TDSSKiller. After I ran TDSSKiller, it had a warning that unresolved threats were still present, so I ran it again with the same result.

The Log files are as follows:

Combofix.txt

ComboFix 12-04-10.02 - Jerri 04/10/2012 22:11:15.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1140 [GMT -7:00]
Running from: c:\documents and settings\Jerri\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\3058gri7.exe
c:\documents and settings\All Users\Application Data\DirectCDUserNameE.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\RealPlayer10-5GOLD_rs.exe
c:\documents and settings\Jerri\WINDOWS
c:\documents and settings\Ryan\WINDOWS
c:\documents and settings\User\WINDOWS
c:\windows\$NtUninstallKB56600$\144037261\@
c:\windows\$NtUninstallKB56600$\144037261\cfg.ini
c:\windows\$NtUninstallKB56600$\144037261\Desktop.ini
c:\windows\$NtUninstallKB56600$\144037261\L\bnvaknir
c:\windows\$NtUninstallKB56600$\144037261\oemid
c:\windows\$NtUninstallKB56600$\144037261\U\00000001.@
c:\windows\$NtUninstallKB56600$\144037261\U\00000002.@
c:\windows\$NtUninstallKB56600$\144037261\U\00000004.@
c:\windows\$NtUninstallKB56600$\144037261\U\80000000.@
c:\windows\$NtUninstallKB56600$\144037261\U\80000004.@
c:\windows\$NtUninstallKB56600$\144037261\U\80000032.@
c:\windows\$NtUninstallKB56600$\144037261\version
c:\windows\$NtUninstallKB56600$\338505485
c:\windows\system32\CddbCdda.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\fsRamDsk.dll
c:\windows\system32\SET1F.tmp
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET41.tmp
c:\windows\system32\SET44.tmp
c:\windows\$NtUninstallKB56600$ . . . . Failed to delete
.
c:\windows\system32\drivers\UdfReadr_xp.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MSDISK
-------\Legacy_MSWINDOWS
-------\Service_MSDisk
-------\Legacy_DCamUSBGrandTek
-------\Service_DCamUSBGrandTek
.
.
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-11 05:09 . 2012-03-23 05:14 84992 ----a-w- c:\windows\system32\FXUxT232.com
2012-03-20 01:05 . 2012-03-20 01:05 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-20 01:05 . 2012-03-20 01:05 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 05:33 . 2011-08-14 15:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2002-08-29 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2004-10-01 23:00 . 2006-01-04 02:58 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2004-07-01 05:46 . 2004-07-01 05:45 150192 ----a-w- c:\program files\TweakUiPowertoySetup.exe
2003-01-26 06:52 . 2003-01-26 06:27 6431137 ----a-w- c:\program files\Eudora5.2.exe
2012-03-20 01:05 . 2011-05-08 04:50 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [2001-12-23 4608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-09 32768]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-03-17 102400]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-06-21 684032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="f:\itunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"LogMeIn Hamachi Ui"="f:\gleep\minecraft\New Folder\hamachi-2-ui.exe" [2012-02-29 1987976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe" [2011-12-06 234656]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\progra~1\Qualcomm\Eudora\EuShlExt.dll" [2002-10-23 86016]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 1:03 PM 169312]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;f:\gleep\minecraft\New Folder\hamachi-2.exe [2/28/2012 6:38 PM 1373576]
R2 PCSUService;PC Speed Up Service;c:\program files\PC Speed Up\PCSUService.exe [12/5/2011 7:32 PM 233184]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2/15/2012 10:39 PM 4497704]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [12/26/2009 4:22 PM 2789672]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2/15/2012 10:39 PM 113448]
S2 gupdate1c9b7481c74f9ef;Google Update Service (gupdate1c9b7481c74f9ef);c:\program files\Google\Update\GoogleUpdate.exe [4/6/2009 11:14 PM 133104]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [5/21/2008 4:42 AM 64000]
S3 dump_wmimmc;dump_wmimmc;\??\c:\windows\system32\drivers\dump_wmimmc.sys --> c:\windows\system32\drivers\dump_wmimmc.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/6/2009 11:14 PM 133104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\D.tmp --> c:\windows\system32\D.tmp [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [12/26/2009 4:22 PM 15656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
winpowermanager
incdsrv
cfosspeed
DCamUSBGrandTek
RimSerPort
tpsrv
mediamaxxlservice
pdiddcci
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2012-04-03 c:\windows\Tasks\At1.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At10.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At11.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At12.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At13.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At14.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At15.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At16.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At17.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At18.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At19.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At2.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At20.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At21.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At22.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At23.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At24.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At25.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At26.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-02 c:\windows\Tasks\At27.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-02 c:\windows\Tasks\At28.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-08 c:\windows\Tasks\At29.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At3.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-08 c:\windows\Tasks\At30.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-09 c:\windows\Tasks\At31.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-09 c:\windows\Tasks\At32.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-08 c:\windows\Tasks\At33.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-08 c:\windows\Tasks\At34.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-09 c:\windows\Tasks\At35.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-09 c:\windows\Tasks\At36.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-04 c:\windows\Tasks\At37.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-04 c:\windows\Tasks\At38.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-10 c:\windows\Tasks\At39.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At4.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-10 c:\windows\Tasks\At40.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-10 c:\windows\Tasks\At41.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-10 c:\windows\Tasks\At42.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-11 c:\windows\Tasks\At43.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-11 c:\windows\Tasks\At44.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-11 c:\windows\Tasks\At45.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-11 c:\windows\Tasks\At46.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-10 c:\windows\Tasks\At47.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-10 c:\windows\Tasks\At48.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At49.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At5.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At50.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At51.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At52.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At53.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At54.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At55.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At56.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At57.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At58.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At59.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At6.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At60.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At61.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At62.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At63.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At64.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At65.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At66.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At67.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At68.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At69.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At7.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At70.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At71.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At72.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-03 c:\windows\Tasks\At73.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At74.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-02 c:\windows\Tasks\At75.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-02 c:\windows\Tasks\At76.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-08 c:\windows\Tasks\At77.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-08 c:\windows\Tasks\At78.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-09 c:\windows\Tasks\At79.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At8.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-09 c:\windows\Tasks\At80.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-08 c:\windows\Tasks\At81.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-08 c:\windows\Tasks\At82.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-09 c:\windows\Tasks\At83.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-09 c:\windows\Tasks\At84.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-04 c:\windows\Tasks\At85.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-04 c:\windows\Tasks\At86.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-10 c:\windows\Tasks\At87.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-10 c:\windows\Tasks\At88.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-10 c:\windows\Tasks\At89.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At9.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-10 c:\windows\Tasks\At90.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-11 c:\windows\Tasks\At91.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-11 c:\windows\Tasks\At92.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-11 c:\windows\Tasks\At93.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-11 c:\windows\Tasks\At94.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-10 c:\windows\Tasks\At95.job
- c:\windows\system32\FXUxT232.com [2012-04-11 05:14]
.
2012-04-10 c:\windows\Tasks\At96.job
- c:\windows\system32\FXUxT232.com_ [2012-04-10 05:14]
.
2012-04-11 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 06:14]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 06:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?0fc636fde303460c936a4ccc29b35817
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?0fc636fde303460c936a4ccc29b35817
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
TCP: DhcpNameServer = 192.168.1.1
Handler: ms-its50 - {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss50.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jerri\Application Data\Mozilla\Firefox\Profiles\v50mc64d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-PowerBar - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-HijackThis - c:\documents and settings\Paul\My Documents\Cache\Cache\HijackThis.exe
AddRemove-HOTLLAMA Media Player - Update - c:\docume~1\Brenna\MYDOCU~1\Videos\Player\UNWISE.EXE
AddRemove-Shockwave - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-Sophos-AntiRootkit - d:\sophos anti-rootkit\helper.exe
AddRemove-Toyland - E:\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-10 22:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ?????????^?????????????????????????????????????????????????????????w???w????j??wNe?w?????????^????@????s???s??????@?????Y??s?U2?D??s????Hl?s????????????<'?s???s???s??????@?????Y??s$V2?D??s8?@??$@?8?@?8?@?????????0V2?PA2?{??s?A2??U2??A2?PA2?p??s?????????U2????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\D.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2412)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\WTouch\WTouchUser.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.EXE
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\carpserv.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-04-10 22:45:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-11 05:44
.
Pre-Run: 6,074,261,504 bytes free
Post-Run: 9,353,400,320 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 5C442B890693FDEFDF33547EA0070742

TDSSKiller Log:


22:52:35.0328 3464 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
22:52:36.0015 3464 ============================================================
22:52:36.0015 3464 Current date / time: 2012/04/10 22:52:36.0015
22:52:36.0015 3464 SystemInfo:
22:52:36.0015 3464
22:52:36.0015 3464 OS Version: 5.1.2600 ServicePack: 3.0
22:52:36.0015 3464 Product type: Workstation
22:52:36.0015 3464 ComputerName: PAUL-QX8Y126H2L
22:52:36.0015 3464 UserName: Jerri
22:52:36.0015 3464 Windows directory: C:\WINDOWS
22:52:36.0015 3464 System windows directory: C:\WINDOWS
22:52:36.0015 3464 Processor architecture: Intel x86
22:52:36.0015 3464 Number of processors: 1
22:52:36.0015 3464 Page size: 0x1000
22:52:36.0015 3464 Boot type: Normal boot
22:52:36.0015 3464 ============================================================
22:52:38.0328 3464 Drive \Device\Harddisk3\DR3 - Size: 0x0 (0.00 Gb), SectorSize: 0x0, Cylinders: 0x0, SectorsPerTrack: 0x0, TracksPerCylinder: 0x0, Type 'K0', Flags 0x00000058
22:52:38.0343 3464 Drive \Device\Harddisk0\DR0 - Size: 0x1BF4290000 (111.82 Gb), SectorSize: 0x200, Cylinders: 0x3904, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
22:52:38.0343 3464 Drive \Device\Harddisk1\DR1 - Size: 0x1BF4290000 (111.82 Gb), SectorSize: 0x200, Cylinders: 0x3904, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
22:52:38.0359 3464 Drive \Device\Harddisk2\DR2 - Size: 0xE51424000 (57.27 Gb), SectorSize: 0x200, Cylinders: 0x1D34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:52:38.0359 3464 \Device\Harddisk0\DR0:
22:52:38.0359 3464 MBR used
22:52:38.0359 3464 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF9F3C5
22:52:38.0359 3464 \Device\Harddisk1\DR1:
22:52:38.0359 3464 MBR used
22:52:38.0359 3464 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF9F3C5
22:52:38.0359 3464 \Device\Harddisk2\DR2:
22:52:38.0359 3464 MBR used
22:52:38.0359 3464 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7285D34
22:52:38.0468 3464 Initialize success
22:52:38.0468 3464 ============================================================
22:53:07.0968 2920 ============================================================
22:53:07.0968 2920 Scan started
22:53:07.0968 2920 Mode: Manual; SigCheck; TDLFS;
22:53:07.0968 2920 ============================================================
22:53:08.0250 2920 aawservice (17067069b9a7865028c1f2e6971d0ccc) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
22:53:08.0437 2920 aawservice - ok
22:53:08.0531 2920 Abiosdsk - ok
22:53:08.0609 2920 abp480n5 - ok
22:53:08.0750 2920 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:53:09.0015 2920 ACPI - ok
22:53:09.0125 2920 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:53:09.0406 2920 ACPIEC - ok
22:53:09.0531 2920 AdobeActiveFileMonitor7.0 (3fd8dc2c9735c2aa70155102cfb93eda) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
22:53:09.0562 2920 AdobeActiveFileMonitor7.0 - ok
22:53:09.0640 2920 adpu160m - ok
22:53:09.0765 2920 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
22:53:09.0828 2920 aeaudio - ok
22:53:09.0953 2920 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:53:10.0203 2920 aec - ok
22:53:10.0359 2920 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:53:10.0421 2920 AFD - ok
22:53:10.0546 2920 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:53:10.0781 2920 agp440 - ok
22:53:10.0875 2920 Aha154x - ok
22:53:10.0968 2920 aic78u2 - ok
22:53:11.0046 2920 aic78xx - ok
22:53:11.0156 2920 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:53:11.0390 2920 Alerter - ok
22:53:11.0484 2920 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:53:11.0718 2920 ALG - ok
22:53:11.0812 2920 AliIde - ok
22:53:11.0906 2920 amsint - ok
22:53:12.0046 2920 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:53:12.0062 2920 Apple Mobile Device - ok
22:53:12.0171 2920 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:53:12.0406 2920 AppMgmt - ok
22:53:12.0515 2920 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:53:12.0765 2920 Arp1394 - ok
22:53:12.0859 2920 asc - ok
22:53:12.0953 2920 asc3350p - ok
22:53:13.0031 2920 asc3550 - ok
22:53:13.0156 2920 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:53:13.0187 2920 aspnet_state - ok
22:53:13.0328 2920 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:53:13.0562 2920 AsyncMac - ok
22:53:13.0687 2920 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:53:13.0921 2920 atapi - ok
22:53:14.0015 2920 Atdisk - ok
22:53:14.0140 2920 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:53:14.0375 2920 Atmarpc - ok
22:53:14.0484 2920 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:53:14.0718 2920 AudioSrv - ok
22:53:15.0140 2920 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:53:15.0375 2920 audstub - ok
22:53:15.0500 2920 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
22:53:15.0750 2920 basic2 - ok
22:53:15.0890 2920 bcm4sbxp (c0541cd42e39af45be203e677351f310) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
22:53:15.0937 2920 bcm4sbxp - ok
22:53:16.0046 2920 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:53:16.0296 2920 Beep - ok
22:53:16.0453 2920 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:53:16.0734 2920 BITS - ok
22:53:16.0859 2920 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:53:16.0890 2920 Bonjour Service - ok
22:53:17.0015 2920 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:53:17.0250 2920 Browser - ok
22:53:17.0265 2920 catchme - ok
22:53:17.0375 2920 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:53:17.0640 2920 cbidf2k - ok
22:53:17.0734 2920 cd20xrnt - ok
22:53:17.0828 2920 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:53:18.0093 2920 Cdaudio - ok
22:53:18.0218 2920 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:53:18.0437 2920 Cdfs - ok
22:53:18.0546 2920 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
22:53:18.0609 2920 Cdr4_xp - ok
22:53:18.0734 2920 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
22:53:18.0750 2920 Cdralw2k - ok
22:53:18.0843 2920 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:53:19.0078 2920 Cdrom - ok
22:53:19.0203 2920 cdudf_xp (5cc1f217fbd3e0f0ac7e4042aa242ee0) C:\WINDOWS\system32\drivers\cdudf_xp.sys
22:53:19.0234 2920 cdudf_xp ( UnsignedFile.Multi.Generic ) - warning
22:53:19.0234 2920 cdudf_xp - detected UnsignedFile.Multi.Generic (1)
22:53:19.0312 2920 cfosspeed - ok
22:53:19.0375 2920 Changer - ok
22:53:19.0484 2920 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:53:19.0687 2920 CiSvc - ok
22:53:19.0812 2920 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:53:20.0046 2920 ClipSrv - ok
22:53:20.0171 2920 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:53:20.0187 2920 clr_optimization_v2.0.50727_32 - ok
22:53:20.0296 2920 CmdIde - ok
22:53:20.0375 2920 COMSysApp - ok
22:53:20.0453 2920 Cpqarray - ok
22:53:20.0546 2920 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\System32\CTsvcCDA.EXE
22:53:20.0562 2920 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
22:53:20.0562 2920 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
22:53:20.0687 2920 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:53:20.0906 2920 CryptSvc - ok
22:53:21.0046 2920 CTDevice_Srv (a5bea0e5c297f5f3835638a87e512fba) C:\Program Files\Creative\Shared Files\CTDevSrv.exe
22:53:21.0062 2920 CTDevice_Srv ( UnsignedFile.Multi.Generic ) - warning
22:53:21.0062 2920 CTDevice_Srv - detected UnsignedFile.Multi.Generic (1)
22:53:21.0218 2920 CTUPnPSv (8e26d772f53b7883a651e0e4a9598f21) C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
22:53:21.0234 2920 CTUPnPSv ( UnsignedFile.Multi.Generic ) - warning
22:53:21.0234 2920 CTUPnPSv - detected UnsignedFile.Multi.Generic (1)
22:53:21.0343 2920 dac2w2k - ok
22:53:21.0421 2920 dac960nt - ok
22:53:21.0562 2920 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:53:21.0671 2920 DcomLaunch - ok
22:53:21.0781 2920 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:53:22.0031 2920 Dhcp - ok
22:53:22.0171 2920 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:53:22.0375 2920 Disk - ok
22:53:22.0453 2920 dmadmin - ok
22:53:22.0562 2920 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:53:22.0843 2920 dmboot - ok
22:53:22.0968 2920 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:53:23.0218 2920 dmio - ok
22:53:23.0328 2920 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:53:23.0546 2920 dmload - ok
22:53:23.0671 2920 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:53:23.0875 2920 dmserver - ok
22:53:24.0015 2920 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:53:24.0250 2920 DMusic - ok
22:53:24.0375 2920 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:53:24.0406 2920 Dnscache - ok
22:53:24.0500 2920 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:53:24.0734 2920 Dot3svc - ok
22:53:24.0875 2920 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
22:53:25.0109 2920 dot4 - ok
22:53:25.0234 2920 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
22:53:25.0453 2920 Dot4Print - ok
22:53:25.0578 2920 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
22:53:25.0828 2920 dot4usb - ok
22:53:25.0906 2920 dpti2o - ok
22:53:25.0968 2920 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:53:26.0171 2920 drmkaud - ok
22:53:26.0250 2920 dump_wmimmc - ok
22:53:26.0281 2920 dvd_2K - ok
22:53:26.0375 2920 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:53:26.0593 2920 EapHost - ok
22:53:26.0703 2920 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:53:26.0921 2920 ERSvc - ok
22:53:27.0046 2920 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:53:27.0125 2920 Eventlog - ok
22:53:27.0250 2920 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
22:53:27.0281 2920 EventSystem - ok
22:53:27.0421 2920 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
22:53:27.0656 2920 Fallback - ok
22:53:27.0812 2920 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:53:28.0031 2920 Fastfat - ok
22:53:28.0140 2920 fasttx2k (82f8a9ed1525202f720b9bb012449225) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
22:53:28.0156 2920 fasttx2k ( UnsignedFile.Multi.Generic ) - warning
22:53:28.0156 2920 fasttx2k - detected UnsignedFile.Multi.Generic (1)
22:53:28.0296 2920 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:53:28.0359 2920 FastUserSwitchingCompatibility - ok
22:53:28.0484 2920 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:53:28.0718 2920 Fdc - ok
22:53:28.0859 2920 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:53:29.0078 2920 Fips - ok
22:53:29.0187 2920 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:53:29.0250 2920 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:53:29.0250 2920 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:53:29.0390 2920 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:53:29.0609 2920 Flpydisk - ok
22:53:29.0718 2920 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:53:29.0953 2920 FltMgr - ok
22:53:30.0140 2920 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:53:30.0156 2920 FontCache3.0.0.0 - ok
22:53:30.0296 2920 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
22:53:30.0546 2920 Fsks - ok
22:53:30.0671 2920 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:53:30.0906 2920 Fs_Rec - ok
22:53:31.0015 2920 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:53:31.0265 2920 Ftdisk - ok
22:53:31.0453 2920 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
22:53:31.0656 2920 gameenum - ok
22:53:31.0765 2920 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:53:31.0781 2920 GEARAspiWDM - ok
22:53:31.0843 2920 getPlusHelper (fd7e9aba274df75e08320420b8e9a1d5) C:\Program Files\NOS\bin\getPlus_Helper.dll
22:53:31.0859 2920 getPlusHelper - ok
22:53:31.0984 2920 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:53:32.0203 2920 Gpc - ok
22:53:32.0328 2920 gupdate1c9b7481c74f9ef (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
22:53:32.0343 2920 gupdate1c9b7481c74f9ef - ok
22:53:32.0359 2920 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
22:53:32.0375 2920 gupdatem - ok
22:53:32.0500 2920 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
22:53:32.0515 2920 hamachi - ok
22:53:32.0796 2920 Hamachi2Svc (fa89c0429821c7c429eec7a0ce1c02d3) F:\Gleep\minecraft\New Folder\hamachi-2.exe
22:53:32.0968 2920 Hamachi2Svc - ok
22:53:33.0140 2920 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:53:33.0359 2920 helpsvc - ok
22:53:33.0468 2920 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
22:53:33.0671 2920 HidServ - ok
22:53:33.0812 2920 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:53:34.0015 2920 HidUsb - ok
22:53:34.0109 2920 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:53:34.0343 2920 hkmsvc - ok
22:53:34.0421 2920 hpn - ok
22:53:34.0546 2920 HSFHWBS2 (127f6638eb09050f5a490bbd6507b37a) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:53:34.0593 2920 HSFHWBS2 - ok
22:53:34.0750 2920 HSF_DP (0ade6a9622ff72599ef2980036112f17) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:53:34.0828 2920 HSF_DP - ok
22:53:34.0984 2920 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
22:53:35.0281 2920 hsf_msft - ok
22:53:35.0437 2920 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:53:35.0484 2920 HTTP - ok
22:53:35.0609 2920 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:53:35.0812 2920 HTTPFilter - ok
22:53:35.0906 2920 i2omgmt - ok
22:53:35.0984 2920 i2omp - ok
22:53:36.0109 2920 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:53:36.0328 2920 i8042prt - ok
22:53:36.0593 2920 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:53:36.0625 2920 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:53:36.0625 2920 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:53:36.0796 2920 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:53:36.0875 2920 idsvc - ok
22:53:37.0000 2920 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:53:37.0218 2920 Imapi - ok
22:53:37.0328 2920 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:53:37.0546 2920 ImapiService - ok
22:53:37.0656 2920 ini910u - ok
22:53:37.0781 2920 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:53:37.0984 2920 IntelIde - ok
22:53:38.0125 2920 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:53:38.0328 2920 intelppm - ok
22:53:38.0468 2920 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:53:38.0703 2920 ip6fw - ok
22:53:38.0828 2920 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:53:39.0078 2920 IpFilterDriver - ok
22:53:39.0218 2920 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:53:39.0437 2920 IpInIp - ok
22:53:39.0578 2920 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:53:39.0796 2920 IpNat - ok
22:53:39.0906 2920 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
22:53:39.0984 2920 iPod Service - ok
22:53:40.0109 2920 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:53:40.0312 2920 IPSec - ok
22:53:40.0468 2920 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:53:40.0703 2920 IRENUM - ok
22:53:40.0828 2920 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:53:41.0046 2920 isapnp - ok
22:53:41.0218 2920 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program Files\Java\jre6\bin\jqs.exe
22:53:41.0234 2920 JavaQuickStarterService - ok
22:53:41.0421 2920 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
22:53:41.0687 2920 K56 - ok
22:53:41.0828 2920 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:53:42.0046 2920 Kbdclass - ok
22:53:42.0187 2920 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:53:42.0406 2920 kbdhid - ok
22:53:42.0531 2920 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:53:42.0734 2920 kmixer - ok
22:53:42.0890 2920 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:53:42.0937 2920 KSecDD - ok
22:53:43.0046 2920 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:53:43.0140 2920 lanmanserver - ok
22:53:43.0250 2920 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:53:43.0281 2920 lanmanworkstation - ok
22:53:43.0375 2920 lbrtfdc - ok
22:53:43.0500 2920 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:53:43.0718 2920 LmHosts - ok
22:53:43.0828 2920 mdmxsdk (a1e9d936eac07ee9386e87bac1377fad) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:53:43.0859 2920 mdmxsdk - ok
22:53:43.0921 2920 MEMSWEEP2 - ok
22:53:44.0015 2920 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:53:44.0218 2920 Messenger - ok
22:53:44.0390 2920 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
22:53:44.0406 2920 mferkdk - ok
22:53:44.0515 2920 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
22:53:44.0531 2920 mfesmfk - ok
22:53:44.0609 2920 mmc_2K - ok
22:53:44.0718 2920 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:53:44.0953 2920 mnmdd - ok
22:53:45.0062 2920 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
22:53:45.0296 2920 mnmsrvc - ok
22:53:45.0500 2920 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:53:45.0703 2920 Modem - ok
22:53:45.0828 2920 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:53:46.0078 2920 MODEMCSA - ok
22:53:46.0203 2920 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:53:46.0421 2920 Mouclass - ok
22:53:46.0546 2920 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:53:46.0781 2920 mouhid - ok
22:53:46.0921 2920 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:53:47.0125 2920 MountMgr - ok
22:53:47.0218 2920 mraid35x - ok
22:53:47.0328 2920 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:53:47.0562 2920 MRxDAV - ok
22:53:47.0703 2920 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:53:47.0781 2920 MRxSmb - ok
22:53:47.0890 2920 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
22:53:48.0093 2920 MSDTC - ok
22:53:48.0218 2920 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:53:48.0437 2920 Msfs - ok
22:53:48.0500 2920 MSIServer - ok
22:53:48.0593 2920 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:53:48.0812 2920 MSKSSRV - ok
22:53:48.0953 2920 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:53:49.0156 2920 MSPCLOCK - ok
22:53:49.0296 2920 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:53:49.0515 2920 MSPQM - ok
22:53:49.0640 2920 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:53:49.0843 2920 mssmbios - ok
22:53:49.0968 2920 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:53:50.0015 2920 Mup - ok
22:53:50.0140 2920 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:53:50.0359 2920 napagent - ok
22:53:50.0531 2920 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:53:50.0750 2920 NDIS - ok
22:53:50.0859 2920 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:53:50.0906 2920 NdisTapi - ok
22:53:51.0031 2920 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:53:51.0250 2920 Ndisuio - ok
22:53:51.0390 2920 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:53:51.0609 2920 NdisWan - ok
22:53:51.0750 2920 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:53:51.0781 2920 NDProxy - ok
22:53:51.0921 2920 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:53:52.0125 2920 NetBIOS - ok
22:53:52.0265 2920 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:53:52.0468 2920 NetBT - ok
22:53:52.0593 2920 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:53:52.0796 2920 NetDDE - ok
22:53:52.0812 2920 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:53:53.0015 2920 NetDDEdsdm - ok
22:53:53.0187 2920 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:53:53.0406 2920 Netlogon - ok
22:53:53.0515 2920 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:53:53.0734 2920 Netman - ok
22:53:53.0906 2920 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:53:53.0921 2920 NetTcpPortSharing - ok
22:53:54.0078 2920 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:53:54.0296 2920 NIC1394 - ok
22:53:54.0453 2920 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:53:54.0484 2920 Nla - ok
22:53:54.0625 2920 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
22:53:54.0859 2920 nmwcd - ok
22:53:54.0984 2920 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
22:53:55.0125 2920 nmwcdc - ok
22:53:55.0250 2920 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:53:55.0468 2920 Npfs - ok
22:53:55.0562 2920 npkcrypt (fd9666a8eb88e713c18e2e90f6e746d0) C:\Program Files\NEXON\MapleStory\npkcrypt.sys
22:53:55.0562 2920 npkcrypt ( UnsignedFile.Multi.Generic ) - warning
22:53:55.0562 2920 npkcrypt - detected UnsignedFile.Multi.Generic (1)
22:53:55.0671 2920 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
22:53:55.0687 2920 NPPTNT2 ( UnsignedFile.Multi.Generic ) - warning
22:53:55.0687 2920 NPPTNT2 - detected UnsignedFile.Multi.Generic (1)
22:53:55.0812 2920 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:53:56.0046 2920 Ntfs - ok
22:53:56.0140 2920 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
22:53:56.0343 2920 NtLmSsp - ok
22:53:56.0531 2920 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:53:56.0750 2920 NtmsSvc - ok
22:53:56.0859 2920 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:53:57.0109 2920 Null - ok
22:53:57.0515 2920 nv (8c0456001b6900114bbb1c548bd8aaf5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:53:58.0031 2920 nv - ok
22:53:58.0140 2920 NVSvc (472a00d2183c9e5edb3e076272741812) C:\WINDOWS\system32\nvsvc32.exe
22:53:58.0187 2920 NVSvc - ok
22:53:58.0296 2920 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:53:58.0546 2920 NwlnkFlt - ok
22:53:58.0656 2920 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:53:58.0906 2920 NwlnkFwd - ok
22:53:59.0031 2920 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:53:59.0234 2920 ohci1394 - ok
22:53:59.0406 2920 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:53:59.0609 2920 Parport - ok
22:53:59.0734 2920 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:53:59.0937 2920 PartMgr - ok
22:54:00.0046 2920 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:54:00.0265 2920 ParVdm - ok
22:54:00.0421 2920 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
22:54:00.0468 2920 pccsmcfd - ok
22:54:00.0593 2920 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:54:00.0812 2920 PCI - ok
22:54:00.0906 2920 PCIDump - ok
22:54:01.0015 2920 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:54:01.0250 2920 PCIIde - ok
22:54:01.0437 2920 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:54:01.0640 2920 Pcmcia - ok
22:54:01.0750 2920 PCSUService (56e916d31fbc2d811d69c25e230f8f7e) C:\Program Files\PC Speed Up\PCSUService.exe
22:54:01.0765 2920 PCSUService - ok
22:54:01.0875 2920 PDCOMP - ok
22:54:01.0953 2920 PDFRAME - ok
22:54:02.0015 2920 pdiddcci - ok
22:54:02.0078 2920 PDRELI - ok
22:54:02.0156 2920 PDRFRAME - ok
22:54:02.0250 2920 perc2 - ok
22:54:02.0328 2920 perc2hib - ok
22:54:02.0437 2920 PfModNT - ok
22:54:02.0546 2920 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:54:02.0625 2920 PlugPlay - ok
22:54:02.0718 2920 Pml Driver HPZ12 (3cecda26586ca4db9be51241a6db7c3c) C:\WINDOWS\System32\HPZipm12.dll
22:54:02.0843 2920 Pml Driver HPZ12 - ok
22:54:02.0968 2920 Pnp680r (a1d7a9214b71ebbb6f31cb84aac15525) C:\WINDOWS\system32\DRIVERS\pnp680r.sys
22:54:03.0000 2920 Pnp680r - ok
22:54:03.0140 2920 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:54:03.0343 2920 PolicyAgent - ok
22:54:03.0500 2920 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:54:03.0703 2920 PptpMiniport - ok
22:54:03.0812 2920 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:54:04.0031 2920 Processor - ok
22:54:04.0109 2920 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:54:04.0312 2920 ProtectedStorage - ok
22:54:04.0437 2920 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:54:04.0656 2920 PSched - ok
22:54:04.0734 2920 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
22:54:04.0750 2920 PSI_SVC_2 - ok
22:54:04.0875 2920 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:54:05.0109 2920 Ptilink - ok
22:54:05.0203 2920 pwd_2k - ok
22:54:05.0343 2920 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:54:05.0343 2920 PxHelp20 - ok
22:54:05.0453 2920 ql1080 - ok
22:54:05.0531 2920 Ql10wnt - ok
22:54:05.0609 2920 ql12160 - ok
22:54:05.0703 2920 ql1240 - ok
22:54:05.0781 2920 ql1280 - ok
22:54:05.0890 2920 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:54:06.0125 2920 RasAcd - ok
22:54:06.0234 2920 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:54:06.0453 2920 RasAuto - ok
22:54:06.0562 2920 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:54:06.0781 2920 Rasl2tp - ok
22:54:06.0890 2920 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:54:07.0093 2920 RasMan - ok
22:54:07.0218 2920 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:54:07.0421 2920 RasPppoe - ok
22:54:07.0531 2920 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:54:07.0765 2920 Raspti - ok
22:54:07.0921 2920 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:54:08.0125 2920 Rdbss - ok
22:54:08.0234 2920 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:54:08.0468 2920 RDPCDD - ok
22:54:08.0593 2920 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:54:08.0812 2920 rdpdr - ok
22:54:08.0968 2920 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:54:09.0015 2920 RDPWD - ok
22:54:09.0140 2920 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:54:09.0343 2920 RDSessMgr - ok
22:54:09.0515 2920 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:54:09.0718 2920 redbook - ok
22:54:09.0859 2920 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:54:10.0078 2920 RemoteAccess - ok
22:54:10.0203 2920 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:54:10.0421 2920 RemoteRegistry - ok
22:54:10.0500 2920 RimSerPort - ok
22:54:10.0609 2920 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
22:54:10.0656 2920 RimUsb - ok
22:54:10.0781 2920 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
22:54:10.0812 2920 RimVSerPort - ok
22:54:10.0968 2920 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
22:54:11.0203 2920 Rksample - ok
22:54:11.0328 2920 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
22:54:11.0578 2920 ROOTMODEM - ok
22:54:11.0718 2920 Roxio UPnP Renderer 9 (afd61a7c48a3e15c86a6fadf0b69a2e4) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
22:54:11.0734 2920 Roxio UPnP Renderer 9 - ok
22:54:11.0890 2920 Roxio Upnp Server 9 (efbb36e2bb02169d26e9980778fc20d3) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
22:54:11.0906 2920 Roxio Upnp Server 9 - ok
22:54:12.0078 2920 RoxLiveShare9 (78e680a105f47b6aa0003bd23ed9fa51) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
22:54:12.0093 2920 RoxLiveShare9 - ok
22:54:12.0296 2920 RoxMediaDB9 (9d5c024170c376d7cc66ed853fda9068) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
22:54:12.0390 2920 RoxMediaDB9 - ok
22:54:12.0578 2920 RoxWatch9 (87f175539dbba297018aa7fcdd563ff7) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
22:54:12.0593 2920 RoxWatch9 - ok
22:54:12.0718 2920 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
22:54:12.0906 2920 RpcLocator - ok
22:54:13.0046 2920 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
22:54:13.0125 2920 RpcSs - ok
22:54:13.0218 2920 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
22:54:13.0468 2920 RSVP - ok
22:54:13.0578 2920 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:54:13.0781 2920 SamSs - ok
22:54:13.0890 2920 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:54:14.0109 2920 SCardSvr - ok
22:54:14.0234 2920 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:54:14.0437 2920 Schedule - ok
22:54:14.0562 2920 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:54:14.0781 2920 Secdrv - ok
22:54:14.0890 2920 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:54:15.0109 2920 seclogon - ok
22:54:15.0218 2920 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:54:15.0421 2920 SENS - ok
22:54:15.0562 2920 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:54:15.0781 2920 serenum - ok
22:54:15.0906 2920 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:54:16.0109 2920 Serial - ok
22:54:16.0234 2920 ServiceLayer (d0d2ff6132db177a5192891a8cc9578c) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
22:54:16.0312 2920 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
22:54:16.0312 2920 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
22:54:16.0468 2920 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:54:16.0671 2920 Sfloppy - ok
22:54:16.0796 2920 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:54:17.0031 2920 SharedAccess - ok
22:54:17.0156 2920 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:54:17.0187 2920 ShellHWDetection - ok
22:54:17.0265 2920 Simbad - ok
22:54:17.0406 2920 smwdm (564f8e5b3c0860bd18be78cabcfd5cca) C:\WINDOWS\system32\drivers\smwdm.sys
22:54:17.0484 2920 smwdm - ok
22:54:17.0609 2920 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
22:54:17.0859 2920 SoftFax - ok
22:54:17.0953 2920 Sparrow - ok
22:54:18.0125 2920 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:54:18.0343 2920 splitter - ok
22:54:18.0468 2920 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:54:18.0515 2920 Spooler - ok
22:54:18.0656 2920 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:54:18.0859 2920 sr - ok
22:54:18.0968 2920 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:54:19.0203 2920 srservice - ok
22:54:19.0328 2920 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:54:19.0421 2920 Srv - ok
22:54:19.0546 2920 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:54:19.0765 2920 SSDPSRV - ok
22:54:19.0890 2920 SSKBFD (8564bc9598be1705477b7fa61d657c2b) C:\WINDOWS\system32\Drivers\sskbfd.sys
22:54:19.0906 2920 SSKBFD - ok
22:54:20.0031 2920 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:54:20.0281 2920 stisvc - ok
22:54:20.0437 2920 StreamDispatcher (0aaf9a073b37eda0f479a6aae76b0fbf) C:\WINDOWS\system32\DRIVERS\strmdisp.sys
22:54:20.0453 2920 StreamDispatcher - ok
22:54:20.0640 2920 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:54:20.0843 2920 swenum - ok
22:54:20.0968 2920 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:54:21.0171 2920 swmidi - ok
22:54:21.0234 2920 SwPrv - ok
22:54:21.0312 2920 symc810 - ok
22:54:21.0390 2920 symc8xx - ok
22:54:21.0484 2920 sym_hi - ok
22:54:21.0578 2920 sym_u3 - ok
22:54:21.0718 2920 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:54:21.0921 2920 sysaudio - ok
22:54:22.0031 2920 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:54:22.0250 2920 SysmonLog - ok
22:54:22.0546 2920 TabletServicePen (099aee120cac4a43ce307a828998392f) C:\WINDOWS\system32\Pen_Tablet.exe
22:54:22.0843 2920 TabletServicePen - ok
22:54:23.0078 2920 TabletServiceWacom (7d81434924c4947dc29c00848e2a0029) C:\WINDOWS\system32\Wacom_Tablet.exe
22:54:23.0296 2920 TabletServiceWacom - ok
22:54:23.0437 2920 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:54:23.0671 2920 TapiSrv - ok
22:54:23.0812 2920 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:54:23.0843 2920 Tcpip - ok
22:54:23.0968 2920 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:54:24.0187 2920 TDPIPE - ok
22:54:24.0312 2920 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:54:24.0515 2920 TDTCP - ok
22:54:24.0656 2920 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:54:24.0875 2920 TermDD - ok
22:54:25.0000 2920 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:54:25.0234 2920 TermService - ok
22:54:25.0343 2920 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:54:25.0359 2920 Themes - ok
22:54:25.0468 2920 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
22:54:25.0703 2920 TlntSvr - ok
22:54:25.0812 2920 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
22:54:26.0062 2920 Tones - ok
22:54:26.0156 2920 TosIde - ok
22:54:26.0265 2920 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:54:26.0468 2920 TrkWks - ok
22:54:26.0593 2920 UdfReadr_xp (3a28afb82559b2cb4d6bf51e6ccd6678) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
22:54:26.0609 2920 UdfReadr_xp ( Virus.Win32.ZAccess.k ) - infected
22:54:26.0609 2920 UdfReadr_xp - detected Virus.Win32.ZAccess.k (0)
22:54:26.0734 2920 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:54:26.0953 2920 Udfs - ok
22:54:27.0046 2920 ultra - ok
22:54:27.0187 2920 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:54:27.0453 2920 Update - ok
22:54:27.0562 2920 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:54:27.0765 2920 upnphost - ok
22:54:27.0890 2920 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
22:54:28.0000 2920 upperdev - ok
22:54:28.0109 2920 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:54:28.0312 2920 UPS - ok
22:54:28.0453 2920 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:54:28.0484 2920 USBAAPL - ok
22:54:28.0625 2920 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:54:28.0843 2920 usbccgp - ok
22:54:28.0968 2920 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:54:29.0171 2920 usbehci - ok
22:54:29.0296 2920 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:54:29.0500 2920 usbhub - ok
22:54:29.0625 2920 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:54:29.0843 2920 usbprint - ok
22:54:29.0984 2920 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:54:30.0187 2920 usbscan - ok
22:54:30.0312 2920 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
22:54:30.0531 2920 usbser - ok
22:54:30.0640 2920 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
22:54:30.0765 2920 UsbserFilt - ok
22:54:30.0875 2920 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:54:31.0093 2920 USBSTOR - ok
22:54:31.0218 2920 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:54:31.0421 2920 usbuhci - ok
22:54:31.0593 2920 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
22:54:31.0875 2920 V124 - ok
22:54:32.0015 2920 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:54:32.0234 2920 VgaSave - ok
22:54:32.0312 2920 ViaIde - ok
22:54:32.0453 2920 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:54:32.0687 2920 VolSnap - ok
22:54:32.0796 2920 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:54:33.0015 2920 VSS - ok
22:54:33.0171 2920 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:54:33.0421 2920 W32Time - ok
22:54:33.0546 2920 wacmoumonitor (9a03558c37e919b9d6a50864aea0a168) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
22:54:33.0562 2920 wacmoumonitor - ok
22:54:33.0671 2920 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
22:54:33.0687 2920 wacommousefilter - ok
22:54:33.0812 2920 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
22:54:33.0828 2920 wacomvhid - ok
22:54:33.0906 2920 WacomVKHid - ok
22:54:34.0031 2920 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:54:34.0234 2920 Wanarp - ok
22:54:34.0375 2920 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:54:34.0453 2920 Wdf01000 - ok
22:54:34.0546 2920 WDICA - ok
22:54:34.0671 2920 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:54:34.0890 2920 wdmaud - ok
22:54:35.0000 2920 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:54:35.0218 2920 WebClient - ok
22:54:35.0281 2920 WebrootSpySweeperService - ok
22:54:35.0421 2920 winachsf (533adeb3b84c2e24d9a85d55f3d69955) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:54:35.0484 2920 winachsf - ok
22:54:35.0625 2920 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:54:35.0828 2920 winmgmt - ok
22:54:35.0890 2920 winpowermanager - ok
22:54:36.0031 2920 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
22:54:36.0109 2920 WLSetupSvc - ok
22:54:36.0234 2920 WmBEnum (bc3ecbcb40147bdae3ad2fd0b4b346d8) C:\WINDOWS\system32\drivers\WmBEnum.sys
22:54:36.0281 2920 WmBEnum - ok
22:54:36.0375 2920 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:54:36.0437 2920 WmdmPmSN - ok
22:54:36.0562 2920 WmFilter (19f9881d8b3484fedb605d0216876898) C:\WINDOWS\system32\drivers\WmFilter.sys
22:54:36.0609 2920 WmFilter - ok
22:54:36.0734 2920 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:54:36.0843 2920 Wmi - ok
22:54:36.0968 2920 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:54:37.0187 2920 WmiApSrv - ok
22:54:37.0312 2920 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:54:37.0390 2920 WMPNetworkSvc - ok
22:54:37.0562 2920 WmVirHid (7a51545a6409a25eedbdbd97d019e8cc) C:\WINDOWS\system32\drivers\WmVirHid.sys
22:54:37.0609 2920 WmVirHid - ok
22:54:37.0750 2920 WmXlCore (1f083b3bc73017e60c3ca85cf4a70753) C:\WINDOWS\system32\drivers\WmXlCore.sys
22:54:37.0781 2920 WmXlCore - ok
22:54:37.0921 2920 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:54:37.0953 2920 WpdUsb - ok
22:54:38.0078 2920 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:54:38.0312 2920 WS2IFSL - ok
22:54:38.0453 2920 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:54:38.0687 2920 wscsvc - ok
22:54:38.0765 2920 WTouchService (77a3988cf9b5848bcbc9fb6a79508a56) C:\Program Files\WTouch\WTouchService.exe
22:54:38.0781 2920 WTouchService - ok
22:54:38.0890 2920 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:54:39.0093 2920 wuauserv - ok
22:54:39.0218 2920 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:54:39.0265 2920 WudfPf - ok
22:54:39.0390 2920 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:54:39.0437 2920 WudfRd - ok
22:54:39.0546 2920 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
22:54:39.0578 2920 WudfSvc - ok
22:54:39.0718 2920 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:54:39.0984 2920 WZCSVC - ok
22:54:40.0109 2920 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:54:40.0328 2920 xmlprov - ok
22:54:40.0375 2920 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:54:40.0453 2920 \Device\Harddisk0\DR0 - ok
22:54:40.0468 2920 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:54:40.0531 2920 \Device\Harddisk1\DR1 - ok
22:54:40.0562 2920 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
22:54:40.0750 2920 \Device\Harddisk2\DR2 - ok
22:54:40.0765 2920 Boot (0x1200) (51e486b4bbd2b54718d1b283864656a9) \Device\Harddisk0\DR0\Partition0
22:54:40.0765 2920 \Device\Harddisk0\DR0\Partition0 - ok
22:54:40.0781 2920 Boot (0x1200) (0009e0c38338d497567a9e05094214e9) \Device\Harddisk1\DR1\Partition0
22:54:40.0781 2920 \Device\Harddisk1\DR1\Partition0 - ok
22:54:40.0796 2920 Boot (0x1200) (4af7f27a91d209f3c5b055b7915d12f7) \Device\Harddisk2\DR2\Partition0
22:54:40.0796 2920 \Device\Harddisk2\DR2\Partition0 - ok
22:54:40.0812 2920 ============================================================
22:54:40.0812 2920 Scan finished
22:54:40.0812 2920 ============================================================
22:54:40.0953 0732 Detected object count: 11
22:54:40.0953 0732 Actual detected object count: 11
22:55:56.0125 0732 cdudf_xp ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:56.0125 0732 cdudf_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:55:56.0125 0732 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:56.0125 0732 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:55:56.0125 0732 CTDevice_Srv ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:56.0125 0732 CTDevice_Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:55:56.0140 0732 CTUPnPSv ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:56.0140 0732 CTUPnPSv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:55:56.0156 0732 fasttx2k ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:56.0156 0732 fasttx2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:55:56.0156 0732 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:56.0156 0732 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:55:56.0171 0732 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:56.0171 0732 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:55:56.0187 0732 npkcrypt ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:56.0187 0732 npkcrypt ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:55:56.0187 0732 NPPTNT2 ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:56.0187 0732 NPPTNT2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:55:56.0203 0732 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:56.0203 0732 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:55:56.0343 0732 C:\WINDOWS\system32\drivers\UdfReadr_xp.sys - copied to quarantine
22:55:56.0359 0732 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\udfreadr_xp.sys) error 1813
22:55:56.0531 0732 Backup copy not found, trying to cure infected file..
22:55:56.0531 0732 C:\WINDOWS\system32\drivers\UdfReadr_xp.sys - Cure failed (FFFFFFFF)
22:55:56.0531 0732 C:\WINDOWS\system32\drivers\UdfReadr_xp.sys - processing error
22:56:01.0656 0732 UdfReadr_xp ( Virus.Win32.ZAccess.k ) - User select action: Cure
22:56:25.0718 3784 ============================================================
22:56:25.0718 3784 Scan started
22:56:25.0718 3784 Mode: Manual; SigCheck; TDLFS;
22:56:25.0718 3784 ============================================================
22:56:26.0046 3784 aawservice (17067069b9a7865028c1f2e6971d0ccc) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
22:56:26.0109 3784 aawservice - ok
22:56:26.0187 3784 Abiosdsk - ok
22:56:26.0281 3784 abp480n5 - ok
22:56:26.0406 3784 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:56:26.0625 3784 ACPI - ok
22:56:26.0734 3784 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:56:26.0968 3784 ACPIEC - ok
22:56:27.0109 3784 AdobeActiveFileMonitor7.0 (3fd8dc2c9735c2aa70155102cfb93eda) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
22:56:27.0125 3784 AdobeActiveFileMonitor7.0 - ok
22:56:27.0218 3784 adpu160m - ok
22:56:27.0328 3784 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
22:56:27.0359 3784 aeaudio - ok
22:56:27.0500 3784 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:56:27.0703 3784 aec - ok
22:56:27.0859 3784 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:56:27.0890 3784 AFD - ok
22:56:28.0031 3784 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:56:28.0250 3784 agp440 - ok
22:56:28.0343 3784 Aha154x - ok
22:56:28.0421 3784 aic78u2 - ok
22:56:28.0515 3784 aic78xx - ok
22:56:28.0625 3784 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:56:28.0828 3784 Alerter - ok
22:56:28.0921 3784 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:56:29.0125 3784 ALG - ok
22:56:29.0203 3784 AliIde - ok
22:56:29.0281 3784 amsint - ok
22:56:29.0421 3784 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:56:29.0437 3784 Apple Mobile Device - ok
22:56:29.0578 3784 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:56:29.0812 3784 AppMgmt - ok
22:56:29.0937 3784 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:56:30.0156 3784 Arp1394 - ok
22:56:30.0265 3784 asc - ok
22:56:30.0343 3784 asc3350p - ok
22:56:30.0421 3784 asc3550 - ok
22:56:30.0562 3784 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:56:30.0578 3784 aspnet_state - ok
22:56:30.0703 3784 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:56:30.0906 3784 AsyncMac - ok
22:56:31.0031 3784 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:56:31.0234 3784 atapi - ok
22:56:31.0296 3784 Atdisk - ok
22:56:31.0421 3784 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:56:31.0687 3784 Atmarpc - ok
22:56:31.0796 3784 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:56:32.0000 3784 AudioSrv - ok
22:56:32.0093 3784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:56:32.0328 3784 audstub - ok
22:56:32.0453 3784 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
22:56:32.0718 3784 basic2 - ok
22:56:32.0859 3784 bcm4sbxp (c0541cd42e39af45be203e677351f310) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
22:56:32.0875 3784 bcm4sbxp - ok
22:56:32.0984 3784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:56:33.0218 3784 Beep - ok
22:56:33.0328 3784 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:56:33.0562 3784 BITS - ok
22:56:33.0687 3784 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:56:33.0703 3784 Bonjour Service - ok
22:56:33.0812 3784 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:56:34.0031 3784 Browser - ok
22:56:34.0046 3784 catchme - ok
22:56:34.0171 3784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:56:34.0406 3784 cbidf2k - ok
22:56:34.0500 3784 cd20xrnt - ok
22:56:34.0609 3784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:56:34.0843 3784 Cdaudio - ok
22:56:34.0968 3784 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:56:35.0171 3784 Cdfs - ok
22:56:35.0296 3784 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
22:56:35.0312 3784 Cdr4_xp - ok
22:56:35.0406 3784 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
22:56:35.0421 3784 Cdralw2k - ok
22:56:35.0531 3784 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:56:35.0750 3784 Cdrom - ok
22:56:35.0875 3784 cdudf_xp (5cc1f217fbd3e0f0ac7e4042aa242ee0) C:\WINDOWS\system32\drivers\cdudf_xp.sys
22:56:35.0906 3784 cdudf_xp ( UnsignedFile.Multi.Generic ) - warning
22:56:35.0906 3784 cdudf_xp - detected UnsignedFile.Multi.Generic (1)
22:56:35.0984 3784 cfosspeed - ok
22:56:36.0062 3784 Changer - ok
22:56:36.0156 3784 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:56:36.0359 3784 CiSvc - ok
22:56:36.0484 3784 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:56:36.0671 3784 ClipSrv - ok
22:56:36.0781 3784 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:56:36.0796 3784 clr_optimization_v2.0.50727_32 - ok
22:56:36.0890 3784 CmdIde - ok
22:56:36.0953 3784 COMSysApp - ok
22:56:37.0046 3784 Cpqarray - ok
22:56:37.0156 3784 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\System32\CTsvcCDA.EXE
22:56:37.0156 3784 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
22:56:37.0156 3784 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
22:56:37.0265 3784 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:56:37.0484 3784 CryptSvc - ok
22:56:37.0609 3784 CTDevice_Srv (a5bea0e5c297f5f3835638a87e512fba) C:\Program Files\Creative\Shared Files\CTDevSrv.exe
22:56:37.0625 3784 CTDevice_Srv ( UnsignedFile.Multi.Generic ) - warning
22:56:37.0625 3784 CTDevice_Srv - detected UnsignedFile.Multi.Generic (1)
22:56:37.0781 3784 CTUPnPSv (8e26d772f53b7883a651e0e4a9598f21) C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
22:56:37.0812 3784 CTUPnPSv ( UnsignedFile.Multi.Generic ) - warning
22:56:37.0812 3784 CTUPnPSv - detected UnsignedFile.Multi.Generic (1)
22:56:37.0906 3784 dac2w2k - ok
22:56:37.0984 3784 dac960nt - ok
22:56:38.0109 3784 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:56:38.0187 3784 DcomLaunch - ok
22:56:38.0296 3784 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:56:38.0500 3784 Dhcp - ok
22:56:38.0625 3784 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:56:38.0828 3784 Disk - ok
22:56:38.0890 3784 dmadmin - ok
22:56:39.0015 3784 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:56:39.0250 3784 dmboot - ok
22:56:39.0390 3784 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:56:39.0593 3784 dmio - ok
22:56:39.0703 3784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:56:39.0968 3784 dmload - ok
22:56:40.0062 3784 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:56:40.0265 3784 dmserver - ok
22:56:40.0406 3784 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:56:40.0609 3784 DMusic - ok
22:56:40.0718 3784 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:56:40.0734 3784 Dnscache - ok
22:56:40.0890 3784 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:56:41.0109 3784 Dot3svc - ok
22:56:41.0234 3784 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
22:56:41.0453 3784 dot4 - ok
22:56:41.0609 3784 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
22:56:41.0859 3784 Dot4Print - ok
22:56:41.0968 3784 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
22:56:42.0203 3784 dot4usb - ok
22:56:42.0281 3784 dpti2o - ok
22:56:42.0406 3784 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:56:42.0609 3784 drmkaud - ok
22:56:42.0703 3784 dump_wmimmc - ok
22:56:42.0796 3784 dvd_2K - ok
22:56:42.0890 3784 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:56:43.0093 3784 EapHost - ok
22:56:43.0203 3784 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:56:43.0421 3784 ERSvc - ok
22:56:43.0578 3784 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:56:43.0640 3784 Eventlog - ok
22:56:43.0750 3784 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
22:56:43.0781 3784 EventSystem - ok
22:56:43.0921 3784 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
22:56:44.0125 3784 Fallback - ok
22:56:44.0250 3784 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:56:44.0468 3784 Fastfat - ok
22:56:44.0578 3784 fasttx2k (82f8a9ed1525202f720b9bb012449225) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
22:56:44.0609 3784 fasttx2k ( UnsignedFile.Multi.Generic ) - warning
22:56:44.0609 3784 fasttx2k - detected UnsignedFile.Multi.Generic (1)
22:56:44.0734 3784 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:56:44.0750 3784 FastUserSwitchingCompatibility - ok
22:56:44.0875 3784 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:56:45.0078 3784 Fdc - ok
22:56:45.0203 3784 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:56:45.0406 3784 Fips - ok
22:56:45.0500 3784 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:56:45.0562 3784 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:56:45.0562 3784 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:56:45.0687 3784 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:56:45.0906 3784 Flpydisk - ok
22:56:46.0031 3784 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:56:46.0234 3784 FltMgr - ok
22:56:46.0406 3784 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:56:46.0421 3784 FontCache3.0.0.0 - ok
22:56:46.0531 3784 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
22:56:46.0796 3784 Fsks - ok
22:56:46.0937 3784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:56:47.0171 3784 Fs_Rec - ok
22:56:47.0296 3784 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:56:47.0531 3784 Ftdisk - ok
22:56:47.0656 3784 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
22:56:47.0859 3784 gameenum - ok
22:56:47.0984 3784 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:56:48.0000 3784 GEARAspiWDM - ok
22:56:48.0078 3784 getPlusHelper (fd7e9aba274df75e08320420b8e9a1d5) C:\Program Files\NOS\bin\getPlus_Helper.dll
22:56:48.0093 3784 getPlusHelper - ok
22:56:48.0218 3784 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:56:48.0421 3784 Gpc - ok
22:56:48.0531 3784 gupdate1c9b7481c74f9ef (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
22:56:48.0546 3784 gupdate1c9b7481c74f9ef - ok
22:56:48.0578 3784 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
22:56:48.0593 3784 gupdatem - ok
22:56:48.0718 3784 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
22:56:48.0734 3784 hamachi - ok
22:56:48.0812 3784 Hamachi2Svc (fa89c0429821c7c429eec7a0ce1c02d3) F:\Gleep\minecraft\New Folder\hamachi-2.exe
22:56:48.0890 3784 Hamachi2Svc - ok
22:56:49.0015 3784 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:56:49.0218 3784 helpsvc - ok
22:56:49.0328 3784 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
22:56:49.0515 3784 HidServ - ok
22:56:49.0640 3784 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:56:49.0843 3784 HidUsb - ok
22:56:49.0937 3784 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:56:50.0140 3784 hkmsvc - ok
22:56:50.0218 3784 hpn - ok
22:56:50.0328 3784 HSFHWBS2 (127f6638eb09050f5a490bbd6507b37a) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:56:50.0359 3784 HSFHWBS2 - ok
22:56:50.0515 3784 HSF_DP (0ade6a9622ff72599ef2980036112f17) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:56:50.0578 3784 HSF_DP - ok
22:56:50.0796 3784 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
22:56:51.0031 3784 hsf_msft - ok
22:56:51.0156 3784 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:56:51.0187 3784 HTTP - ok
22:56:51.0281 3784 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:56:51.0500 3784 HTTPFilter - ok
22:56:51.0593 3784 i2omgmt - ok
22:56:51.0687 3784 i2omp - ok
22:56:51.0812 3784 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:56:52.0046 3784 i8042prt - ok
22:56:52.0218 3784 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:56:52.0234 3784 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:56:52.0234 3784 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:56:52.0437 3784 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:56:52.0484 3784 idsvc - ok
22:56:52.0687 3784 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:56:52.0890 3784 Imapi - ok
22:56:53.0000 3784 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:56:53.0203 3784 ImapiService - ok
22:56:53.0312 3784 ini910u - ok
22:56:53.0437 3784 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:56:53.0656 3784 IntelIde - ok
22:56:53.0765 3784 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:56:53.0968 3784 intelppm - ok
22:56:54.0093 3784 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:56:54.0312 3784 ip6fw - ok
22:56:54.0421 3784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:56:54.0656 3784 IpFilterDriver - ok
22:56:54.0796 3784 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:56:55.0000 3784 IpInIp - ok
22:56:55.0140 3784 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:56:55.0359 3784 IpNat - ok
22:56:55.0453 3784 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
22:56:55.0500 3784 iPod Service - ok
22:56:55.0625 3784 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:56:55.0828 3784 IPSec - ok
22:56:55.0953 3784 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:56:56.0156 3784 IRENUM - ok
22:56:56.0296 3784 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:56:56.0500 3784 isapnp - ok
22:56:56.0640 3784 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program Files\Java\jre6\bin\jqs.exe
22:56:56.0671 3784 JavaQuickStarterService - ok
22:56:56.0812 3784 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
22:56:57.0078 3784 K56 - ok
22:56:57.0234 3784 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:56:57.0421 3784 Kbdclass - ok
22:56:57.0578 3784 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:56:57.0781 3784 kbdhid - ok
22:56:57.0890 3784 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:56:58.0109 3784 kmixer - ok
22:56:58.0265 3784 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:56:58.0281 3784 KSecDD - ok
22:56:58.0390 3784 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:56:58.0421 3784 lanmanserver - ok
22:56:58.0578 3784 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:56:58.0609 3784 lanmanworkstation - ok
22:56:58.0703 3784 lbrtfdc - ok
22:56:58.0812 3784 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:56:59.0015 3784 LmHosts - ok
22:56:59.0140 3784 mdmxsdk (a1e9d936eac07ee9386e87bac1377fad) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:56:59.0156 3784 mdmxsdk - ok
22:56:59.0250 3784 MEMSWEEP2 - ok
22:56:59.0343 3784 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:56:59.0546 3784 Messenger - ok
22:56:59.0656 3784 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
22:56:59.0671 3784 mferkdk - ok
22:56:59.0796 3784 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
22:56:59.0812 3784 mfesmfk - ok
22:56:59.0906 3784 mmc_2K - ok
22:57:00.0015 3784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:57:00.0234 3784 mnmdd - ok
22:57:00.0343 3784 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
22:57:00.0531 3784 mnmsrvc - ok
22:57:00.0656 3784 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:57:00.0859 3784 Modem - ok
22:57:00.0968 3784 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:57:01.0187 3784 MODEMCSA - ok
22:57:01.0328 3784 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:57:01.0546 3784 Mouclass - ok
22:57:01.0671 3784 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:57:01.0890 3784 mouhid - ok
22:57:02.0000 3784 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:57:02.0218 3784 MountMgr - ok
22:57:02.0328 3784 mraid35x - ok
22:57:02.0453 3784 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:57:02.0687 3784 MRxDAV - ok
22:57:02.0828 3784 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:57:02.0875 3784 MRxSmb - ok
22:57:03.0000 3784 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
22:57:03.0218 3784 MSDTC - ok
22:57:03.0375 3784 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:57:03.0578 3784 Msfs - ok
22:57:03.0640 3784 MSIServer - ok
22:57:03.0734 3784 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:57:03.0953 3784 MSKSSRV - ok
22:57:04.0093 3784 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:57:04.0296 3784 MSPCLOCK - ok
22:57:04.0421 3784 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:57:04.0640 3784 MSPQM - ok
22:57:04.0781 3784 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:57:04.0984 3784 mssmbios - ok
22:57:05.0109 3784 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:57:05.0125 3784 Mup - ok
22:57:05.0218 3784 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:57:05.0437 3784 napagent - ok
22:57:05.0609 3784 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:57:05.0828 3784 NDIS - ok
22:57:05.0953 3784 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:57:05.0984 3784 NdisTapi - ok
22:57:06.0109 3784 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:57:06.0312 3784 Ndisuio - ok
22:57:06.0437 3784 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:57:06.0640 3784 NdisWan - ok
22:57:06.0781 3784 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:57:06.0812 3784 NDProxy - ok
22:57:06.0937 3784 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:57:07.0140 3784 NetBIOS - ok
22:57:07.0250 3784 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:57:07.0468 3784 NetBT - ok
22:57:07.0609 3784 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:57:07.0812 3784 NetDDE - ok
22:57:07.0828 3784 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:57:08.0031 3784 NetDDEdsdm - ok
22:57:08.0125 3784 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:57:08.0328 3784 Netlogon - ok
22:57:08.0421 3784 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:57:08.0656 3784 Netman - ok
22:57:08.0812 3784 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:57:08.0828 3784 NetTcpPortSharing - ok
22:57:08.0953 3784 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:57:09.0156 3784 NIC1394 - ok
22:57:09.0265 3784 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:57:09.0312 3784 Nla - ok
22:57:09.0437 3784 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
22:57:09.0546 3784 nmwcd - ok
22:57:09.0671 3784 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
22:57:09.0796 3784 nmwcdc - ok
22:57:09.0937 3784 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:57:10.0140 3784 Npfs - ok
22:57:10.0203 3784 npkcrypt (fd9666a8eb88e713c18e2e90f6e746d0) C:\Program Files\NEXON\MapleStory\npkcrypt.sys
22:57:10.0218 3784 npkcrypt ( UnsignedFile.Multi.Generic ) - warning
22:57:10.0218 3784 npkcrypt - detected UnsignedFile.Multi.Generic (1)
22:57:10.0328 3784 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
22:57:10.0343 3784 NPPTNT2 ( UnsignedFile.Multi.Generic ) - warning
22:57:10.0343 3784 NPPTNT2 - detected UnsignedFile.Multi.Generic (1)
22:57:10.0468 3784 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:57:10.0718 3784 Ntfs - ok
22:57:10.0875 3784 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
22:57:11.0078 3784 NtLmSsp - ok
22:57:11.0203 3784 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:57:11.0421 3784 NtmsSvc - ok
22:57:11.0531 3784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:57:11.0796 3784 Null - ok
22:57:12.0203 3784 nv (8c0456001b6900114bbb1c548bd8aaf5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:57:12.0578 3784 nv - ok
22:57:12.0703 3784 NVSvc (472a00d2183c9e5edb3e076272741812) C:\WINDOWS\system32\nvsvc32.exe
22:57:12.0734 3784 NVSvc - ok
22:57:12.0843 3784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:57:13.0093 3784 NwlnkFlt - ok
22:57:13.0187 3784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:57:13.0406 3784 NwlnkFwd - ok
22:57:13.0593 3784 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:57:13.0796 3784 ohci1394 - ok
22:57:13.0921 3784 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:57:14.0125 3784 Parport - ok
22:57:14.0250 3784 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:57:14.0453 3784 PartMgr - ok
22:57:14.0593 3784 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:57:14.0828 3784 ParVdm - ok
22:57:14.0937 3784 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
22:57:14.0968 3784 pccsmcfd - ok
22:57:15.0093 3784 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:57:15.0312 3784 PCI - ok
22:57:15.0406 3784 PCIDump - ok
22:57:15.0515 3784 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:57:15.0734 3784 PCIIde - ok
22:57:15.0875 3784 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:57:16.0125 3784 Pcmcia - ok
22:57:16.0250 3784 PCSUService (56e916d31fbc2d811d69c25e230f8f7e) C:\Program Files\PC Speed Up\PCSUService.exe
22:57:16.0265 3784 PCSUService - ok
22:57:16.0359 3784 PDCOMP - ok
22:57:16.0437 3784 PDFRAME - ok
22:57:16.0515 3784 pdiddcci - ok
22:57:16.0578 3784 PDRELI - ok
22:57:16.0656 3784 PDRFRAME - ok
22:57:16.0750 3784 perc2 - ok
22:57:16.0828 3784 perc2hib - ok
22:57:16.0937 3784 PfModNT - ok
22:57:17.0046 3784 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:57:17.0109 3784 PlugPlay - ok
22:57:17.0218 3784 Pml Driver HPZ12 (3cecda26586ca4db9be51241a6db7c3c) C:\WINDOWS\System32\HPZipm12.dll
22:57:17.0312 3784 Pml Driver HPZ12 - ok
22:57:17.0437 3784 Pnp680r (a1d7a9214b71ebbb6f31cb84aac15525) C:\WINDOWS\system32\DRIVERS\pnp680r.sys
22:57:17.0468 3784 Pnp680r - ok
22:57:17.0609 3784 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:57:17.0812 3784 PolicyAgent - ok
22:57:17.0937 3784 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:57:18.0140 3784 PptpMiniport - ok
22:57:18.0250 3784 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:57:18.0468 3784 Processor - ok
22:57:18.0609 3784 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:57:18.0812 3784 ProtectedStorage - ok
22:57:18.0937 3784 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:57:19.0156 3784 PSched - ok
22:57:19.0250 3784 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
22:57:19.0265 3784 PSI_SVC_2 - ok
22:57:19.0375 3784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:57:19.0609 3784 Ptilink - ok
22:57:19.0687 3784 pwd_2k - ok
22:57:19.0796 3784 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:57:19.0812 3784 PxHelp20 - ok
22:57:19.0906 3784 ql1080 - ok
22:57:20.0000 3784 Ql10wnt - ok
22:57:20.0078 3784 ql12160 - ok
22:57:20.0156 3784 ql1240 - ok
22:57:20.0250 3784 ql1280 - ok
22:57:20.0343 3784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:57:20.0562 3784 RasAcd - ok
22:57:20.0687 3784 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:57:20.0906 3784 RasAuto - ok
22:57:21.0031 3784 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:57:21.0234 3784 Rasl2tp - ok
22:57:21.0343 3784 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:57:21.0546 3784 RasMan - ok
22:57:21.0656 3784 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:57:21.0875 3784 RasPppoe - ok
22:57:22.0000 3784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:57:22.0218 3784 Raspti - ok
22:57:22.0375 3784 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:57:22.0562 3784 Rdbss - ok
22:57:22.0671 3784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:57:22.0890 3784 RDPCDD - ok
22:57:23.0046 3784 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:57:23.0265 3784 rdpdr - ok
22:57:23.0406 3784 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:57:23.0453 3784 RDPWD - ok
22:57:23.0562 3784 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:57:23.0765 3784 RDSessMgr - ok
22:57:23.0890 3784 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:57:24.0093 3784 redbook - ok
22:57:24.0203 3784 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:57:24.0421 3784 RemoteAccess - ok
22:57:24.0546 3784 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:57:24.0765 3784 RemoteRegistry - ok
22:57:24.0843 3784 RimSerPort - ok
22:57:24.0921 3784 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
22:57:24.0953 3784 RimUsb - ok
22:57:25.0078 3784 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
22:57:25.0093 3784 RimVSerPort - ok
22:57:25.0234 3784 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
22:57:25.0484 3784 Rksample - ok
22:57:25.0625 3784 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
22:57:25.0843 3784 ROOTMODEM - ok
22:57:25.0984 3784 Roxio UPnP Renderer 9 (afd61a7c48a3e15c86a6fadf0b69a2e4) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
22:57:26.0000 3784 Roxio UPnP Renderer 9 - ok
22:57:26.0140 3784 Roxio Upnp Server 9 (efbb36e2bb02169d26e9980778fc20d3) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
22:57:26.0171 3784 Roxio Upnp Server 9 - ok
22:57:26.0328 3784 RoxLiveShare9 (78e680a105f47b6aa0003bd23ed9fa51) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
22:57:26.0359 3784 RoxLiveShare9 - ok
22:57:26.0578 3784 RoxMediaDB9 (9d5c024170c376d7cc66ed853fda9068) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
22:57:26.0640 3784 RoxMediaDB9 - ok
22:57:26.0796 3784 RoxWatch9 (87f175539dbba297018aa7fcdd563ff7) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
22:57:26.0812 3784 RoxWatch9 - ok
22:57:26.0937 3784 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
22:57:27.0125 3784 RpcLocator - ok
22:57:27.0265 3784 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
22:57:27.0343 3784 RpcSs - ok
22:57:27.0437 3784 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
22:57:27.0625 3784 RSVP - ok
22:57:27.0718 3784 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:57:27.0921 3784 SamSs - ok
22:57:28.0031 3784 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:57:28.0250 3784 SCardSvr - ok
22:57:28.0359 3784 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:57:28.0578 3784 Schedule - ok
22:57:28.0703 3784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:57:28.0921 3784 Secdrv - ok
22:57:29.0031 3784 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:57:29.0250 3784 seclogon - ok
22:57:29.0343 3784 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:57:29.0546 3784 SENS - ok
22:57:29.0671 3784 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:57:29.0890 3784 serenum - ok
22:57:30.0000 3784 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:57:30.0203 3784 Serial - ok
22:57:30.0312 3784 ServiceLayer (d0d2ff6132db177a5192891a8cc9578c) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
22:57:30.0375 3784 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
22:57:30.0375 3784 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
22:57:30.0531 3784 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:57:30.0734 3784 Sfloppy - ok
22:57:30.0843 3784 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:57:31.0093 3784 SharedAccess - ok
22:57:31.0203 3784 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:57:31.0218 3784 ShellHWDetection - ok
22:57:31.0296 3784 Simbad - ok
22:57:31.0437 3784 smwdm (564f8e5b3c0860bd18be78cabcfd5cca) C:\WINDOWS\system32\drivers\smwdm.sys
22:57:31.0484 3784 smwdm - ok
22:57:31.0625 3784 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
22:57:31.0890 3784 SoftFax - ok
22:57:31.0984 3784 Sparrow - ok
22:57:32.0093 3784 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:57:32.0312 3784 splitter - ok
22:57:32.0406 3784 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:57:32.0437 3784 Spooler - ok
22:57:32.0593 3784 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:57:32.0812 3784 sr - ok
22:57:32.0937 3784 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:57:33.0140 3784 srservice - ok
22:57:33.0265 3784 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:57:33.0343 3784 Srv - ok
22:57:33.0453 3784 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:57:33.0671 3784 SSDPSRV - ok
22:57:33.0765 3784 SSKBFD (8564bc9598be1705477b7fa61d657c2b) C:\WINDOWS\system32\Drivers\sskbfd.sys
22:57:33.0781 3784 SSKBFD - ok
22:57:33.0906 3784 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:57:34.0140 3784 stisvc - ok
22:57:34.0265 3784 StreamDispatcher (0aaf9a073b37eda0f479a6aae76b0fbf) C:\WINDOWS\system32\DRIVERS\strmdisp.sys
22:57:34.0281 3784 StreamDispatcher - ok
22:57:34.0421 3784 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:57:34.0609 3784 swenum - ok
22:57:34.0734 3784 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:57:34.0953 3784 swmidi - ok
22:57:35.0031 3784 SwPrv - ok
22:57:35.0093 3784 symc810 - ok
22:57:35.0171 3784 symc8xx - ok
22:57:35.0265 3784 sym_hi - ok
22:57:35.0359 3784 sym_u3 - ok
22:57:35.0484 3784 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:57:35.0687 3784 sysaudio - ok
22:57:35.0796 3784 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:57:36.0046 3784 SysmonLog - ok
22:57:36.0375 3784 TabletServicePen (099aee120cac4a43ce307a828998392f) C:\WINDOWS\system32\Pen_Tablet.exe
22:57:36.0593 3784 TabletServicePen - ok
22:57:36.0812 3784 TabletServiceWacom (7d81434924c4947dc29c00848e2a0029) C:\WINDOWS\system32\Wacom_Tablet.exe
22:57:36.0968 3784 TabletServiceWacom - ok
22:57:37.0093 3784 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:57:37.0312 3784 TapiSrv - ok
22:57:37.0453 3784 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:57:37.0484 3784 Tcpip - ok
22:57:37.0640 3784 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:57:37.0859 3784 TDPIPE - ok
22:57:38.0000 3784 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:57:38.0203 3784 TDTCP - ok
22:57:38.0328 3784 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:57:38.0531 3784 TermDD - ok
22:57:38.0671 3784 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:57:38.0890 3784 TermService - ok
22:57:39.0015 3784 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:57:39.0031 3784 Themes - ok
22:57:39.0140 3784 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
22:57:39.0359 3784 TlntSvr - ok
22:57:39.0500 3784 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
22:57:39.0734 3784 Tones - ok
22:57:39.0828 3784 TosIde - ok
22:57:39.0921 3784 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:57:40.0140 3784 TrkWks - ok
22:57:40.0281 3784 UdfReadr_xp (3a28afb82559b2cb4d6bf51e6ccd6678) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
22:57:40.0281 3784 UdfReadr_xp ( Virus.Win32.ZAccess.k ) - infected
22:57:40.0281 3784 UdfReadr_xp - detected Virus.Win32.ZAccess.k (0)
22:57:40.0421 3784 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:57:40.0625 3784 Udfs - ok
22:57:40.0718 3784 ultra - ok
22:57:40.0843 3784 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:57:41.0078 3784 Update - ok
22:57:41.0187 3784 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:57:41.0406 3784 upnphost - ok
22:57:41.0546 3784 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
22:57:41.0656 3784 upperdev - ok
22:57:41.0765 3784 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:57:41.0968 3784 UPS - ok
22:57:42.0109 3784 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:57:42.0140 3784 USBAAPL - ok
22:57:42.0250 3784 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:57:42.0468 3784 usbccgp - ok
22:57:42.0609 3784 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:57:42.0828 3784 usbehci - ok
22:57:42.0968 3784 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:57:43.0171 3784 usbhub - ok
22:57:43.0296 3784 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:57:43.0515 3784 usbprint - ok
22:57:43.0703 3784 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:57:43.0906 3784 usbscan - ok
22:57:44.0031 3784 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
22:57:44.0234 3784 usbser - ok
22:57:44.0375 3784 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
22:57:44.0500 3784 UsbserFilt - ok
22:57:44.0640 3784 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:57:44.0843 3784 USBSTOR - ok
22:57:44.0984 3784 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:57:45.0187 3784 usbuhci - ok
22:57:45.0328 3784 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
22:57:45.0562 3784 V124 - ok
22:57:45.0671 3784 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:57:45.0906 3784 VgaSave - ok
22:57:45.0984 3784 ViaIde - ok
22:57:46.0109 3784 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:57:46.0312 3784 VolSnap - ok
22:57:46.0437 3784 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:57:46.0671 3784 VSS - ok
22:57:46.0796 3784 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:57:47.0015 3784 W32Time - ok
22:57:47.0156 3784 wacmoumonitor (9a03558c37e919b9d6a50864aea0a168) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
22:57:47.0171 3784 wacmoumonitor - ok
22:57:47.0296 3784 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
22:57:47.0312 3784 wacommousefilter - ok
22:57:47.0421 3784 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
22:57:47.0437 3784 wacomvhid - ok
22:57:47.0531 3784 WacomVKHid - ok
22:57:47.0671 3784 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:57:47.0921 3784 Wanarp - ok
22:57:48.0062 3784 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:57:48.0093 3784 Wdf01000 - ok
22:57:48.0171 3784 WDICA - ok
22:57:48.0312 3784 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:57:48.0515 3784 wdmaud - ok
22:57:48.0718 3784 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:57:48.0921 3784 WebClient - ok
22:57:48.0984 3784 WebrootSpySweeperService - ok
22:57:49.0125 3784 winachsf (533adeb3b84c2e24d9a85d55f3d69955) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:57:49.0187 3784 winachsf - ok
22:57:49.0312 3784 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:57:49.0515 3784 winmgmt - ok
22:57:49.0578 3784 winpowermanager - ok
22:57:49.0718 3784 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
22:57:49.0734 3784 WLSetupSvc - ok
22:57:49.0859 3784 WmBEnum (bc3ecbcb40147bdae3ad2fd0b4b346d8) C:\WINDOWS\system32\drivers\WmBEnum.sys
22:57:49.0875 3784 WmBEnum - ok
22:57:49.0984 3784 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:57:50.0000 3784 WmdmPmSN - ok
22:57:50.0125 3784 WmFilter (19f9881d8b3484fedb605d0216876898) C:\WINDOWS\system32\drivers\WmFilter.sys
22:57:50.0140 3784 WmFilter - ok
22:57:50.0265 3784 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:57:50.0359 3784 Wmi - ok
22:57:50.0484 3784 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:57:50.0671 3784 WmiApSrv - ok
22:57:50.0796 3784 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:57:50.0843 3784 WMPNetworkSvc - ok
22:57:51.0000 3784 WmVirHid (7a51545a6409a25eedbdbd97d019e8cc) C:\WINDOWS\system32\drivers\WmVirHid.sys
22:57:51.0015 3784 WmVirHid - ok
22:57:51.0156 3784 WmXlCore (1f083b3bc73017e60c3ca85cf4a70753) C:\WINDOWS\system32\drivers\WmXlCore.sys
22:57:51.0171 3784 WmXlCore - ok
22:57:51.0296 3784 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:57:51.0312 3784 WpdUsb - ok
22:57:51.0421 3784 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:57:51.0625 3784 WS2IFSL - ok
22:57:51.0734 3784 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:57:51.0937 3784 wscsvc - ok
22:57:52.0000 3784 WTouchService (77a3988cf9b5848bcbc9fb6a79508a56) C:\Program Files\WTouch\WTouchService.exe
22:57:52.0015 3784 WTouchService - ok
22:57:52.0156 3784 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:57:52.0343 3784 wuauserv - ok
22:57:52.0468 3784 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:57:52.0500 3784 WudfPf - ok
22:57:52.0656 3784 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:57:52.0671 3784 WudfRd - ok
22:57:52.0812 3784 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
22:57:52.0828 3784 WudfSvc - ok
22:57:53.0000 3784 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:57:53.0218 3784 WZCSVC - ok
22:57:53.0312 3784 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:57:53.0515 3784 xmlprov - ok
22:57:53.0562 3784 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:57:53.0593 3784 \Device\Harddisk0\DR0 - ok
22:57:53.0609 3784 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:57:53.0625 3784 \Device\Harddisk1\DR1 - ok
22:57:53.0656 3784 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
22:57:53.0890 3784 \Device\Harddisk2\DR2 - ok
22:57:53.0906 3784 Boot (0x1200) (51e486b4bbd2b54718d1b283864656a9) \Device\Harddisk0\DR0\Partition0
22:57:53.0906 3784 \Device\Harddisk0\DR0\Partition0 - ok
22:57:53.0921 3784 Boot (0x1200) (0009e0c38338d497567a9e05094214e9) \Device\Harddisk1\DR1\Partition0
22:57:53.0921 3784 \Device\Harddisk1\DR1\Partition0 - ok
22:57:53.0953 3784 Boot (0x1200) (4af7f27a91d209f3c5b055b7915d12f7) \Device\Harddisk2\DR2\Partition0
22:57:53.0953 3784 \Device\Harddisk2\DR2\Partition0 - ok
22:57:53.0953 3784 ============================================================
22:57:53.0953 3784 Scan finished
22:57:53.0953 3784 ============================================================
22:57:53.0984 3684 Detected object count: 11
22:57:53.0984 3684 Actual detected object count: 11
22:58:58.0281 3684 cdudf_xp ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:58.0281 3684 cdudf_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:58.0281 3684 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:58.0281 3684 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:58.0281 3684 CTDevice_Srv ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:58.0281 3684 CTDevice_Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:58.0281 3684 CTUPnPSv ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:58.0281 3684 CTUPnPSv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:58.0296 3684 fasttx2k ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:58.0296 3684 fasttx2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:58.0296 3684 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:58.0296 3684 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:58.0312 3684 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:58.0312 3684 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:58.0328 3684 npkcrypt ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:58.0328 3684 npkcrypt ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:58.0328 3684 NPPTNT2 ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:58.0328 3684 NPPTNT2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:58.0343 3684 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:58.0343 3684 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:58.0468 3684 C:\WINDOWS\system32\drivers\UdfReadr_xp.sys - copied to quarantine
22:58:58.0484 3684 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\udfreadr_xp.sys) error 1813
22:58:58.0562 3684 Backup copy not found, trying to cure infected file..
22:58:58.0562 3684 C:\WINDOWS\system32\drivers\UdfReadr_xp.sys - Cure failed (FFFFFFFF)
22:58:58.0562 3684 C:\WINDOWS\system32\drivers\UdfReadr_xp.sys - processing error
22:59:04.0031 3684 UdfReadr_xp ( Virus.Win32.ZAccess.k ) - User select action: Cure
  • 0

#6
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

1. Close any open browsers.

2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

AtJob::

File:: 
c:\windows\system32\drivers\UdfReadr_xp.sys
c:\windows\system32\FXUxT232.com
 
Folder:: 
c:\windows\$NtUninstallKB56600$

Driver::
DCamUSBGrandTek
 
NetSvc::
DCamUSBGrandTek

MIA::
c:\windows\system32\drivers\UdfReadr_xp.sys


Save this as CFScript.txt, in the same location as ComboFix.exe.


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Things I want to see in your next reply

  • ComboFix.txt

  • 0

#7
Wassertor

Wassertor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello

I have done the latest Combofix run with the enclosed script. The contents of Combofix.txt is as follows:

ComboFix 12-04-10.02 - Jerri 04/12/2012 23:15:11.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1155 [GMT -7:00]
Running from: c:\documents and settings\Jerri\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jerri\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\drivers\UdfReadr_xp.sys"
"c:\windows\system32\FXUxT232.com"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-11 21:09 . 2012-03-23 05:14 84992 ----a-w- c:\windows\system32\FXUxT232.com_
2012-04-11 05:55 . 2012-04-11 05:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-20 01:05 . 2012-03-20 01:05 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-20 01:05 . 2012-03-20 01:05 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 05:33 . 2011-08-14 15:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2002-08-29 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2004-10-01 23:00 . 2006-01-04 02:58 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2004-07-01 05:46 . 2004-07-01 05:45 150192 ----a-w- c:\program files\TweakUiPowertoySetup.exe
2003-01-26 06:52 . 2003-01-26 06:27 6431137 ----a-w- c:\program files\Eudora5.2.exe
2012-03-20 01:05 . 2011-05-08 04:50 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-11_05.36.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-13 06:12 . 2012-04-13 06:12 16384 c:\windows\Temp\Perflib_Perfdata_1b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [2001-12-23 4608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-09 32768]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-03-17 102400]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-06-21 684032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="f:\itunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"LogMeIn Hamachi Ui"="f:\gleep\minecraft\New Folder\hamachi-2-ui.exe" [2012-02-29 1987976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe" [2011-12-06 234656]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\progra~1\Qualcomm\Eudora\EuShlExt.dll" [2002-10-23 86016]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 1:03 PM 169312]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;f:\gleep\minecraft\New Folder\hamachi-2.exe [2/28/2012 6:38 PM 1373576]
R2 PCSUService;PC Speed Up Service;c:\program files\PC Speed Up\PCSUService.exe [12/5/2011 7:32 PM 233184]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2/15/2012 10:39 PM 4497704]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [12/26/2009 4:22 PM 2789672]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2/15/2012 10:39 PM 113448]
S2 gupdate1c9b7481c74f9ef;Google Update Service (gupdate1c9b7481c74f9ef);c:\program files\Google\Update\GoogleUpdate.exe [4/6/2009 11:14 PM 133104]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [5/21/2008 4:42 AM 64000]
S3 dump_wmimmc;dump_wmimmc;\??\c:\windows\system32\drivers\dump_wmimmc.sys --> c:\windows\system32\drivers\dump_wmimmc.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/6/2009 11:14 PM 133104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\D.tmp --> c:\windows\system32\D.tmp [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [12/26/2009 4:22 PM 15656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
winpowermanager
incdsrv
cfosspeed
RimSerPort
tpsrv
mediamaxxlservice
pdiddcci
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2012-04-03 c:\windows\Tasks\At10.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At12.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At14.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At16.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At18.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At2.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At20.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At22.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-12 c:\windows\Tasks\At24.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-12 c:\windows\Tasks\At26.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-02 c:\windows\Tasks\At28.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-11 c:\windows\Tasks\At30.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-09 c:\windows\Tasks\At32.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-08 c:\windows\Tasks\At34.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-09 c:\windows\Tasks\At36.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-04 c:\windows\Tasks\At38.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At4.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-12 c:\windows\Tasks\At40.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-12 c:\windows\Tasks\At42.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-12 c:\windows\Tasks\At44.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-11 c:\windows\Tasks\At46.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-11 c:\windows\Tasks\At48.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At50.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At52.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At54.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At56.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At58.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At6.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At60.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At62.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At64.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At66.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At68.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At70.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-12 c:\windows\Tasks\At72.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-12 c:\windows\Tasks\At74.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-02 c:\windows\Tasks\At76.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-11 c:\windows\Tasks\At78.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At8.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-09 c:\windows\Tasks\At80.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-08 c:\windows\Tasks\At82.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-09 c:\windows\Tasks\At84.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-04 c:\windows\Tasks\At86.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-12 c:\windows\Tasks\At88.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-12 c:\windows\Tasks\At90.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-12 c:\windows\Tasks\At92.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-11 c:\windows\Tasks\At94.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-11 c:\windows\Tasks\At96.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-12 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 06:14]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 06:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?0fc636fde303460c936a4ccc29b35817
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?0fc636fde303460c936a4ccc29b35817
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Handler: ms-its50 - {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss50.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jerri\Application Data\Mozilla\Firefox\Profiles\v50mc64d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-12 23:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\D.tmp"
.
Completion time: 2012-04-12 23:36:15
ComboFix-quarantined-files.txt 2012-04-13 06:35
.
Pre-Run: 9,264,054,272 bytes free
Post-Run: 9,274,900,480 bytes free
.
- - End Of File - - 30FDBADD3DB7FF101D3A72295DFEE169

Many thanks

Wassertor
  • 0

#8
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

1. Close any open browsers.

2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

AtJob::

File::
c:\windows\system32\FXUxT232.com_


Save this as CFScript.txt, in the same location as ComboFix.exe.


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Step 2

Please uninstall and then reinstall Easy CD Creator 5 Basic as a driver related to the program was infected and had to be deleted.


Things I want to see in your next reply

  • ComboFix.txt

  • 0

#9
Wassertor

Wassertor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello Nedklaw

Thank you for the latest

Combofix.txt as follows:

ComboFix 12-04-10.02 - Jerri 04/13/2012 23:23:25.3.1 - x86
Running from: c:\documents and settings\Jerri\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jerri\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\FXUxT232.com_"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-11 21:09 . 2012-03-23 05:14 84992 ----a-w- c:\windows\system32\FXUxT232.com_
2012-04-11 05:55 . 2012-04-11 05:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-20 01:05 . 2012-03-20 01:05 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-20 01:05 . 2012-03-20 01:05 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 05:33 . 2011-08-14 15:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-29 14:10 . 2002-08-29 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-08-29 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-28 18:50 . 2006-06-23 19:33 667136 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 18:50 . 2002-08-29 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-02-28 18:50 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2012-02-28 13:50 . 2004-08-04 05:59 369664 ------w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2002-08-29 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2004-10-01 23:00 . 2006-01-04 02:58 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2004-07-01 05:46 . 2004-07-01 05:45 150192 ----a-w- c:\program files\TweakUiPowertoySetup.exe
2003-01-26 06:52 . 2003-01-26 06:27 6431137 ----a-w- c:\program files\Eudora5.2.exe
2012-03-20 01:05 . 2011-05-08 04:50 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-11_05.36.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-14 06:20 . 2012-04-14 06:20 16384 c:\windows\Temp\Perflib_Perfdata_730.dat
- 2002-08-29 12:00 . 2011-12-19 08:53 37888 c:\windows\system32\url.dll
+ 2002-08-29 12:00 . 2012-02-28 18:50 37888 c:\windows\system32\url.dll
+ 2002-08-29 12:00 . 2012-04-13 06:58 74452 c:\windows\system32\perfc009.dat
- 2002-08-29 12:00 . 2012-03-12 06:10 74452 c:\windows\system32\perfc009.dat
- 2011-06-21 18:18 . 2011-12-19 08:53 37888 c:\windows\system32\dllcache\url.dll
+ 2011-06-21 18:18 . 2012-02-28 18:50 37888 c:\windows\system32\dllcache\url.dll
+ 2009-04-29 04:46 . 2012-02-28 18:50 81920 c:\windows\system32\dllcache\ieencode.dll
- 2009-04-29 04:46 . 2011-12-19 08:53 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2012-04-14 03:18 . 2012-04-14 03:18 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\36124bfc4baaa1c2063d699e77324080\System.Web.DynamicData.Design.ni.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-04-13 06:58 . 2012-04-13 06:58 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-04-13 06:58 . 2012-04-13 06:58 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-04-13 06:58 . 2012-04-13 06:58 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-02-25 09:21 . 2012-02-25 09:21 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2006-08-31 04:42 . 2011-12-19 08:53 633344 c:\windows\system32\urlmon.dll
+ 2006-08-31 04:42 . 2012-02-28 18:50 633344 c:\windows\system32\urlmon.dll
- 2002-08-29 12:00 . 2012-03-12 06:10 448596 c:\windows\system32\perfh009.dat
+ 2002-08-29 12:00 . 2012-04-13 06:58 448596 c:\windows\system32\perfh009.dat
- 2002-08-29 12:00 . 2011-12-19 08:53 532480 c:\windows\system32\mstime.dll
+ 2002-08-29 12:00 . 2012-02-28 18:50 532480 c:\windows\system32\mstime.dll
+ 2002-08-29 12:00 . 2012-02-28 18:50 449536 c:\windows\system32\mshtmled.dll
- 2002-08-29 12:00 . 2011-12-19 08:53 449536 c:\windows\system32\mshtmled.dll
+ 2002-08-29 12:00 . 2012-02-28 18:50 251904 c:\windows\system32\iepeers.dll
- 2002-08-29 12:00 . 2011-12-19 08:53 251904 c:\windows\system32\iepeers.dll
- 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2009-12-24 06:59 . 2012-02-29 14:10 177664 c:\windows\system32\dllcache\wintrust.dll
- 2008-04-21 06:44 . 2011-12-19 08:53 667136 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-21 06:44 . 2012-02-28 18:50 667136 c:\windows\system32\dllcache\wininet.dll
- 2009-02-05 04:53 . 2011-12-19 08:53 633344 c:\windows\system32\dllcache\urlmon.dll
+ 2009-02-05 04:53 . 2012-02-28 18:50 633344 c:\windows\system32\dllcache\urlmon.dll
- 2010-11-05 05:05 . 2011-12-19 08:53 532480 c:\windows\system32\dllcache\mstime.dll
+ 2010-11-05 05:05 . 2012-02-28 18:50 532480 c:\windows\system32\dllcache\mstime.dll
- 2010-09-09 14:16 . 2011-12-19 08:53 449536 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-09-09 14:16 . 2012-02-28 18:50 449536 c:\windows\system32\dllcache\mshtmled.dll
+ 2012-02-29 14:10 . 2012-02-29 14:10 148480 c:\windows\system32\dllcache\imagehlp.dll
+ 2010-02-26 05:43 . 2012-02-28 18:50 251904 c:\windows\system32\dllcache\iepeers.dll
- 2010-02-26 05:43 . 2011-12-19 08:53 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2012-01-31 10:38 . 2012-01-31 10:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-02-03 06:56 . 2012-02-03 06:56 963584 c:\windows\Installer\279534.msp
+ 2012-04-14 03:15 . 2012-04-14 03:15 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\5be064066858620a8aa628fca459a888\WindowsFormsIntegration.ni.dll
+ 2012-04-14 03:18 . 2012-04-14 03:18 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\1107b3a711bab40c83e2561ba2431d62\System.Web.Routing.ni.dll
+ 2012-04-14 03:18 . 2012-04-14 03:18 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d7c8c294920cfe79765215e242308d28\System.Web.Extensions.Design.ni.dll
+ 2012-04-14 03:18 . 2012-04-14 03:18 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\5176923a8264305118a299419e1c7bde\System.Web.Entity.ni.dll
+ 2012-04-14 03:18 . 2012-04-14 03:18 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d746c0f0ed36226efb2e0115de42cdd6\System.Web.Entity.Design.ni.dll
+ 2012-04-14 03:18 . 2012-04-14 03:18 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\df5542604898c9ea3fda32c8619ae0e5\System.Web.DynamicData.ni.dll
+ 2012-04-14 03:18 . 2012-04-14 03:18 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\b9c8715157536097b489132574ad5c17\System.Web.Abstractions.ni.dll
+ 2012-04-14 03:18 . 2012-04-14 03:18 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll
+ 2012-04-14 03:14 . 2012-04-14 03:14 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\cc2cd3bc46c9c2b30e47281e404a3230\System.Drawing.Design.ni.dll
+ 2012-04-14 03:17 . 2012-04-14 03:17 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\8d6cd6a93f679608d52b6c874088b963\AspNetMMCExt.ni.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-04-13 06:58 . 2012-04-13 06:58 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-04-13 06:58 . 2012-04-13 06:58 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-13 06:58 . 2012-04-13 06:58 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-13 06:58 . 2012-04-13 06:58 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-04-13 06:58 . 2012-04-13 06:58 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-04-13 06:58 . 2012-04-13 06:58 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2006-09-04 06:23 . 2011-12-19 08:53 1510400 c:\windows\system32\shdocvw.dll
+ 2006-09-04 06:23 . 2012-02-28 18:50 1510400 c:\windows\system32\shdocvw.dll
+ 2006-06-30 18:28 . 2012-02-28 18:50 3087872 c:\windows\system32\mshtml.dll
- 2009-02-05 04:53 . 2011-12-19 08:53 1510400 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-02-05 04:53 . 2012-02-28 18:50 1510400 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-04-21 06:44 . 2012-02-28 18:50 3087872 c:\windows\system32\dllcache\mshtml.dll
- 2010-03-10 04:33 . 2011-12-19 08:53 1025024 c:\windows\system32\dllcache\browseui.dll
+ 2010-03-10 04:33 . 2012-02-28 18:50 1025024 c:\windows\system32\dllcache\browseui.dll
- 2006-09-04 06:23 . 2011-12-19 08:53 1025024 c:\windows\system32\browseui.dll
+ 2006-09-04 06:23 . 2012-02-28 18:50 1025024 c:\windows\system32\browseui.dll
+ 2012-04-14 03:19 . 2012-04-14 03:19 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\d31d2eb0a862d3c1d3561be5f1570c3e\System.WorkflowServices.ni.dll
+ 2012-04-14 03:19 . 2012-04-14 03:19 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\53c2336db392bfa5484850780048e37a\System.Workflow.ComponentModel.ni.dll
+ 2012-04-14 03:19 . 2012-04-14 03:19 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\f243723cda77dd647b250dd9c42c35e2\System.Workflow.Activities.ni.dll
+ 2012-04-14 03:18 . 2012-04-14 03:18 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d1dacd5cb445b242b70bf7d606464293\System.Web.Mobile.ni.dll
+ 2012-04-14 03:18 . 2012-04-14 03:18 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6acbb8bb1a43fab0fdcf55bedd1fbcc3\System.Web.Extensions.ni.dll
+ 2012-04-14 03:14 . 2012-04-14 03:14 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\44d507a702c1623810e094adf751f687\System.Printing.ni.dll
+ 2012-04-14 03:14 . 2012-04-14 03:14 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
+ 2012-04-14 03:18 . 2012-04-14 03:18 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3d253a2235f7c03630003bc1fbaf34a3\System.Deployment.ni.dll
+ 2012-04-14 03:14 . 2012-04-14 03:14 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\c73e109dbac6b099786cc68fe36e3d0b\ReachFramework.ni.dll
+ 2012-04-14 03:14 . 2012-04-14 03:14 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\20d72aeac1109863b77532d37d3f4fa2\PresentationUI.ni.dll
+ 2012-04-14 03:18 . 2012-04-14 03:18 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c\Microsoft.VisualBasic.ni.dll
+ 2012-04-14 03:17 . 2012-04-14 03:17 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\876b7280cf4e81fd65b120f60d38a7d9\Microsoft.Build.Tasks.ni.dll
+ 2012-04-14 03:17 . 2012-04-14 03:17 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\64ba53308e90fa3837fe47977e2d37b6\Microsoft.Build.Tasks.v3.5.ni.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-04-13 06:58 . 2012-04-13 06:58 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-02-25 09:21 . 2012-02-25 09:21 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-04-13 06:57 . 2012-04-13 06:57 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-04-13 06:58 . 2012-04-13 06:58 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-13 06:58 . 2012-04-13 06:58 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-02-25 09:22 . 2012-02-25 09:22 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2007-12-01 20:33 . 2012-04-13 06:51 55154568 c:\windows\system32\MRT.exe
+ 2012-04-14 03:15 . 2012-04-14 03:15 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
+ 2012-04-14 03:18 . 2012-04-14 03:18 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
+ 2012-04-14 03:14 . 2012-04-14 03:14 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\561138d8d199861578c197c4d24e3934\System.Design.ni.dll
+ 2012-04-14 03:13 . 2012-04-14 03:13 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\029d1d9e6495065aa4f38bcf2315ee8c\PresentationFramework.ni.dll
+ 2012-04-14 03:13 . 2012-04-14 03:13 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0a059ecfca6e421629a8298b03a7814c\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [2001-12-23 4608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-09 32768]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-03-17 102400]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-06-21 684032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="f:\itunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"LogMeIn Hamachi Ui"="f:\gleep\minecraft\New Folder\hamachi-2-ui.exe" [2012-02-29 1987976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe" [2011-12-06 234656]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\progra~1\Qualcomm\Eudora\EuShlExt.dll" [2002-10-23 86016]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 1:03 PM 169312]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;f:\gleep\minecraft\New Folder\hamachi-2.exe [2/28/2012 6:38 PM 1373576]
R2 PCSUService;PC Speed Up Service;c:\program files\PC Speed Up\PCSUService.exe [12/5/2011 7:32 PM 233184]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2/15/2012 10:39 PM 4497704]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [12/26/2009 4:22 PM 2789672]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2/15/2012 10:39 PM 113448]
S2 gupdate1c9b7481c74f9ef;Google Update Service (gupdate1c9b7481c74f9ef);c:\program files\Google\Update\GoogleUpdate.exe [4/6/2009 11:14 PM 133104]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [5/21/2008 4:42 AM 64000]
S3 dump_wmimmc;dump_wmimmc;\??\c:\windows\system32\drivers\dump_wmimmc.sys --> c:\windows\system32\drivers\dump_wmimmc.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/6/2009 11:14 PM 133104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\D.tmp --> c:\windows\system32\D.tmp [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [12/26/2009 4:22 PM 15656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
winpowermanager
incdsrv
cfosspeed
RimSerPort
tpsrv
mediamaxxlservice
pdiddcci
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2012-04-03 c:\windows\Tasks\At10.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At12.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At14.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At16.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At18.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At2.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At20.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At22.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-12 c:\windows\Tasks\At24.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-12 c:\windows\Tasks\At26.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-02 c:\windows\Tasks\At28.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-11 c:\windows\Tasks\At30.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-09 c:\windows\Tasks\At32.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-08 c:\windows\Tasks\At34.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-09 c:\windows\Tasks\At36.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-04 c:\windows\Tasks\At38.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At4.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-12 c:\windows\Tasks\At40.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-12 c:\windows\Tasks\At42.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-14 c:\windows\Tasks\At44.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-14 c:\windows\Tasks\At46.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-11 c:\windows\Tasks\At48.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At50.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At52.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At54.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At56.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At58.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At6.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At60.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At62.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At64.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At66.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At68.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At70.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-12 c:\windows\Tasks\At72.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-12 c:\windows\Tasks\At74.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-02 c:\windows\Tasks\At76.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-11 c:\windows\Tasks\At78.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-03 c:\windows\Tasks\At8.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-09 c:\windows\Tasks\At80.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-08 c:\windows\Tasks\At82.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-09 c:\windows\Tasks\At84.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-04 c:\windows\Tasks\At86.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-12 c:\windows\Tasks\At88.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-12 c:\windows\Tasks\At90.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-14 c:\windows\Tasks\At92.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-14 c:\windows\Tasks\At94.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-11 c:\windows\Tasks\At96.job
- c:\windows\system32\FXUxT232.com_ [2012-04-11 05:14]
.
2012-04-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 06:14]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 06:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?0fc636fde303460c936a4ccc29b35817
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?0fc636fde303460c936a4ccc29b35817
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Handler: ms-its50 - {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss50.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jerri\Application Data\Mozilla\Firefox\Profiles\v50mc64d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-13 23:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\D.tmp"
.
Completion time: 2012-04-13 23:45:03
ComboFix-quarantined-files.txt 2012-04-14 06:44
ComboFix2.txt 2012-04-13 06:36
.
Pre-Run: 9,450,754,048 bytes free
Post-Run: 9,492,348,928 bytes free
.
- - End Of File - - 71F6DE2695F1D8758DD06740BBB9AAE2

I forgot to mention another symptom of the infection so far: Periodically, a "toonk" sound will occur when listening to audio on the computer. This sound is normally used to tell you that the action or command that you tried to do has failed. Normally, an anunciator box will appear to explain what the failure is. When the sound occurs now, no box appears. Also, if I have the computer on long enough, the computer case speaker will emit a double beep. There is no specific time when it does so that I can determine. I don't know if these symptoms will help.

Again, thank you for your time and effort.

Wassertor
  • 0

#10
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.
Things I want to see in your next reply

  • OTL.txt

  • 0

Advertisements


#11
Wassertor

Wassertor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello Nedklaw

I take it that the sounds I am getting from the computer are not an issue, since you did not comment on them.

Here is OTL.txt:

OTL logfile created on: 4/14/2012 7:58:04 PM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Jerri\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 69.37% Memory free
2.33 Gb Paging File | 2.01 Gb Available in Paging File | 86.28% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.26 Gb Total Space | 8.92 Gb Free Space | 15.57% Space Free | Partition Type: NTFS
Drive F: | 111.81 Gb Total Space | 75.29 Gb Free Space | 67.34% Space Free | Partition Type: NTFS
Drive G: | 111.81 Gb Total Space | 111.72 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

Computer Name: PAUL-QX8Y126H2L | User Name: Jerri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jerri\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\Gleep\minecraft\New Folder\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\PC Speed Up\PCSUService.exe ()
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
PRC - C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\Qualcomm\Eudora\Eudora.exe (QUALCOMM Incorporated)
PRC - C:\WINDOWS\system32\carpserv.exe (Conexant Systems)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files\PC Speed Up\PCSUService.exe ()
MOD - C:\Program Files\PC Speed Up\Sqlite3.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()
MOD - C:\Program Files\Qualcomm\Eudora\plstclnt.dll ()
MOD - C:\Program Files\Qualcomm\Eudora\EuLang.dll ()
MOD - C:\Program Files\Qualcomm\Eudora\xmltok.dll ()
MOD - C:\Program Files\Qualcomm\Eudora\xmlparse.dll ()
MOD - C:\Program Files\Qualcomm\Eudora\plugins\Unwrap32.dll ()
MOD - C:\WINDOWS\system32\FINDFAST.CPL ()


========== Win32 Services (SafeList) ==========

SRV - (winpowermanager) -- %systemroot%\system32\ino_flpy.dll File not found
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe File not found
SRV - (RimSerPort) -- %systemroot%\system32\PTproct.dll File not found
SRV - (pdiddcci) -- %systemroot%\system32\2wirepcp.dll File not found
SRV - (cfosspeed) -- %systemroot%\system32\tones.dll File not found
SRV - (Hamachi2Svc) -- F:\Gleep\minecraft\New Folder\hamachi-2.exe (LogMeIn Inc.)
SRV - (PCSUService) -- C:\Program Files\PC Speed Up\PCSUService.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (CTUPnPSv) -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (CTDevice_Srv) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (WacomVKHid) -- system32\DRIVERS\WacomVKHid.sys File not found
DRV - (PfModNT) -- C:\WINDOWS\System32\drivers\PfModNT.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MEMSWEEP2) -- C:\WINDOWS\system32\D.tmp File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (dump_wmimmc) -- C:\WINDOWS\system32\drivers\dump_wmimmc.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Jerri\LOCALS~1\Temp\catchme.sys File not found
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (npkcrypt) -- C:\Program Files\NEXON\MapleStory\npkcrypt.sys (INCA Internet Co., Ltd.)
DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (fasttx2k) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys (Promise Technology, Inc.)
DRV - (Pnp680r) -- C:\WINDOWS\system32\drivers\pnp680r.sys (Silicon Image, Inc)
DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems)
DRV - (V124) -- C:\WINDOWS\system32\drivers\hsf_v124.sys (Conexant)
DRV - (Tones) -- C:\WINDOWS\system32\drivers\hsf_tone.sys (Conexant)
DRV - (hsf_msft) -- C:\WINDOWS\system32\drivers\hsf_msft.sys (Conexant)
DRV - (Rksample) -- C:\WINDOWS\system32\drivers\hsf_samp.sys (Conexant)
DRV - (K56) -- C:\WINDOWS\system32\drivers\hsf_k56k.sys (Conexant)
DRV - (Fallback) -- C:\WINDOWS\system32\drivers\hsf_fall.sys (Conexant)
DRV - (SoftFax) -- C:\WINDOWS\system32\drivers\hsf_faxx.sys (Conexant)
DRV - (Fsks) -- C:\WINDOWS\system32\drivers\hsf_fsks.sys (Conexant)
DRV - (basic2) -- C:\WINDOWS\system32\drivers\hsf_bsc2.sys (Conexant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {DAED9266-8C28-4C1C-8B58-5C66EFF1D302}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Jerri\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 18:05:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/15 00:01:35 | 000,000,000 | ---D | M]

[2008/08/26 17:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jerri\Application Data\Mozilla\Extensions
[2011/05/07 13:24:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jerri\Application Data\Mozilla\Firefox\Profiles\v50mc64d.default\extensions
[2010/04/29 21:35:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jerri\Application Data\Mozilla\Firefox\Profiles\v50mc64d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/04/11 01:36:17 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\Jerri\Application Data\Mozilla\Firefox\Profiles\v50mc64d.default\searchplugins\search.xml
[2007/09/03 18:51:24 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Jerri\Application Data\Mozilla\Firefox\Profiles\v50mc64d.default\searchplugins\siteadvisor.xml
[2011/11/11 18:01:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/19 18:05:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/06 01:09:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2011/10/03 20:47:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 18:01:20 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/10 22:35:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [CARPService] C:\WINDOWS\System32\carpserv.exe (Conexant Systems)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] F:\Gleep\minecraft\New Folder\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.micr...C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7227B931-0726-46D4-90D3-CD5910A1109D}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jerri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jerri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/12/31 15:24:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/14 16:01:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/10 22:55:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/10 21:53:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/10 21:48:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/10 21:48:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/10 21:48:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/10 21:48:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/10 21:48:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/10 21:48:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/10 21:42:53 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jerri\Desktop\tdsskiller.exe
[2012/04/10 21:28:18 | 004,455,939 | R--- | C] (Swearware) -- C:\Documents and Settings\Jerri\Desktop\ComboFix.exe
[2012/04/09 21:18:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jerri\Desktop\aswMBR.exe
[2012/04/08 15:38:08 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jerri\Desktop\OTL.exe
[2012/03/27 22:34:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/14 19:52:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2012/04/14 19:46:14 | 000,013,256 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/14 19:43:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/14 19:43:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/14 17:12:32 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/14 17:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2012/04/14 17:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012/04/14 16:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2012/04/14 16:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2012/04/14 15:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2012/04/14 15:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2012/04/14 14:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2012/04/14 14:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2012/04/13 22:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2012/04/13 22:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2012/04/13 21:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2012/04/13 21:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2012/04/12 23:58:39 | 000,448,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/12 23:58:39 | 000,074,452 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/12 23:50:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/12 12:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2012/04/12 12:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012/04/12 11:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2012/04/12 11:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012/04/11 20:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2012/04/11 20:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012/04/11 19:10:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2012/04/11 19:09:07 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2012/04/10 23:09:36 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2012/04/10 23:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2012/04/10 22:35:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/10 21:53:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/10 21:43:01 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jerri\Desktop\tdsskiller.exe
[2012/04/10 21:28:29 | 004,455,939 | R--- | M] (Swearware) -- C:\Documents and Settings\Jerri\Desktop\ComboFix.exe
[2012/04/09 23:34:45 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jerri\Desktop\MBR.dat
[2012/04/09 21:18:57 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jerri\Desktop\aswMBR.exe
[2012/04/08 15:38:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerri\Desktop\OTL.exe
[2012/04/03 18:10:13 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2012/04/03 18:10:13 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2012/04/03 10:09:08 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2012/04/03 10:09:08 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012/04/03 09:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2012/04/03 09:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012/04/03 08:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2012/04/03 08:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012/04/03 07:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2012/04/03 07:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012/04/03 06:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2012/04/03 06:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012/04/03 05:10:13 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012/04/03 05:10:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2012/04/03 04:10:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2012/04/03 04:10:13 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2012/04/03 03:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2012/04/03 03:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2012/04/03 02:10:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012/04/03 02:10:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2012/04/03 01:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2012/04/03 01:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/04/03 00:10:25 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2012/04/03 00:09:14 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/04/02 13:30:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/02 13:10:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2012/04/02 13:10:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2012/03/25 22:36:02 | 000,438,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/25 20:51:20 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\3058gri7.exe_.b
[2012/03/25 20:51:20 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\3058gri7.exe.b
[2012/03/25 20:19:16 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\3058gri7.exe.d
[2012/03/23 13:15:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/23 10:45:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/22 22:19:10 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\be3477LE.dat
[2012/03/22 22:14:26 | 000,084,992 | ---- | M] () -- C:\WINDOWS\System32\FXUxT232.com_
[2012/03/22 22:13:30 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\FXUxT232.com.b
[2012/03/19 21:08:18 | 002,552,184 | ---- | M] () -- C:\Documents and Settings\Jerri\My Documents\ITC Feb 22 12 Attendance001.jpg
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/11 14:09:02 | 000,084,992 | ---- | C] () -- C:\WINDOWS\System32\FXUxT232.com_
[2012/04/10 21:53:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/10 21:53:26 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/10 21:48:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/10 21:48:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/10 21:48:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/10 21:48:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/10 21:48:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/09 23:34:45 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jerri\Desktop\MBR.dat
[2012/03/25 20:51:20 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3058gri7.exe_.b
[2012/03/25 20:51:20 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3058gri7.exe.b
[2012/03/25 20:19:16 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3058gri7.exe.d
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2012/03/22 22:13:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2012/03/22 22:13:30 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2012/03/22 22:13:30 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2012/03/22 22:13:30 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2012/03/22 22:13:30 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2012/03/22 22:13:30 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2012/03/22 22:13:30 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2012/03/22 22:13:30 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2012/03/22 22:13:30 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2012/03/22 22:13:30 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2012/03/22 22:13:30 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2012/03/19 21:08:13 | 002,552,184 | ---- | C] () -- C:\Documents and Settings\Jerri\My Documents\ITC Feb 22 12 Attendance001.jpg
[2012/02/20 20:35:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/17 19:18:52 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\FXUxT232.com.b
[2011/12/16 22:14:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/16 21:56:02 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\be3477LE.dat
[2011/12/05 19:34:11 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/02/14 19:44:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/09/19 21:56:25 | 000,088,960 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/25 23:25:24 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin

========== LOP Check ==========

[2006/01/02 21:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/01/03 21:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011/06/12 23:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2006/01/14 23:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2011/06/12 23:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2008/05/03 18:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/08/08 23:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/04/25 23:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2006/01/02 21:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/09/19 21:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/08 16:36:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
[2009/06/17 11:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/07/08 16:35:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}
[2012/01/28 23:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\.minecraft
[2008/03/23 16:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\EPSON
[2007/04/02 20:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\LEGO Company
[2006/01/02 21:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\Nikon
[2008/11/27 23:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\PC Suite
[2004/08/04 20:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\Qualcomm
[2010/05/13 11:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\Research In Motion
[2009/08/15 21:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\Roblox
[2010/10/20 22:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\Smart PDF Creator
[2012/02/15 22:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\WTouch
[2012/04/03 04:10:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2012/04/03 05:10:13 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2012/04/03 06:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2012/04/03 07:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2012/04/03 08:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2012/04/03 00:09:14 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/04/03 09:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2012/04/03 10:09:08 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2012/04/12 11:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2012/04/12 12:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2012/04/02 13:10:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2012/04/14 14:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2012/04/14 15:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2012/04/14 16:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2012/04/14 17:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2012/04/03 18:10:13 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2012/04/03 01:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2012/04/11 19:09:07 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2012/04/11 20:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2012/04/13 21:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2012/04/13 22:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2012/04/10 23:09:36 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2012/04/03 00:10:25 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2012/04/03 01:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2012/04/03 02:10:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2012/04/03 03:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2012/04/03 04:10:13 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2012/04/03 02:10:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2012/04/03 05:10:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2012/04/03 06:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2012/04/03 07:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2012/04/03 08:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2012/04/03 09:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2012/04/03 10:09:08 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2012/04/12 11:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2012/04/12 12:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At74.job
[2012/04/02 13:10:12 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At76.job
[2012/04/14 14:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At78.job
[2012/04/03 03:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2012/04/14 15:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At80.job
[2012/04/14 16:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At82.job
[2012/04/14 17:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At84.job
[2012/04/03 18:10:13 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At86.job
[2012/04/11 19:10:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At88.job
[2012/04/11 20:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At90.job
[2012/04/13 21:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At92.job
[2012/04/13 22:09:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At94.job
[2012/04/10 23:09:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At96.job
[2012/04/14 19:52:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

========== Purity Check ==========



< End of report >


Thanks,

Wassertor
  • 0

#12
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

Please unisntall the following programs via Control Panel > Add/Remove Programs (if present):

  • Java 2 Runtime Environment, SE v1.4.0_01
  • Java 2 Runtime Environment, SE v1.4.0_03
  • Java 2 Runtime Environment Standard Edition v1.3.0_02
  • Viewpoint Media Player (Remove Only)

Viewpoint is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". I recommend you uninstall your Viewpoint product but it is your choice.
This may change, read Viewpoint to Plunge Into Adware.



Step 2

If you have the paid version of Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

To disable MBAM

Open the scanner and select the Protection tab.
Remove the tick from Start protection module with Windows.
Reboot and then run OTL.

Posted Image


Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL 
    SRV - (winpowermanager) -- %systemroot%\system32\ino_flpy.dll File not found
    SRV - (RimSerPort) -- %systemroot%\system32\PTproct.dll File not found
    SRV - (pdiddcci) -- %systemroot%\system32\2wirepcp.dll File not found
    SRV - (cfosspeed) -- %systemroot%\system32\tones.dll File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    [2012/03/25 20:51:20 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\3058gri7.exe_.b
    [2012/03/25 20:51:20 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\3058gri7.exe.b
    [2012/03/25 20:19:16 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\3058gri7.exe.d
    [2012/03/22 22:19:10 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\be3477LE.dat
    [2012/03/22 22:14:26 | 000,084,992 | ---- | M] () -- C:\WINDOWS\System32\FXUxT232.com_
    [2012/03/22 22:13:30 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\FXUxT232.com.b
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    
    :Files
    c:\windows\Tasks\At*.job
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [CREATERESTOREPOINT] 
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 3

Perform the following steps to disable your machine’s system beep:

  • Right-click My Computer and select Manage.
  • Expand System Tools and select Device Manager.
  • From the View menu, select Show hidden devices.
  • Expand Non-Plug and Play Drivers.
  • Right-click Beep, and select Properties.
  • Select the Drivers tab.
  • Click Stop. You can also change the start-up type to Disabled so the beep service never starts.

Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt

  • 0

#13
Wassertor

Wassertor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello Nedklaw

Regarding the beep, I was just curious to know if the infection was triggering it and what it meant. Much appreciate the shut-off information though.

Here is the OTL outputs:

OTL Fix Log

All processes killed
========== OTL ==========
Service winpowermanager stopped successfully!
Service winpowermanager deleted successfully!
File %systemroot%\system32\ino_flpy.dll File not found not found.
Service RimSerPort stopped successfully!
Service RimSerPort deleted successfully!
File %systemroot%\system32\PTproct.dll File not found not found.
Service pdiddcci stopped successfully!
Service pdiddcci deleted successfully!
File %systemroot%\system32\2wirepcp.dll File not found not found.
Service cfosspeed stopped successfully!
Service cfosspeed deleted successfully!
File %systemroot%\system32\tones.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\3058gri7.exe_.b moved successfully.
C:\Documents and Settings\All Users\Application Data\3058gri7.exe.b moved successfully.
C:\Documents and Settings\All Users\Application Data\3058gri7.exe.d moved successfully.
C:\Documents and Settings\All Users\Application Data\be3477LE.dat moved successfully.
C:\WINDOWS\system32\FXUxT232.com_ moved successfully.
C:\WINDOWS\system32\FXUxT232.com.b moved successfully.
C:\WINDOWS\002512_.tmp deleted successfully.
C:\WINDOWS\006310_.tmp deleted successfully.
C:\WINDOWS\NV1824840.TMP\nvapps.nvb deleted successfully.
C:\WINDOWS\NV1824840.TMP folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SETA.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== FILES ==========
c:\windows\Tasks\At10.job moved successfully.
c:\windows\Tasks\At12.job moved successfully.
c:\windows\Tasks\At14.job moved successfully.
c:\windows\Tasks\At16.job moved successfully.
c:\windows\Tasks\At18.job moved successfully.
c:\windows\Tasks\At2.job moved successfully.
c:\windows\Tasks\At20.job moved successfully.
c:\windows\Tasks\At22.job moved successfully.
c:\windows\Tasks\At24.job moved successfully.
c:\windows\Tasks\At26.job moved successfully.
c:\windows\Tasks\At28.job moved successfully.
c:\windows\Tasks\At30.job moved successfully.
c:\windows\Tasks\At32.job moved successfully.
c:\windows\Tasks\At34.job moved successfully.
c:\windows\Tasks\At36.job moved successfully.
c:\windows\Tasks\At38.job moved successfully.
c:\windows\Tasks\At4.job moved successfully.
c:\windows\Tasks\At40.job moved successfully.
c:\windows\Tasks\At42.job moved successfully.
c:\windows\Tasks\At44.job moved successfully.
c:\windows\Tasks\At46.job moved successfully.
c:\windows\Tasks\At48.job moved successfully.
c:\windows\Tasks\At50.job moved successfully.
c:\windows\Tasks\At52.job moved successfully.
c:\windows\Tasks\At54.job moved successfully.
c:\windows\Tasks\At56.job moved successfully.
c:\windows\Tasks\At58.job moved successfully.
c:\windows\Tasks\At6.job moved successfully.
c:\windows\Tasks\At60.job moved successfully.
c:\windows\Tasks\At62.job moved successfully.
c:\windows\Tasks\At64.job moved successfully.
c:\windows\Tasks\At66.job moved successfully.
c:\windows\Tasks\At68.job moved successfully.
c:\windows\Tasks\At70.job moved successfully.
c:\windows\Tasks\At72.job moved successfully.
c:\windows\Tasks\At74.job moved successfully.
c:\windows\Tasks\At76.job moved successfully.
c:\windows\Tasks\At78.job moved successfully.
c:\windows\Tasks\At8.job moved successfully.
c:\windows\Tasks\At80.job moved successfully.
c:\windows\Tasks\At82.job moved successfully.
c:\windows\Tasks\At84.job moved successfully.
c:\windows\Tasks\At86.job moved successfully.
c:\windows\Tasks\At88.job moved successfully.
c:\windows\Tasks\At90.job moved successfully.
c:\windows\Tasks\At92.job moved successfully.
c:\windows\Tasks\At94.job moved successfully.
c:\windows\Tasks\At96.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Jerri\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jerri\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Brenna

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4552378 bytes
->Flash cache emptied: 41085 bytes

User: Garth
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 75470130 bytes
->FireFox cache emptied: 67241832 bytes
->Flash cache emptied: 487 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Jerri
->Temp folder emptied: 1116021 bytes
->Temporary Internet Files folder emptied: 5051645 bytes
->Java cache emptied: 29609742 bytes
->FireFox cache emptied: 53106550 bytes
->Flash cache emptied: 41531 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 213126 bytes
->Flash cache emptied: 10677 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 983174 bytes
->Flash cache emptied: 7809 bytes

User: Paul

User: Ryan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 9098858 bytes
->FireFox cache emptied: 48406344 bytes
->Flash cache emptied: 59100 bytes

User: User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 559 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 38135445 bytes

Total Files Cleaned = 318.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.39.2 log created on 04152012_205154

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Contents of OTL.txt:

OTL logfile created on: 4/15/2012 9:06:16 PM - Run 4
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Jerri\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 71.70% Memory free
2.33 Gb Paging File | 2.05 Gb Available in Paging File | 88.01% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.26 Gb Total Space | 9.09 Gb Free Space | 15.87% Space Free | Partition Type: NTFS
Drive F: | 111.81 Gb Total Space | 75.28 Gb Free Space | 67.32% Space Free | Partition Type: NTFS
Drive G: | 111.81 Gb Total Space | 111.72 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

Computer Name: PAUL-QX8Y126H2L | User Name: Jerri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jerri\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\Gleep\minecraft\New Folder\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - F:\Gleep\minecraft\New Folder\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\PC Speed Up\PCSUService.exe ()
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
PRC - C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\WINDOWS\system32\carpserv.exe (Conexant Systems)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\PC Speed Up\PCSUService.exe ()
MOD - C:\Program Files\PC Speed Up\Sqlite3.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe File not found
SRV - (Hamachi2Svc) -- F:\Gleep\minecraft\New Folder\hamachi-2.exe (LogMeIn Inc.)
SRV - (PCSUService) -- C:\Program Files\PC Speed Up\PCSUService.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (CTUPnPSv) -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (CTDevice_Srv) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (WacomVKHid) -- system32\DRIVERS\WacomVKHid.sys File not found
DRV - (PfModNT) -- C:\WINDOWS\System32\drivers\PfModNT.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MEMSWEEP2) -- C:\WINDOWS\system32\D.tmp File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (dump_wmimmc) -- C:\WINDOWS\system32\drivers\dump_wmimmc.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Jerri\LOCALS~1\Temp\catchme.sys File not found
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (npkcrypt) -- C:\Program Files\NEXON\MapleStory\npkcrypt.sys (INCA Internet Co., Ltd.)
DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (fasttx2k) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys (Promise Technology, Inc.)
DRV - (Pnp680r) -- C:\WINDOWS\system32\drivers\pnp680r.sys (Silicon Image, Inc)
DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems)
DRV - (V124) -- C:\WINDOWS\system32\drivers\hsf_v124.sys (Conexant)
DRV - (Tones) -- C:\WINDOWS\system32\drivers\hsf_tone.sys (Conexant)
DRV - (hsf_msft) -- C:\WINDOWS\system32\drivers\hsf_msft.sys (Conexant)
DRV - (Rksample) -- C:\WINDOWS\system32\drivers\hsf_samp.sys (Conexant)
DRV - (K56) -- C:\WINDOWS\system32\drivers\hsf_k56k.sys (Conexant)
DRV - (Fallback) -- C:\WINDOWS\system32\drivers\hsf_fall.sys (Conexant)
DRV - (SoftFax) -- C:\WINDOWS\system32\drivers\hsf_faxx.sys (Conexant)
DRV - (Fsks) -- C:\WINDOWS\system32\drivers\hsf_fsks.sys (Conexant)
DRV - (basic2) -- C:\WINDOWS\system32\drivers\hsf_bsc2.sys (Conexant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\..\SearchScopes,DefaultScope = {DAED9266-8C28-4C1C-8B58-5C66EFF1D302}
IE - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Jerri\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 18:05:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/15 00:01:35 | 000,000,000 | ---D | M]

[2008/08/26 17:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jerri\Application Data\Mozilla\Extensions
[2011/05/07 13:24:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jerri\Application Data\Mozilla\Firefox\Profiles\v50mc64d.default\extensions
[2010/04/29 21:35:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jerri\Application Data\Mozilla\Firefox\Profiles\v50mc64d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/04/11 01:36:17 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\Jerri\Application Data\Mozilla\Firefox\Profiles\v50mc64d.default\searchplugins\search.xml
[2007/09/03 18:51:24 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Jerri\Application Data\Mozilla\Firefox\Profiles\v50mc64d.default\searchplugins\siteadvisor.xml
[2011/11/11 18:01:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/19 18:05:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/06 01:09:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2011/10/03 20:47:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 18:01:20 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/10 22:35:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - No CLSID value found.
O3 - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [CARPService] C:\WINDOWS\System32\carpserv.exe (Conexant Systems)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] F:\Gleep\minecraft\New Folder\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-2025429265-1454471165-725345543-1004..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.micr...C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7227B931-0726-46D4-90D3-CD5910A1109D}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jerri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jerri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/12/31 15:24:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/15 20:51:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/15 01:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/04/14 16:01:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/10 22:55:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/10 21:53:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/10 21:48:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/10 21:48:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/10 21:48:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/10 21:48:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/10 21:48:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/10 21:48:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/10 21:42:53 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jerri\Desktop\tdsskiller.exe
[2012/04/10 21:28:18 | 004,455,939 | R--- | C] (Swearware) -- C:\Documents and Settings\Jerri\Desktop\ComboFix.exe
[2012/04/09 21:18:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jerri\Desktop\aswMBR.exe
[2012/04/08 15:38:08 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jerri\Desktop\OTL.exe
[2012/03/27 22:34:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC

========== Files - Modified Within 30 Days ==========

[2012/04/15 21:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/15 20:56:25 | 000,013,256 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/15 20:54:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/15 20:53:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/15 20:52:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2012/04/12 23:58:39 | 000,448,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/12 23:58:39 | 000,074,452 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/12 23:50:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/10 22:35:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/10 21:53:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/10 21:43:01 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jerri\Desktop\tdsskiller.exe
[2012/04/10 21:28:29 | 004,455,939 | R--- | M] (Swearware) -- C:\Documents and Settings\Jerri\Desktop\ComboFix.exe
[2012/04/09 23:34:45 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jerri\Desktop\MBR.dat
[2012/04/09 21:18:57 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jerri\Desktop\aswMBR.exe
[2012/04/08 15:38:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerri\Desktop\OTL.exe
[2012/04/02 13:30:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/25 22:36:02 | 000,438,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/23 13:15:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/23 10:45:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/19 21:08:18 | 002,552,184 | ---- | M] () -- C:\Documents and Settings\Jerri\My Documents\ITC Feb 22 12 Attendance001.jpg

========== Files Created - No Company Name ==========

[2012/04/10 21:53:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/10 21:53:26 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/10 21:48:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/10 21:48:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/10 21:48:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/10 21:48:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/10 21:48:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/09 23:34:45 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jerri\Desktop\MBR.dat
[2012/03/19 21:08:13 | 002,552,184 | ---- | C] () -- C:\Documents and Settings\Jerri\My Documents\ITC Feb 22 12 Attendance001.jpg
[2012/02/20 20:35:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/16 22:14:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/05 19:34:11 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/02/14 19:44:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/09/19 21:56:25 | 000,088,960 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/25 23:25:24 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin

========== LOP Check ==========

[2006/01/02 21:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/01/03 21:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011/06/12 23:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2006/01/14 23:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2011/06/12 23:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2008/05/03 18:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/08/08 23:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/04/25 23:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2012/04/15 01:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/01/02 21:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/09/19 21:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/08 16:36:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
[2009/06/17 11:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/07/08 16:35:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}
[2012/01/25 22:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garth\Application Data\.minecraft
[2007/02/24 17:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garth\Application Data\EPSON
[2007/09/02 14:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garth\Application Data\iScreensaver
[2007/10/17 14:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garth\Application Data\LEGO Company
[2008/12/19 22:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garth\Application Data\PC Suite
[2006/03/25 16:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garth\Application Data\Qualcomm
[2010/04/29 10:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garth\Application Data\Research In Motion
[2012/02/21 19:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garth\Application Data\WTouch
[2012/01/28 23:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\.minecraft
[2008/03/23 16:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\EPSON
[2007/04/02 20:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\LEGO Company
[2006/01/02 21:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\Nikon
[2008/11/27 23:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\PC Suite
[2004/08/04 20:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\Qualcomm
[2010/05/13 11:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\Research In Motion
[2009/08/15 21:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\Roblox
[2010/10/20 22:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\Smart PDF Creator
[2012/02/15 22:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\WTouch
[2009/11/30 12:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2012/02/26 19:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\.minecraft
[2007/01/09 18:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\EPSON
[2009/03/14 10:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\PC Suite
[2007/01/16 00:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Qualcomm
[2010/05/03 21:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Research In Motion
[2012/02/26 18:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\WTouch
[2003/01/26 00:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Qualcomm
[2012/04/15 20:52:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >


Thanks again.

Wassertor
  • 0

#14
Wassertor

Wassertor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Nedklaw

Regarding the beeps, I was just curious to know if the infection was triggering the beeps. Thanks for the beep shut-down information though.

Contents of OTL Fix Log:

All processes killed
========== OTL ==========
Service winpowermanager stopped successfully!
Service winpowermanager deleted successfully!
File %systemroot%\system32\ino_flpy.dll File not found not found.
Service RimSerPort stopped successfully!
Service RimSerPort deleted successfully!
File %systemroot%\system32\PTproct.dll File not found not found.
Service pdiddcci stopped successfully!
Service pdiddcci deleted successfully!
File %systemroot%\system32\2wirepcp.dll File not found not found.
Service cfosspeed stopped successfully!
Service cfosspeed deleted successfully!
File %systemroot%\system32\tones.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\3058gri7.exe_.b moved successfully.
C:\Documents and Settings\All Users\Application Data\3058gri7.exe.b moved successfully.
C:\Documents and Settings\All Users\Application Data\3058gri7.exe.d moved successfully.
C:\Documents and Settings\All Users\Application Data\be3477LE.dat moved successfully.
C:\WINDOWS\system32\FXUxT232.com_ moved successfully.
C:\WINDOWS\system32\FXUxT232.com.b moved successfully.
C:\WINDOWS\002512_.tmp deleted successfully.
C:\WINDOWS\006310_.tmp deleted successfully.
C:\WINDOWS\NV1824840.TMP\nvapps.nvb deleted successfully.
C:\WINDOWS\NV1824840.TMP folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SETA.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== FILES ==========
c:\windows\Tasks\At10.job moved successfully.
c:\windows\Tasks\At12.job moved successfully.
c:\windows\Tasks\At14.job moved successfully.
c:\windows\Tasks\At16.job moved successfully.
c:\windows\Tasks\At18.job moved successfully.
c:\windows\Tasks\At2.job moved successfully.
c:\windows\Tasks\At20.job moved successfully.
c:\windows\Tasks\At22.job moved successfully.
c:\windows\Tasks\At24.job moved successfully.
c:\windows\Tasks\At26.job moved successfully.
c:\windows\Tasks\At28.job moved successfully.
c:\windows\Tasks\At30.job moved successfully.
c:\windows\Tasks\At32.job moved successfully.
c:\windows\Tasks\At34.job moved successfully.
c:\windows\Tasks\At36.job moved successfully.
c:\windows\Tasks\At38.job moved successfully.
c:\windows\Tasks\At4.job moved successfully.
c:\windows\Tasks\At40.job moved successfully.
c:\windows\Tasks\At42.job moved successfully.
c:\windows\Tasks\At44.job moved successfully.
c:\windows\Tasks\At46.job moved successfully.
c:\windows\Tasks\At48.job moved successfully.
c:\windows\Tasks\At50.job moved successfully.
c:\windows\Tasks\At52.job moved successfully.
c:\windows\Tasks\At54.job moved successfully.
c:\windows\Tasks\At56.job moved successfully.
c:\windows\Tasks\At58.job moved successfully.
c:\windows\Tasks\At6.job moved successfully.
c:\windows\Tasks\At60.job moved successfully.
c:\windows\Tasks\At62.job moved successfully.
c:\windows\Tasks\At64.job moved successfully.
c:\windows\Tasks\At66.job moved successfully.
c:\windows\Tasks\At68.job moved successfully.
c:\windows\Tasks\At70.job moved successfully.
c:\windows\Tasks\At72.job moved successfully.
c:\windows\Tasks\At74.job moved successfully.
c:\windows\Tasks\At76.job moved successfully.
c:\windows\Tasks\At78.job moved successfully.
c:\windows\Tasks\At8.job moved successfully.
c:\windows\Tasks\At80.job moved successfully.
c:\windows\Tasks\At82.job moved successfully.
c:\windows\Tasks\At84.job moved successfully.
c:\windows\Tasks\At86.job moved successfully.
c:\windows\Tasks\At88.job moved successfully.
c:\windows\Tasks\At90.job moved successfully.
c:\windows\Tasks\At92.job moved successfully.
c:\windows\Tasks\At94.job moved successfully.
c:\windows\Tasks\At96.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Jerri\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jerri\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Brenna

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4552378 bytes
->Flash cache emptied: 41085 bytes

User: Garth
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 75470130 bytes
->FireFox cache emptied: 67241832 bytes
->Flash cache emptied: 487 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Jerri
->Temp folder emptied: 1116021 bytes
->Temporary Internet Files folder emptied: 5051645 bytes
->Java cache emptied: 29609742 bytes
->FireFox cache emptied: 53106550 bytes
->Flash cache emptied: 41531 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 213126 bytes
->Flash cache emptied: 10677 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 983174 bytes
->Flash cache emptied: 7809 bytes

User: Paul

User: Ryan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 9098858 bytes
->FireFox cache emptied: 48406344 bytes
->Flash cache emptied: 59100 bytes

User: User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 559 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 38135445 bytes

Total Files Cleaned = 318.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.39.2 log created on 04152012_205154

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Contents of OTC.txt:

OTL logfile created on: 4/15/2012 9:06:16 PM - Run 4
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Jerri\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 71.70% Memory free
2.33 Gb Paging File | 2.05 Gb Available in Paging File | 88.01% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.26 Gb Total Space | 9.09 Gb Free Space | 15.87% Space Free | Partition Type: NTFS
Drive F: | 111.81 Gb Total Space | 75.28 Gb Free Space | 67.32% Space Free | Partition Type: NTFS
Drive G: | 111.81 Gb Total Space | 111.72 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

Computer Name: PAUL-QX8Y126H2L | User Name: Jerri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jerri\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\Gleep\minecraft\New Folder\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - F:\Gleep\minecraft\New Folder\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\PC Speed Up\PCSUService.exe ()
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
PRC - C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\WINDOWS\system32\carpserv.exe (Conexant Systems)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\PC Speed Up\PCSUService.exe ()
MOD - C:\Program Files\PC Speed Up\Sqlite3.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe File not found
SRV - (Hamachi2Svc) -- F:\Gleep\minecraft\New Folder\hamachi-2.exe (LogMeIn Inc.)
SRV - (PCSUService) -- C:\Program Files\PC Speed Up\PCSUService.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (CTUPnPSv) -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (CTDevice_Srv) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (WacomVKHid) -- system32\DRIVERS\WacomVKHid.sys File not found
DRV - (PfModNT) -- C:\WINDOWS\System32\drivers\PfModNT.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MEMSWEEP2) -- C:\WINDOWS\system32\D.tmp File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (dump_wmimmc) -- C:\WINDOWS\system32\drivers\dump_wmimmc.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Jerri\LOCALS~1\Temp\catchme.sys File not found
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (npkcrypt) -- C:\Program Files\NEXON\MapleStory\npkcrypt.sys (INCA Internet Co., Ltd.)
DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (fasttx2k) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys (Promise Technology, Inc.)
DRV - (Pnp680r) -- C:\WINDOWS\system32\drivers\pnp680r.sys (Silicon Image, Inc)
DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems)
DRV - (V124) -- C:\WINDOWS\system32\drivers\hsf_v124.sys (Conexant)
DRV - (Tones) -- C:\WINDOWS\system32\drivers\hsf_tone.sys (Conexant)
DRV - (hsf_msft) -- C:\WINDOWS\system32\drivers\hsf_msft.sys (Conexant)
DRV - (Rksample) -- C:\WINDOWS\system32\drivers\hsf_samp.sys (Conexant)
DRV - (K56) -- C:\WINDOWS\system32\drivers\hsf_k56k.sys (Conexant)
DRV - (Fallback) -- C:\WINDOWS\system32\drivers\hsf_fall.sys (Conexant)
DRV - (SoftFax) -- C:\WINDOWS\system32\drivers\hsf_faxx.sys (Conexant)
DRV - (Fsks) -- C:\WINDOWS\system32\drivers\hsf_fsks.sys (Conexant)
DRV - (basic2) -- C:\WINDOWS\system32\drivers\hsf_bsc2.sys (Conexant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\..\SearchScopes,DefaultScope = {DAED9266-8C28-4C1C-8B58-5C66EFF1D302}
IE - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Jerri\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 18:05:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/15 00:01:35 | 000,000,000 | ---D | M]

[2008/08/26 17:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jerri\Application Data\Mozilla\Extensions
[2011/05/07 13:24:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jerri\Application Data\Mozilla\Firefox\Profiles\v50mc64d.default\extensions
[2010/04/29 21:35:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jerri\Application Data\Mozilla\Firefox\Profiles\v50mc64d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/04/11 01:36:17 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\Jerri\Application Data\Mozilla\Firefox\Profiles\v50mc64d.default\searchplugins\search.xml
[2007/09/03 18:51:24 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Jerri\Application Data\Mozilla\Firefox\Profiles\v50mc64d.default\searchplugins\siteadvisor.xml
[2011/11/11 18:01:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/19 18:05:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/06 01:09:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2011/10/03 20:47:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 18:01:20 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/10 22:35:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - No CLSID value found.
O3 - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [CARPService] C:\WINDOWS\System32\carpserv.exe (Conexant Systems)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] F:\Gleep\minecraft\New Folder\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-2025429265-1454471165-725345543-1004..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2025429265-1454471165-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.micr...C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7227B931-0726-46D4-90D3-CD5910A1109D}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jerri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jerri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/12/31 15:24:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/15 20:51:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/15 01:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/04/14 16:01:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/10 22:55:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/10 21:53:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/10 21:48:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/10 21:48:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/10 21:48:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/10 21:48:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/10 21:48:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/10 21:48:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/10 21:42:53 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jerri\Desktop\tdsskiller.exe
[2012/04/10 21:28:18 | 004,455,939 | R--- | C] (Swearware) -- C:\Documents and Settings\Jerri\Desktop\ComboFix.exe
[2012/04/09 21:18:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jerri\Desktop\aswMBR.exe
[2012/04/08 15:38:08 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jerri\Desktop\OTL.exe
[2012/03/27 22:34:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC

========== Files - Modified Within 30 Days ==========

[2012/04/15 21:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/15 20:56:25 | 000,013,256 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/15 20:54:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/15 20:53:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/15 20:52:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2012/04/12 23:58:39 | 000,448,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/12 23:58:39 | 000,074,452 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/12 23:50:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/10 22:35:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/10 21:53:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/10 21:43:01 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jerri\Desktop\tdsskiller.exe
[2012/04/10 21:28:29 | 004,455,939 | R--- | M] (Swearware) -- C:\Documents and Settings\Jerri\Desktop\ComboFix.exe
[2012/04/09 23:34:45 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jerri\Desktop\MBR.dat
[2012/04/09 21:18:57 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jerri\Desktop\aswMBR.exe
[2012/04/08 15:38:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerri\Desktop\OTL.exe
[2012/04/02 13:30:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/25 22:36:02 | 000,438,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/23 13:15:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/23 10:45:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/19 21:08:18 | 002,552,184 | ---- | M] () -- C:\Documents and Settings\Jerri\My Documents\ITC Feb 22 12 Attendance001.jpg

========== Files Created - No Company Name ==========

[2012/04/10 21:53:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/10 21:53:26 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/10 21:48:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/10 21:48:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/10 21:48:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/10 21:48:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/10 21:48:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/09 23:34:45 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jerri\Desktop\MBR.dat
[2012/03/19 21:08:13 | 002,552,184 | ---- | C] () -- C:\Documents and Settings\Jerri\My Documents\ITC Feb 22 12 Attendance001.jpg
[2012/02/20 20:35:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/16 22:14:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/05 19:34:11 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/02/14 19:44:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/09/19 21:56:25 | 000,088,960 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/25 23:25:24 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin

========== LOP Check ==========

[2006/01/02 21:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/01/03 21:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011/06/12 23:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2006/01/14 23:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2011/06/12 23:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2008/05/03 18:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/08/08 23:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/04/25 23:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2012/04/15 01:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/01/02 21:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/09/19 21:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/08 16:36:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
[2009/06/17 11:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/07/08 16:35:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}
[2012/01/25 22:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garth\Application Data\.minecraft
[2007/02/24 17:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garth\Application Data\EPSON
[2007/09/02 14:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garth\Application Data\iScreensaver
[2007/10/17 14:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garth\Application Data\LEGO Company
[2008/12/19 22:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garth\Application Data\PC Suite
[2006/03/25 16:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garth\Application Data\Qualcomm
[2010/04/29 10:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garth\Application Data\Research In Motion
[2012/02/21 19:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garth\Application Data\WTouch
[2012/01/28 23:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\.minecraft
[2008/03/23 16:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\EPSON
[2007/04/02 20:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\LEGO Company
[2006/01/02 21:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\Nikon
[2008/11/27 23:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\PC Suite
[2004/08/04 20:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\Qualcomm
[2010/05/13 11:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\Research In Motion
[2009/08/15 21:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\Roblox
[2010/10/20 22:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\Smart PDF Creator
[2012/02/15 22:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerri\Application Data\WTouch
[2009/11/30 12:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2012/02/26 19:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\.minecraft
[2007/01/09 18:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\EPSON
[2009/03/14 10:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\PC Suite
[2007/01/16 00:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Qualcomm
[2010/05/03 21:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Research In Motion
[2012/02/26 18:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\WTouch
[2003/01/26 00:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Qualcomm
[2012/04/15 20:52:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

Many Thanks,

Wassertor
  • 0

#15
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
How is your system running? Are you experiencing any problems?


Step 1

Posted Image
Internet Explorer 8 - I recommend you upgrade to Internet Explorer 8. This version provides security fixes which make your computer less vunerable to malware attacks. This version also includes enhanced features which can make your web browsing a more enjoyable experience. Microsoft are even running a campaign to abolish Internet Explorer 6.


Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 3

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer or Mozilla Firefox for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
  • Click Scan. (This scan can take several hours, so please be patient).
  • Once the scan is completed, you may close the window.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Things I want to see in your next reply

  • Answers to my questions
  • MBAM Log
  • log.txt

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP