Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet connection reduced to a 10th of its normal speed, firewall ve

Started by Arboreal , Apr 28 2012 03:24 PM

  • Please log in to reply

#1
Arboreal
Posted 28 April 2012 - 03:24 PM

Arboreal

    Member

  • Member
  • PipPip
  • 32 posts
Hello,

First off I want to say I am not sure what's going on here. My Firewall has become quite slow to boot upon start up, with a warning popping up first telling me there's no firewall, then a minute later it goes away and firewall appears to be working. Secondly, around the same time this started happening, my internet connection was reduced to a 10th of its normal speedtest reading. I have Road Runner Boost and it usually has good read outs, not so now. I scanned with Malewarebytes and Security essentials, and they report a clean system in and out of safe mode. Time Warner reports that my modem is functioning, haven't had a tech out yet. I came here first due to the firewall issue seeming fishy to me. Below is my OTL report.

Thank You Kindly,

Kevin


*****************************


OTL logfile created on: 4/28/2012 4:58:43 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\Kevin Henry\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 78.00% Memory free
5.59 Gb Paging File | 5.15 Gb Available in Paging File | 92.09% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.31 Gb Total Space | 33.43 Gb Free Space | 18.64% Space Free | Partition Type: NTFS
Drive J: | 465.64 Gb Total Space | 12.91 Gb Free Space | 2.77% Space Free | Partition Type: FAT32
Unable to calculate disk information.

Computer Name: ITZAMNA | User Name: Kevin Henry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kevin Henry\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Kevin Henry\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Razer\Mamba\RazerTray.exe (Razer USA Ltd)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe (Sony Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\208eec72db077cfd6cd224844260e565\Inkjet.DeviceSettings.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\2aa9cd8641dd01937191c2cbf2572f4b\Inkjet.Localization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\00125794f1181f15d252991c32be59e7\Inkjet.Utilities.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\80ed8e95369d2bea16616895b35771d6\Inkjet.Hardware.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll ()
MOD - C:\Program Files\NVIDIA Corporation\nView\nvShell.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\2060c6851428e508f673a0dfd819e5fb\Inkjet.Automation.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\313de9c18ccddcf244989ca8f29b1f97\Inkjet.Diagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\0664ade269ba04a1c292766bf6bdbfda\Inkjet.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\1e8aad9950f2993546a3be08455d86f0\Inkjet.Statistics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\OSD.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Program Files\AC3Filter\ac3filter.ax ()
MOD - C:\WINDOWS\system32\encdec.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\mpg2splt.ax ()
MOD - C:\WINDOWS\system32\vbicodec.ax ()
MOD - C:\Program Files\Sony\Sony TV Tuner Library\RM_SVps.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (SonicStageMonitoring) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-VideoServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe (Sony Corporation)
SRV - (Sony TVTA Manager) -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe (Sony Corporation)
SRV - (Sony TV Tuner Controller) -- C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe (Sony Corporation)
SRV - (Sony TV Tuner Manager) -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe (Sony Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (SASKUTIL) -- C:\DOCUME~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys File not found
DRV - (SASENUM) -- C:\DOCUME~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS File not found
DRV - (SASDIFSV) -- C:\DOCUME~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (regi) -- C:\WINDOWS\system32\drivers\regi.sys (InterVideo)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (MAUSBMP) Service for M-Audio Mobile Pre (WDM) -- C:\WINDOWS\system32\drivers\mausbmp.sys (Avid Technology, Inc.)
DRV - (KeyScrambler) -- C:\WINDOWS\system32\drivers\keyscrambler.sys (QFX Software Corporation)
DRV - (IrBus) -- C:\WINDOWS\system32\drivers\irbus.sys (Microsoft Corporation)
DRV - (SynasUSB) -- C:\WINDOWS\system32\drivers\synasUSB.sys (SIA Syncrosoft)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (smrt) -- C:\WINDOWS\system32\drivers\smrt.sys (Sony Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect...e=tb50winampie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2786678
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E ED 2D C6 41 97 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.mayanmaji...KIN/DT/DT.html"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 01:07:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/09 19:26:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/21 15:53:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/25 02:59:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 11:04:21 | 000,000,000 | ---D | M]

[2009/03/11 12:34:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Extensions
[2012/04/25 20:13:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions
[2010/04/28 06:09:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/20 01:23:35 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/10/23 20:54:41 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\[email protected]
[2010/09/17 10:41:48 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\personas@christopher(2).beard
[2011/11/30 12:27:50 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\searchplugins\conduit.xml
[2009/05/16 08:29:50 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\searchplugins\winamp-search.xml
[2012/02/27 01:33:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KEVIN HENRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GSYVKE5K.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/04/25 02:59:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/26 14:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009/06/08 10:29:07 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/06/08 10:29:08 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2011/11/08 07:05:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CreateCD_Reminder] C:\WINDOWS\SONYSYS\VAIO Recovery\Reminder.exe (Sony Electronics, Inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [Razer Mamba Driver] C:\Program Files\Razer\Mamba\RazerTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = File not found
O4 - Startup: C:\Documents and Settings\Kevin Henry\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Kevin Henry\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F404F644-4694-479F-AC41-3FBF53B21CAF}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/01 15:43:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/29 11:05:06 | 000,000,000 | ---D | M] - J:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/28 16:56:18 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin Henry\Desktop\OTL.exe
[2012/04/27 20:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/04/25 02:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/04/25 02:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/15 22:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft Beta
[2012/04/15 22:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft Beta
[2012/04/15 22:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2012/04/15 22:04:24 | 031,726,720 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\Kevin Henry\Desktop\World of Warcraft Beta Setup.exe
[2012/04/15 20:42:17 | 000,799,504 | ---- | C] (Solid State Networks) -- C:\Documents and Settings\Kevin Henry\Desktop\install_flashplayer10x32_mssd_aih.exe
[2012/04/14 18:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
[2012/04/14 18:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Start Menu\Programs\WinRAR
[2012/04/14 18:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2012/04/14 14:48:58 | 054,729,944 | ---- | C] (DivX, LLC) -- C:\Documents and Settings\Kevin Henry\Desktop\DivXInstaller.exe
[2012/04/02 14:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2012/04/02 14:07:04 | 000,876,864 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdagenco3220103.dll
[2012/04/02 14:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/10/26 16:46:06 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Kevin Henry\Application Data\pcouffin.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/28 16:56:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin Henry\Desktop\OTL.exe
[2012/04/28 16:46:44 | 000,088,735 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Desktop\294931_10150742098234823_6020654822_9778245_714324706_n.jpg
[2012/04/28 16:34:41 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/28 16:28:29 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2156851215-281014071-3479504740-1005.job
[2012/04/28 16:28:25 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/28 16:28:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/28 15:22:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/28 15:11:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/27 20:39:06 | 000,001,046 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Start Menu\Programs\Startup\Dropbox.lnk
[2012/04/26 22:15:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/25 01:46:01 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2156851215-281014071-3479504740-1005.job
[2012/04/23 21:51:50 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2012/04/23 21:22:50 | 000,001,989 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Desktop\T.jpg
[2012/04/16 01:01:27 | 000,095,232 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/15 22:23:40 | 000,043,173 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Desktop\grey-wolf_565_600x450.jpg
[2012/04/15 22:19:14 | 000,000,983 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft Beta.lnk
[2012/04/15 22:05:22 | 031,726,720 | ---- | M] (Blizzard Entertainment) -- C:\Documents and Settings\Kevin Henry\Desktop\World of Warcraft Beta Setup.exe
[2012/04/15 20:42:32 | 000,799,504 | ---- | M] (Solid State Networks) -- C:\Documents and Settings\Kevin Henry\Desktop\install_flashplayer10x32_mssd_aih.exe
[2012/04/14 18:31:02 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2012/04/14 18:31:02 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Desktop\DivX Movies.lnk
[2012/04/14 18:30:44 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2012/04/14 18:11:02 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/14 18:11:02 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/14 18:10:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/14 14:52:22 | 054,729,944 | ---- | M] (DivX, LLC) -- C:\Documents and Settings\Kevin Henry\Desktop\DivXInstaller.exe
[2012/04/12 03:07:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/12 03:03:50 | 000,471,628 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/12 03:03:50 | 000,083,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/02 14:09:47 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
[2012/04/02 14:09:18 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/04/02 14:09:18 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/04/02 14:09:01 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/03/31 15:35:45 | 000,010,412 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Desktop\ED2.jpg
[2012/03/31 15:35:40 | 000,012,359 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Desktop\ED3.jpg
[2012/03/31 15:35:12 | 000,011,466 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Desktop\ED.jpg
[2012/03/31 15:35:11 | 000,016,731 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Desktop\EDside.jpg
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/28 16:46:40 | 000,088,735 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Desktop\294931_10150742098234823_6020654822_9778245_714324706_n.jpg
[2012/04/23 21:22:50 | 000,001,989 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Desktop\T.jpg
[2012/04/15 22:23:38 | 000,043,173 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Desktop\grey-wolf_565_600x450.jpg
[2012/04/15 22:15:00 | 000,000,983 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft Beta.lnk
[2012/04/14 18:31:02 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Desktop\DivX Movies.lnk
[2012/04/14 18:30:44 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2012/04/14 18:30:17 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2012/04/02 14:06:53 | 000,007,843 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012/03/31 15:35:44 | 000,010,412 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Desktop\ED2.jpg
[2012/03/31 15:35:39 | 000,012,359 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Desktop\ED3.jpg
[2012/03/31 15:35:11 | 000,016,731 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Desktop\EDside.jpg
[2012/03/31 15:34:56 | 000,011,466 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Desktop\ED.jpg
[2012/02/14 21:59:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/09 18:20:44 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/10/26 16:46:06 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Application Data\pcouffin.cat
[2011/10/26 16:46:06 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Application Data\pcouffin.inf
[2011/10/23 01:49:09 | 000,287,582 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\census.cache
[2011/10/23 01:48:43 | 000,235,003 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\ars.cache
[2011/03/18 18:41:36 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Application Data\Profile1.dat
[2010/11/10 19:31:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/09 01:22:04 | 000,024,640 | ---- | C] () -- C:\Program Files\Common Files\security
[2010/09/01 13:32:21 | 000,046,112 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/02 20:28:35 | 000,004,040 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Application Data\Profile0.dat

< End of report >
  • 0

Advertisements

#2
Arboreal
Posted 29 April 2012 - 12:58 PM

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Okay, here is an update. I ran aswMBR, letting it update of course. It found something, Win32:Rootkit-gen [Rtk], not sure if I should hit the "FixMBR" button or not. Here is the aswMBR log below.


**********************


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2012-04-29 13:25:18
-----------------------------
13:25:18.953 OS Version: Windows 5.1.2600 Service Pack 3
13:25:18.953 Number of processors: 2 586 0x401
13:25:18.953 ComputerName: ITZAMNA UserName:
13:25:19.390 Initialize success
13:41:47.578 AVAST engine defs: 12042900
14:18:49.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-19
14:18:49.609 Disk 0 Vendor: WDC_WD2000JD-98HBB0 08.02D08 Size: 190782MB BusType: 3
14:18:51.625 Disk 0 MBR read successfully
14:18:51.625 Disk 0 MBR scan
14:18:51.843 Disk 0 unknown MBR code
14:18:51.843 Disk 0 scanning sectors +390716865
14:18:51.953 Disk 0 scanning C:\WINDOWS\system32\drivers
14:19:15.968 Service scanning
14:19:16.625 Service MpKsl062d198d C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC75A828-3950-4D52-8F9B-0F5572C70FF3}\MpKsl062d198d.sys **LOCKED** 32
14:19:17.328 Modules scanning
14:19:22.156 Disk 0 trace - called modules:
14:19:22.171 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:19:22.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af3eab8]
14:19:22.171 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000068[0x8af769a8]
14:19:22.171 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-19[0x8af0e940]
14:19:22.656 AVAST engine scan C:\WINDOWS
14:19:36.531 AVAST engine scan C:\WINDOWS\system32
14:23:30.546 AVAST engine scan C:\WINDOWS\system32\drivers
14:23:57.890 AVAST engine scan C:\Documents and Settings\Kevin Henry
14:28:43.578 File: C:\Documents and Settings\Kevin Henry\Desktop\OTL.exe **INFECTED** Win32:Rootkit-gen [Rtk]
14:31:35.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kevin Henry\Desktop\MBR.dat"
14:31:35.484 The log file has been saved successfully to "C:\Documents and Settings\Kevin Henry\Desktop\aswMBR.txt"


Any help would be greatly appreciated. Thanks. ( :
  • 0

#3
RKinner
Posted 29 April 2012 - 02:27 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
When you reply to your own post it takes it off the list of unreplied posts that we look at to decide what to work on. Better to Edit your original post.

I don't see anything in your log so let's see if we can find what is wrong:

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).


Ron
  • 0

#4
Arboreal
Posted 30 April 2012 - 12:42 AM

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Ok, thank you for the info on the threads & replies.

I accomplished the suggested steps, seems nothing is coming up as an infection. I am starting to think this is a roadrunner issue. After speaking with several local friends, I find out many are having reduced speed or complete outage of service in the past week. I'm wondering if this is a related issue. I called there support line and they claimed an area wide outage, then gave me an automated call back several hours later, saying the issue was resolved, yet my internet status remains the same. If you agree that it seems my pc is clean, I will be calling them to let them know the issue is not resolved and hopefully get to the bottom of this. Paying for 10g and getting 10m kinda sucks. Curious to know whats going on.

Below I will list the logs:


ComboFix 12-04-29.02 - Kevin Henry 04/29/2012 18:43:08.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2943.2117 [GMT -4:00]
Running from: c:\documents and settings\Kevin Henry\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\weave\toFetch
c:\windows\system32\urttemp
c:\windows\system32\urttemp\fusion.dll
c:\windows\system32\urttemp\mscoree.dll
c:\windows\system32\urttemp\mscoree.dll.local
c:\windows\system32\urttemp\mscorsn.dll
c:\windows\system32\urttemp\mscorwks.dll
c:\windows\system32\urttemp\msvcr71.dll
c:\windows\system32\urttemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-29 20:50 . 2012-04-29 20:50 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC75A828-3950-4D52-8F9B-0F5572C70FF3}\offreg.dll
2012-04-29 19:23 . 2012-04-29 19:23 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC75A828-3950-4D52-8F9B-0F5572C70FF3}\MpKslbab528d5.sys
2012-04-29 06:21 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC75A828-3950-4D52-8F9B-0F5572C70FF3}\mpengine.dll
2012-04-28 00:38 . 2012-04-28 00:38 -------- d-----w- c:\program files\Dropbox
2012-04-25 06:59 . 2012-04-25 06:59 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 06:59 . 2012-04-25 06:59 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 06:59 . 2012-04-25 06:59 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-16 02:14 . 2012-04-17 22:47 -------- d-----w- c:\program files\World of Warcraft Beta
2012-04-16 02:07 . 2012-04-16 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Battle.net
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-04-02 18:13 . 2012-04-02 18:13 -------- d-----w- c:\documents and settings\UpdatusUser
2012-04-02 18:07 . 2012-01-17 12:45 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-04-02 18:07 . 2012-04-02 18:07 -------- d-----w- c:\program files\Logitech
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 22:11 . 2012-02-22 23:20 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 22:11 . 2011-05-20 00:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 07:36 . 2011-02-19 21:45 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-04 19:56 . 2012-02-01 18:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 18:09 . 2011-11-04 02:08 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-03-01 11:01 . 2004-12-01 18:28 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-12-01 18:28 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-12-01 18:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 23:58 . 2011-11-09 22:20 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:58 . 2011-11-09 22:20 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:58 . 2009-02-27 18:49 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 23:58 . 2008-04-14 00:12 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 23:58 . 2002-01-10 00:47 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:58 . 2002-01-10 00:47 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 23:58 . 2002-01-10 00:47 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58 . 2002-01-10 00:47 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58 . 2002-01-10 00:47 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58 . 2002-01-10 00:47 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:58 . 2002-01-10 00:47 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 20:30 . 2011-01-08 00:56 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30 . 2011-01-08 00:56 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30 . 2011-01-08 00:56 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30 . 2011-01-08 00:56 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-29 20:30 . 2011-01-08 00:56 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 14:10 . 2004-12-01 18:28 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-12-01 18:28 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-12-01 18:28 385024 ------w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2004-12-01 18:28 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-02-19 21:45 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-25 06:59 . 2011-11-12 22:01 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-22 2744832]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-10-22 1310720]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" [2004-10-21 77824]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Razer Mamba Driver"="c:\program files\Razer\Mamba\RazerTray.exe" [2009-12-15 3278728]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-11-09 273528]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Kevin Henry\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\Dropbox.exe [2012-4-26 27264496]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force V-Bar.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Documents and Settings\\Kevin Henry\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.749\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.868\\Agent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"57568:TCP"= 57568:TCP:Pando Media Booster
"57568:UDP"= 57568:UDP:Pando Media Booster
.
R1 MpKslbab528d5;MpKslbab528d5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC75A828-3950-4D52-8F9B-0F5572C70FF3}\MpKslbab528d5.sys [4/29/2012 3:23 PM 29904]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [12/19/2011 5:32 PM 394672]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11/3/2011 10:07 PM 12184]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [4/2/2012 2:13 PM 2348352]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [5/24/2010 1:39 AM 632792]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [11/9/2011 7:29 PM 13880]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2/27/2009 4:13 PM 114024]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/9/2002 7:59 PM 123712]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2/22/2012 7:20 PM 253088]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MAUSBMP;Service for M-Audio Mobile Pre (WDM);c:\windows\system32\drivers\mausbmp.sys [8/12/2009 7:59 PM 154248]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 2:59 AM 129976]
S3 SASENUM;SASENUM;\??\c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [4/17/2009 2:35 PM 23288]
S4 gupdate1c99c256096fa40;Google Update Service (gupdate1c99c256096fa40);c:\program files\Google\Update\GoogleUpdate.exe [3/3/2009 1:27 PM 133104]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/3/2009 1:27 PM 133104]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLBAB528D5
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-22 22:11]
.
2012-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 17:27]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 17:27]
.
2012-04-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2012-04-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2156851215-281014071-3479504740-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 18:40]
.
2012-04-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2156851215-281014071-3479504740-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 18:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.mayanmajix.com/TZOLKIN/DT/DT.html
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-UVS12 Preload - c:\program files\Corel\Corel VideoStudio 12\uvPL.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-29 18:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2156851215-281014071-3479504740-1005\Software\SecuROM\License information*]
"datasecu"=hex:c8,10,ad,78,94,68,98,bd,31,f5,c7,ea,68,73,4a,31,8b,ba,9b,96,ee,
d4,9e,af,44,31,37,e1,2e,d8,9e,7e,47,b4,d4,be,3a,37,09,db,bb,5d,07,03,ec,2f,\
"rkeysecu"=hex:ac,99,07,cc,43,b8,3d,b2,37,2f,23,5d,5c,8e,d9,ff
.
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\DefaultPreset]
@DACL=(02 0000)
@="DV - NTSC\\Standard 48kHz.prpreset"
.
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\Help]
@DACL=(02 0000)
"Support"="http://www.adobe.com.../premiere.html"
"Search"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\search.html"
"Keyboard"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_21_0_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\0_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_19_2_0.html"
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Registration"="\"http://store.adobe.com/cgi-bin/WebObjects/WEC?pageID=RegMp1\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2012-04-29 18:53:10
ComboFix-quarantined-files.txt 2012-04-29 22:53
.
Pre-Run: 35,717,402,624 bytes free
Post-Run: 35,809,898,496 bytes free
.
- - End Of File - - 98BF7FA3A266094967C06A799DFFAA1B



*************************



18:58:57.0937 0280 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
18:58:59.0500 0280 ============================================================
18:58:59.0500 0280 Current date / time: 2012/04/29 18:58:59.0500
18:58:59.0500 0280 SystemInfo:
18:58:59.0500 0280
18:58:59.0500 0280 OS Version: 5.1.2600 ServicePack: 3.0
18:58:59.0500 0280 Product type: Workstation
18:58:59.0500 0280 ComputerName: ITZAMNA
18:58:59.0500 0280 UserName: Kevin Henry
18:58:59.0500 0280 Windows directory: C:\WINDOWS
18:58:59.0500 0280 System windows directory: C:\WINDOWS
18:58:59.0500 0280 Processor architecture: Intel x86
18:58:59.0500 0280 Number of processors: 2
18:58:59.0500 0280 Page size: 0x1000
18:58:59.0500 0280 Boot type: Normal boot
18:58:59.0500 0280 ============================================================
18:59:02.0078 0280 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:59:02.0140 0280 Drive \Device\Harddisk5\DR7 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:59:02.0218 0280 ============================================================
18:59:02.0218 0280 \Device\Harddisk0\DR0:
18:59:02.0218 0280 MBR partitions:
18:59:02.0218 0280 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xE00D12, BlocksNum 0x1669D0AF
18:59:02.0218 0280 \Device\Harddisk5\DR7:
18:59:02.0218 0280 MBR partitions:
18:59:02.0218 0280 \Device\Harddisk5\DR7\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A380D41
18:59:02.0218 0280 ============================================================
18:59:02.0234 0280 C: <-> \Device\Harddisk0\DR0\Partition0
18:59:02.0250 0280 J: <-> \Device\Harddisk5\DR7\Partition0
18:59:02.0250 0280 ============================================================
18:59:02.0250 0280 Initialize success
18:59:02.0250 0280 ============================================================
18:59:09.0578 1896 ============================================================
18:59:09.0578 1896 Scan started
18:59:09.0578 1896 Mode: Manual;
18:59:09.0578 1896 ============================================================
18:59:10.0859 1896 Abiosdsk - ok
18:59:10.0859 1896 abp480n5 - ok
18:59:11.0062 1896 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:59:11.0062 1896 ACDaemon - ok
18:59:11.0140 1896 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:59:11.0140 1896 ACPI - ok
18:59:11.0171 1896 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:59:11.0171 1896 ACPIEC - ok
18:59:11.0203 1896 Adobe LM Service (4bc381316f422f3a5d5a957d3aa2224e) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
18:59:11.0203 1896 Adobe LM Service - ok
18:59:11.0312 1896 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:59:11.0312 1896 AdobeFlashPlayerUpdateSvc - ok
18:59:11.0312 1896 adpu160m - ok
18:59:11.0343 1896 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:59:11.0343 1896 aec - ok
18:59:11.0390 1896 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
18:59:11.0390 1896 Afc - ok
18:59:11.0453 1896 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:59:11.0453 1896 AFD - ok
18:59:11.0546 1896 AgereSoftModem (f1beed4f73b9a37e6d30885a0851a1c1) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
18:59:11.0562 1896 AgereSoftModem - ok
18:59:11.0562 1896 Aha154x - ok
18:59:11.0578 1896 aic78u2 - ok
18:59:11.0578 1896 aic78xx - ok
18:59:11.0609 1896 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:59:11.0609 1896 Alerter - ok
18:59:11.0640 1896 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:59:11.0640 1896 ALG - ok
18:59:11.0640 1896 AliIde - ok
18:59:11.0656 1896 amsint - ok
18:59:11.0843 1896 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:59:11.0843 1896 Apple Mobile Device - ok
18:59:11.0890 1896 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:59:11.0890 1896 AppMgmt - ok
18:59:11.0953 1896 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:59:11.0953 1896 Arp1394 - ok
18:59:11.0953 1896 asc - ok
18:59:11.0968 1896 asc3350p - ok
18:59:11.0968 1896 asc3550 - ok
18:59:12.0140 1896 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:59:12.0140 1896 aspnet_state - ok
18:59:12.0156 1896 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:59:12.0156 1896 AsyncMac - ok
18:59:12.0187 1896 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:59:12.0187 1896 atapi - ok
18:59:12.0203 1896 Atdisk - ok
18:59:12.0250 1896 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:59:12.0250 1896 Atmarpc - ok
18:59:12.0296 1896 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:59:12.0296 1896 AudioSrv - ok
18:59:12.0359 1896 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:59:12.0359 1896 audstub - ok
18:59:12.0421 1896 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:59:12.0421 1896 Beep - ok
18:59:12.0453 1896 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:59:12.0453 1896 BITS - ok
18:59:12.0578 1896 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
18:59:12.0578 1896 Bonjour Service - ok
18:59:12.0593 1896 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:59:12.0593 1896 Browser - ok
18:59:12.0671 1896 btaudio (ecdc40cc54603c711e1a7a1c9255184a) C:\WINDOWS\system32\drivers\btaudio.sys
18:59:12.0671 1896 btaudio - ok
18:59:12.0765 1896 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
18:59:12.0765 1896 BTDriver - ok
18:59:12.0859 1896 BTKRNL (885b6d0f826a216eee4c3ad883809012) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
18:59:12.0859 1896 BTKRNL - ok
18:59:13.0046 1896 btwdins (49e9ed37faec5e8c03e81fd73d3884d6) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
18:59:13.0046 1896 btwdins - ok
18:59:13.0093 1896 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
18:59:13.0093 1896 BTWDNDIS - ok
18:59:13.0109 1896 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINDOWS\system32\DRIVERS\btwhid.sys
18:59:13.0109 1896 btwhid - ok
18:59:13.0140 1896 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
18:59:13.0140 1896 BTWUSB - ok
18:59:13.0328 1896 catchme - ok
18:59:13.0375 1896 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:59:13.0375 1896 cbidf2k - ok
18:59:13.0390 1896 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:59:13.0390 1896 CCDECODE - ok
18:59:13.0406 1896 cd20xrnt - ok
18:59:13.0453 1896 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:59:13.0453 1896 Cdaudio - ok
18:59:13.0453 1896 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:59:13.0468 1896 Cdfs - ok
18:59:13.0468 1896 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:59:13.0468 1896 Cdrom - ok
18:59:13.0484 1896 Changer - ok
18:59:13.0515 1896 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:59:13.0515 1896 CiSvc - ok
18:59:13.0531 1896 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:59:13.0531 1896 ClipSrv - ok
18:59:13.0703 1896 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:59:13.0703 1896 clr_optimization_v2.0.50727_32 - ok
18:59:13.0703 1896 CmdIde - ok
18:59:13.0718 1896 COMSysApp - ok
18:59:13.0734 1896 Cpqarray - ok
18:59:13.0765 1896 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:59:13.0765 1896 CryptSvc - ok
18:59:13.0765 1896 dac2w2k - ok
18:59:13.0781 1896 dac960nt - ok
18:59:13.0843 1896 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:59:13.0859 1896 DcomLaunch - ok
18:59:13.0875 1896 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:59:13.0875 1896 Dhcp - ok
18:59:13.0875 1896 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:59:13.0875 1896 Disk - ok
18:59:13.0890 1896 dmadmin - ok
18:59:13.0937 1896 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:59:13.0953 1896 dmboot - ok
18:59:13.0984 1896 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
18:59:13.0984 1896 DMICall - ok
18:59:14.0000 1896 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:59:14.0000 1896 dmio - ok
18:59:14.0031 1896 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:59:14.0031 1896 dmload - ok
18:59:14.0078 1896 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:59:14.0078 1896 dmserver - ok
18:59:14.0093 1896 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:59:14.0093 1896 DMusic - ok
18:59:14.0156 1896 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:59:14.0156 1896 Dnscache - ok
18:59:14.0203 1896 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:59:14.0203 1896 Dot3svc - ok
18:59:14.0218 1896 dpti2o - ok
18:59:14.0250 1896 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:59:14.0250 1896 drmkaud - ok
18:59:14.0312 1896 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:59:14.0312 1896 E100B - ok
18:59:14.0343 1896 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:59:14.0343 1896 EapHost - ok
18:59:14.0453 1896 ehRecvr (63f371f0248e3732a4821f86e6d0e370) C:\WINDOWS\eHome\ehRecvr.exe
18:59:14.0453 1896 ehRecvr - ok
18:59:14.0484 1896 ehSched (16910f8b482919bb6035ed053b691692) C:\WINDOWS\eHome\ehSched.exe
18:59:14.0484 1896 ehSched - ok
18:59:14.0484 1896 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:59:14.0500 1896 ERSvc - ok
18:59:14.0531 1896 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:59:14.0531 1896 Eventlog - ok
18:59:14.0609 1896 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:59:14.0609 1896 EventSystem - ok
18:59:14.0625 1896 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:59:14.0625 1896 Fastfat - ok
18:59:14.0703 1896 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:59:14.0703 1896 FastUserSwitchingCompatibility - ok
18:59:14.0718 1896 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:59:14.0718 1896 Fdc - ok
18:59:14.0718 1896 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:59:14.0718 1896 Fips - ok
18:59:14.0734 1896 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:59:14.0734 1896 Flpydisk - ok
18:59:14.0781 1896 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:59:14.0781 1896 FltMgr - ok
18:59:14.0937 1896 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:59:14.0937 1896 FontCache3.0.0.0 - ok
18:59:14.0953 1896 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:59:14.0968 1896 Fs_Rec - ok
18:59:15.0000 1896 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:59:15.0000 1896 Ftdisk - ok
18:59:15.0015 1896 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:59:15.0015 1896 Gpc - ok
18:59:15.0171 1896 gupdate1c99c256096fa40 - ok
18:59:15.0171 1896 gupdatem - ok
18:59:15.0203 1896 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys
18:59:15.0203 1896 HdAudAddService - ok
18:59:15.0250 1896 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:59:15.0250 1896 HDAudBus - ok
18:59:15.0328 1896 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:59:15.0328 1896 helpsvc - ok
18:59:15.0359 1896 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
18:59:15.0359 1896 HidIr - ok
18:59:15.0406 1896 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:59:15.0406 1896 HidServ - ok
18:59:15.0421 1896 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:59:15.0437 1896 HidUsb - ok
18:59:15.0484 1896 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:59:15.0484 1896 hkmsvc - ok
18:59:15.0484 1896 hpn - ok
18:59:15.0531 1896 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:59:15.0531 1896 HTTP - ok
18:59:15.0593 1896 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:59:15.0609 1896 HTTPFilter - ok
18:59:15.0609 1896 i2omgmt - ok
18:59:15.0609 1896 i2omp - ok
18:59:15.0687 1896 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:59:15.0687 1896 i8042prt - ok
18:59:15.0796 1896 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:59:15.0796 1896 idsvc - ok
18:59:15.0843 1896 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:59:15.0843 1896 Imapi - ok
18:59:15.0906 1896 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:59:15.0906 1896 ImapiService - ok
18:59:15.0921 1896 ini910u - ok
18:59:16.0062 1896 IntcAzAudAddService (1ed9ac45c69e650d4f12d1114132622b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:59:16.0078 1896 IntcAzAudAddService - ok
18:59:16.0187 1896 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:59:16.0187 1896 IntelIde - ok
18:59:16.0250 1896 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:59:16.0250 1896 intelppm - ok
18:59:16.0281 1896 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:59:16.0281 1896 Ip6Fw - ok
18:59:16.0312 1896 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:59:16.0312 1896 IpFilterDriver - ok
18:59:16.0328 1896 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:59:16.0328 1896 IpInIp - ok
18:59:16.0375 1896 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:59:16.0375 1896 IpNat - ok
18:59:16.0390 1896 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:59:16.0390 1896 IPSec - ok
18:59:16.0421 1896 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
18:59:16.0421 1896 IrBus - ok
18:59:16.0437 1896 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:59:16.0437 1896 IRENUM - ok
18:59:16.0453 1896 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:59:16.0453 1896 isapnp - ok
18:59:16.0500 1896 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:59:16.0500 1896 Kbdclass - ok
18:59:16.0500 1896 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:59:16.0515 1896 kbdhid - ok
18:59:16.0578 1896 KeyScrambler (53d9bd8bdf06d7e5fa2dab25afb659b0) C:\WINDOWS\system32\drivers\keyscrambler.sys
18:59:16.0578 1896 KeyScrambler - ok
18:59:16.0593 1896 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:59:16.0593 1896 kmixer - ok
18:59:16.0796 1896 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
18:59:16.0796 1896 Kodak AiO Network Discovery Service - ok
18:59:16.0875 1896 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:59:16.0875 1896 KSecDD - ok
18:59:16.0906 1896 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
18:59:16.0906 1896 L8042Kbd - ok
18:59:16.0937 1896 L8042mou (8a5993705add14352c9a279fa8338334) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
18:59:16.0937 1896 L8042mou - ok
18:59:16.0984 1896 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:59:16.0984 1896 lanmanserver - ok
18:59:17.0046 1896 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:59:17.0046 1896 lanmanworkstation - ok
18:59:17.0062 1896 Lavasoft Kernexplorer - ok
18:59:17.0093 1896 LBeepKE (be2dc24d403643a2d1d98f33c7087b38) C:\WINDOWS\system32\Drivers\LBeepKE.sys
18:59:17.0093 1896 LBeepKE - ok
18:59:17.0093 1896 lbrtfdc - ok
18:59:17.0218 1896 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:59:17.0218 1896 LBTServ - ok
18:59:17.0281 1896 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
18:59:17.0281 1896 LHidFilt - ok
18:59:17.0343 1896 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:59:17.0343 1896 LmHosts - ok
18:59:17.0359 1896 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
18:59:17.0359 1896 LMouFilt - ok
18:59:17.0406 1896 LMouKE (9837e55673818ecd8febb47f7f77521a) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
18:59:17.0406 1896 LMouKE - ok
18:59:17.0437 1896 MAUSBMP (793928d36645c82c118c2c56d986a298) C:\WINDOWS\system32\DRIVERS\mausbmp.sys
18:59:17.0437 1896 MAUSBMP - ok
18:59:17.0468 1896 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:59:17.0468 1896 Messenger - ok
18:59:17.0484 1896 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
18:59:17.0500 1896 MHN - ok
18:59:17.0515 1896 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
18:59:17.0515 1896 MHNDRV - ok
18:59:17.0546 1896 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:59:17.0546 1896 mnmdd - ok
18:59:17.0593 1896 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:59:17.0593 1896 mnmsrvc - ok
18:59:17.0625 1896 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:59:17.0625 1896 Modem - ok
18:59:17.0656 1896 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:59:17.0656 1896 MODEMCSA - ok
18:59:17.0687 1896 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:59:17.0687 1896 Mouclass - ok
18:59:17.0687 1896 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:59:17.0703 1896 mouhid - ok
18:59:17.0750 1896 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:59:17.0750 1896 MountMgr - ok
18:59:17.0781 1896 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:59:17.0781 1896 MozillaMaintenance - ok
18:59:17.0828 1896 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:59:17.0828 1896 MpFilter - ok
18:59:18.0078 1896 MpKslbab528d5 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC75A828-3950-4D52-8F9B-0F5572C70FF3}\MpKslbab528d5.sys
18:59:18.0078 1896 MpKslbab528d5 - ok
18:59:18.0093 1896 mraid35x - ok
18:59:18.0125 1896 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:59:18.0125 1896 MRxDAV - ok
18:59:18.0218 1896 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:59:18.0218 1896 MRxSmb - ok
18:59:18.0265 1896 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:59:18.0265 1896 MSDTC - ok
18:59:18.0296 1896 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:59:18.0296 1896 Msfs - ok
18:59:18.0296 1896 MSIServer - ok
18:59:18.0328 1896 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:59:18.0328 1896 MSKSSRV - ok
18:59:18.0421 1896 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
18:59:18.0421 1896 MsMpSvc - ok
18:59:18.0468 1896 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:59:18.0468 1896 MSPCLOCK - ok
18:59:18.0500 1896 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:59:18.0500 1896 MSPQM - ok
18:59:18.0515 1896 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:59:18.0515 1896 mssmbios - ok
18:59:18.0546 1896 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:59:18.0546 1896 MSTEE - ok
18:59:18.0593 1896 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:59:18.0593 1896 Mup - ok
18:59:18.0625 1896 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:59:18.0625 1896 NABTSFEC - ok
18:59:18.0671 1896 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:59:18.0671 1896 napagent - ok
18:59:18.0734 1896 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:59:18.0734 1896 NDIS - ok
18:59:18.0765 1896 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:59:18.0765 1896 NdisIP - ok
18:59:18.0812 1896 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:59:18.0812 1896 NdisTapi - ok
18:59:18.0828 1896 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:59:18.0828 1896 Ndisuio - ok
18:59:18.0843 1896 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:59:18.0843 1896 NdisWan - ok
18:59:18.0875 1896 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:59:18.0875 1896 NDProxy - ok
18:59:18.0890 1896 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:59:18.0890 1896 NetBIOS - ok
18:59:18.0906 1896 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:59:18.0906 1896 NetBT - ok
18:59:18.0953 1896 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:59:18.0953 1896 NetDDE - ok
18:59:18.0953 1896 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:59:18.0968 1896 NetDDEdsdm - ok
18:59:19.0000 1896 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:59:19.0000 1896 Netlogon - ok
18:59:19.0015 1896 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:59:19.0015 1896 Netman - ok
18:59:19.0140 1896 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:59:19.0140 1896 NetTcpPortSharing - ok
18:59:19.0171 1896 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:59:19.0171 1896 NIC1394 - ok
18:59:19.0250 1896 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:59:19.0250 1896 Nla - ok
18:59:19.0265 1896 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:59:19.0265 1896 Npfs - ok
18:59:19.0281 1896 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:59:19.0296 1896 Ntfs - ok
18:59:19.0296 1896 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:59:19.0296 1896 NtLmSsp - ok
18:59:19.0359 1896 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:59:19.0359 1896 NtmsSvc - ok
18:59:19.0406 1896 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:59:19.0406 1896 Null - ok
18:59:19.0937 1896 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:59:20.0015 1896 nv - ok
18:59:20.0156 1896 NVHDA (8eb410a64c86d51007687ee00bc2f912) C:\WINDOWS\system32\drivers\nvhda32.sys
18:59:20.0156 1896 NVHDA - ok
18:59:20.0218 1896 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
18:59:20.0218 1896 NVSvc - ok
18:59:20.0484 1896 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:59:20.0484 1896 nvUpdatusService - ok
18:59:20.0562 1896 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:59:20.0562 1896 NwlnkFlt - ok
18:59:20.0578 1896 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:59:20.0578 1896 NwlnkFwd - ok
18:59:20.0640 1896 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:59:20.0640 1896 ohci1394 - ok
18:59:20.0750 1896 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:59:20.0750 1896 ose - ok
18:59:20.0765 1896 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:59:20.0765 1896 Parport - ok
18:59:20.0765 1896 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:59:20.0765 1896 PartMgr - ok
18:59:20.0828 1896 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:59:20.0828 1896 ParVdm - ok
18:59:20.0843 1896 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:59:20.0843 1896 PCI - ok
18:59:20.0859 1896 PCIDump - ok
18:59:20.0890 1896 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:59:20.0890 1896 PCIIde - ok
18:59:20.0921 1896 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:59:20.0921 1896 Pcmcia - ok
18:59:20.0984 1896 PCToolsSSDMonitorSvc (984fcaf5834bdea232822ef5ca20ec4e) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
18:59:20.0984 1896 PCToolsSSDMonitorSvc - ok
18:59:21.0000 1896 PDCOMP - ok
18:59:21.0000 1896 PDFRAME - ok
18:59:21.0015 1896 PDRELI - ok
18:59:21.0015 1896 PDRFRAME - ok
18:59:21.0031 1896 perc2 - ok
18:59:21.0031 1896 perc2hib - ok
18:59:21.0109 1896 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:59:21.0109 1896 PlugPlay - ok
18:59:21.0171 1896 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:59:21.0171 1896 PolicyAgent - ok
18:59:21.0187 1896 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:59:21.0187 1896 PptpMiniport - ok
18:59:21.0187 1896 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:59:21.0203 1896 ProtectedStorage - ok
18:59:21.0203 1896 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:59:21.0203 1896 PSched - ok
18:59:21.0265 1896 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
18:59:21.0265 1896 PSI_SVC_2 - ok
18:59:21.0296 1896 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:59:21.0312 1896 Ptilink - ok
18:59:21.0312 1896 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:59:21.0312 1896 PxHelp20 - ok
18:59:21.0328 1896 ql1080 - ok
18:59:21.0328 1896 Ql10wnt - ok
18:59:21.0343 1896 ql12160 - ok
18:59:21.0343 1896 ql1240 - ok
18:59:21.0343 1896 ql1280 - ok
18:59:21.0406 1896 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:59:21.0421 1896 RasAcd - ok
18:59:21.0453 1896 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:59:21.0453 1896 RasAuto - ok
18:59:21.0484 1896 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:59:21.0484 1896 Rasl2tp - ok
18:59:21.0546 1896 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:59:21.0546 1896 RasMan - ok
18:59:21.0562 1896 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:59:21.0562 1896 RasPppoe - ok
18:59:21.0562 1896 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:59:21.0562 1896 Raspti - ok
18:59:21.0609 1896 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:59:21.0609 1896 Rdbss - ok
18:59:21.0656 1896 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:59:21.0671 1896 RDPCDD - ok
18:59:21.0687 1896 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:59:21.0687 1896 rdpdr - ok
18:59:21.0734 1896 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:59:21.0734 1896 RDPWD - ok
18:59:21.0750 1896 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:59:21.0765 1896 RDSessMgr - ok
18:59:21.0796 1896 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:59:21.0796 1896 redbook - ok
18:59:21.0859 1896 regi (24d3b49dab660a8b8afa40240e735e24) C:\WINDOWS\system32\drivers\regi.sys
18:59:21.0859 1896 regi - ok
18:59:21.0906 1896 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:59:21.0906 1896 RemoteAccess - ok
18:59:21.0937 1896 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:59:21.0937 1896 RemoteRegistry - ok
18:59:21.0984 1896 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:59:21.0984 1896 RpcLocator - ok
18:59:22.0031 1896 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:59:22.0031 1896 RpcSs - ok
18:59:22.0078 1896 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:59:22.0078 1896 RSVP - ok
18:59:22.0125 1896 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:59:22.0125 1896 rtl8139 - ok
18:59:22.0125 1896 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:59:22.0125 1896 SamSs - ok
18:59:22.0328 1896 SASDIFSV - ok
18:59:22.0343 1896 SASENUM - ok
18:59:22.0343 1896 SASKUTIL - ok
18:59:22.0359 1896 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:59:22.0359 1896 SCardSvr - ok
18:59:22.0406 1896 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:59:22.0406 1896 Schedule - ok
18:59:22.0453 1896 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:59:22.0453 1896 Secdrv - ok
18:59:22.0484 1896 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:59:22.0484 1896 seclogon - ok
18:59:22.0500 1896 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:59:22.0500 1896 SENS - ok
18:59:22.0515 1896 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
18:59:22.0515 1896 Serial - ok
18:59:22.0562 1896 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
18:59:22.0562 1896 Sfloppy - ok
18:59:22.0609 1896 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:59:22.0625 1896 SharedAccess - ok
18:59:22.0687 1896 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:59:22.0687 1896 ShellHWDetection - ok
18:59:22.0687 1896 Simbad - ok
18:59:22.0734 1896 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:59:22.0734 1896 SLIP - ok
18:59:22.0796 1896 smrt (27d6be8e961ab9df26ec5ce823b68b7f) C:\WINDOWS\system32\DRIVERS\smrt.sys
18:59:22.0796 1896 smrt - ok
18:59:22.0968 1896 SonicStageMonitoring (447af8ef9c114af75e252be2a4e9c4aa) C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
18:59:22.0968 1896 SonicStageMonitoring - ok
18:59:23.0093 1896 Sony TV Tuner Controller (cd1bea0cb0e96b828d225b106cbfb968) C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
18:59:23.0093 1896 Sony TV Tuner Controller - ok
18:59:23.0125 1896 Sony TV Tuner Manager (af35291f72f6cf0915765e44f1045305) C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
18:59:23.0125 1896 Sony TV Tuner Manager - ok
18:59:23.0156 1896 Sony TVTA Manager (efaaeed11aaf285435a0dcfe15047983) C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
18:59:23.0156 1896 Sony TVTA Manager - ok
18:59:23.0156 1896 Sparrow - ok
18:59:23.0218 1896 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:59:23.0218 1896 splitter - ok
18:59:23.0265 1896 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:59:23.0265 1896 Spooler - ok
18:59:23.0281 1896 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:59:23.0281 1896 sr - ok
18:59:23.0328 1896 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:59:23.0328 1896 srservice - ok
18:59:23.0421 1896 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:59:23.0421 1896 Srv - ok
18:59:23.0468 1896 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:59:23.0484 1896 SSDPSRV - ok
18:59:23.0546 1896 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:59:23.0546 1896 stisvc - ok
18:59:23.0578 1896 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:59:23.0578 1896 streamip - ok
18:59:23.0609 1896 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:59:23.0609 1896 swenum - ok
18:59:23.0625 1896 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:59:23.0625 1896 swmidi - ok
18:59:23.0640 1896 SwPrv - ok
18:59:23.0640 1896 symc810 - ok
18:59:23.0656 1896 symc8xx - ok
18:59:23.0656 1896 sym_hi - ok
18:59:23.0671 1896 sym_u3 - ok
18:59:23.0703 1896 SynasUSB (e46088b882e6315518630e249ddf958c) C:\WINDOWS\system32\drivers\SynasUSB.sys
18:59:23.0703 1896 SynasUSB - ok
18:59:23.0750 1896 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:59:23.0750 1896 sysaudio - ok
18:59:23.0781 1896 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:59:23.0781 1896 SysmonLog - ok
18:59:23.0812 1896 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:59:23.0828 1896 TapiSrv - ok
18:59:23.0890 1896 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:59:23.0890 1896 Tcpip - ok
18:59:23.0921 1896 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:59:23.0921 1896 TDPIPE - ok
18:59:23.0937 1896 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:59:23.0937 1896 TDTCP - ok
18:59:23.0968 1896 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:59:23.0968 1896 TermDD - ok
18:59:24.0000 1896 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:59:24.0015 1896 TermService - ok
18:59:24.0062 1896 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:59:24.0078 1896 Themes - ok
18:59:24.0125 1896 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:59:24.0125 1896 TlntSvr - ok
18:59:24.0125 1896 TosIde - ok
18:59:24.0171 1896 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:59:24.0171 1896 TrkWks - ok
18:59:24.0203 1896 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:59:24.0203 1896 Udfs - ok
18:59:24.0218 1896 ultra - ok
18:59:24.0234 1896 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
18:59:24.0250 1896 UMWdf - ok
18:59:24.0296 1896 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:59:24.0296 1896 Update - ok
18:59:24.0343 1896 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:59:24.0343 1896 upnphost - ok
18:59:24.0359 1896 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:59:24.0359 1896 UPS - ok
18:59:24.0390 1896 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:59:24.0406 1896 USBAAPL - ok
18:59:24.0421 1896 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:59:24.0421 1896 usbaudio - ok
18:59:24.0453 1896 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:59:24.0453 1896 usbccgp - ok
18:59:24.0468 1896 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:59:24.0468 1896 usbehci - ok
18:59:24.0484 1896 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:59:24.0484 1896 usbhub - ok
18:59:24.0515 1896 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:59:24.0515 1896 usbprint - ok
18:59:24.0531 1896 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:59:24.0531 1896 usbscan - ok
18:59:24.0562 1896 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
18:59:24.0562 1896 usbser - ok
18:59:24.0593 1896 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:59:24.0609 1896 usbstor - ok
18:59:24.0625 1896 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:59:24.0625 1896 usbuhci - ok
18:59:24.0828 1896 VAIO Entertainment TV Device Arbitration Service (047eb1a2f1e591e8892dce24e9392a90) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
18:59:24.0828 1896 VAIO Entertainment TV Device Arbitration Service - ok
18:59:25.0031 1896 VAIOMediaPlatform-IntegratedServer-AppServer (9ba7faedc9d45e0d6641b87406e8ba1b) C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
18:59:25.0046 1896 VAIOMediaPlatform-IntegratedServer-AppServer - ok
18:59:25.0078 1896 VAIOMediaPlatform-IntegratedServer-HTTP (f557abec44df2969fdf9d651c4b484b4) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
18:59:25.0078 1896 VAIOMediaPlatform-IntegratedServer-HTTP - ok
18:59:25.0125 1896 VAIOMediaPlatform-IntegratedServer-UPnP (15b2da6e153cc25d1555723894af7c45) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
18:59:25.0125 1896 VAIOMediaPlatform-IntegratedServer-UPnP - ok
18:59:25.0218 1896 VAIOMediaPlatform-VideoServer-AppServer (e676a2c17581d84cf739e2785e5e760b) C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
18:59:25.0218 1896 VAIOMediaPlatform-VideoServer-AppServer - ok
18:59:25.0234 1896 VAIOMediaPlatform-VideoServer-HTTP (f557abec44df2969fdf9d651c4b484b4) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
18:59:25.0234 1896 VAIOMediaPlatform-VideoServer-HTTP - ok
18:59:25.0265 1896 VAIOMediaPlatform-VideoServer-UPnP (15b2da6e153cc25d1555723894af7c45) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
18:59:25.0281 1896 VAIOMediaPlatform-VideoServer-UPnP - ok
18:59:25.0359 1896 Vcsw - ok
18:59:25.0515 1896 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:59:25.0515 1896 VgaSave - ok
18:59:25.0531 1896 ViaIde - ok
18:59:25.0546 1896 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:59:25.0546 1896 VolSnap - ok
18:59:25.0593 1896 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:59:25.0593 1896 VSS - ok
18:59:25.0656 1896 VzCdbSvc (15dda77e434484e6b5b4d0b60efe76ed) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
18:59:25.0656 1896 VzCdbSvc - ok
18:59:25.0656 1896 VzFw (0e362e517afeb0669bd473315be3cde5) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
18:59:25.0656 1896 VzFw - ok
18:59:25.0750 1896 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:59:25.0750 1896 W32Time - ok
18:59:25.0765 1896 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:59:25.0765 1896 Wanarp - ok
18:59:25.0843 1896 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:59:25.0843 1896 Wdf01000 - ok
18:59:25.0859 1896 WDICA - ok
18:59:25.0921 1896 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:59:25.0921 1896 wdmaud - ok
18:59:25.0937 1896 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:59:25.0953 1896 WebClient - ok
18:59:26.0015 1896 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:59:26.0015 1896 winmgmt - ok
18:59:26.0062 1896 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
18:59:26.0062 1896 WmdmPmSN - ok
18:59:26.0125 1896 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:59:26.0125 1896 Wmi - ok
18:59:26.0171 1896 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:59:26.0171 1896 WmiApSrv - ok
18:59:26.0187 1896 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
18:59:26.0187 1896 WpdUsb - ok
18:59:26.0218 1896 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:59:26.0218 1896 WS2IFSL - ok
18:59:26.0265 1896 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:59:26.0265 1896 wscsvc - ok
18:59:26.0312 1896 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:59:26.0312 1896 WSTCODEC - ok
18:59:26.0343 1896 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:59:26.0343 1896 wuauserv - ok
18:59:26.0421 1896 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:59:26.0437 1896 WZCSVC - ok
18:59:26.0468 1896 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:59:26.0484 1896 xmlprov - ok
18:59:26.0500 1896 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\WINDOWS\system32\DRIVERS\xusb21.sys
18:59:26.0500 1896 xusb21 - ok
18:59:26.0531 1896 MBR (0x1B8) (d1c93f13a2f67a018e30276e471b64a4) \Device\Harddisk0\DR0
18:59:26.0734 1896 \Device\Harddisk0\DR0 - ok
18:59:26.0750 1896 MBR (0x1B8) (988d3c46cbd13ec7f482b833c55264c8) \Device\Harddisk5\DR7
18:59:26.0750 1896 \Device\Harddisk5\DR7 - ok
18:59:26.0750 1896 Boot (0x1200) (4d7a898de8f1ac3b79b46bd340e38edf) \Device\Harddisk0\DR0\Partition0
18:59:26.0750 1896 \Device\Harddisk0\DR0\Partition0 - ok
18:59:26.0765 1896 Boot (0x1200) (d9c4ff3db33b9137b173faa838659512) \Device\Harddisk5\DR7\Partition0
18:59:26.0765 1896 \Device\Harddisk5\DR7\Partition0 - ok
18:59:26.0765 1896 ============================================================
18:59:26.0765 1896 Scan finished
18:59:26.0765 1896 ============================================================
18:59:26.0781 0284 Detected object count: 0
18:59:26.0781 0284 Actual detected object count: 0




*******************



aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2012-04-29 15:23:14
-----------------------------
15:23:15.000 OS Version: Windows 5.1.2600 Service Pack 3
15:23:15.000 Number of processors: 2 586 0x401
15:23:15.000 ComputerName: ITZAMNA UserName:
15:23:56.468 Initialize success
15:24:28.906 AVAST engine defs: 12042900
15:24:35.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-19
15:24:35.234 Disk 0 Vendor: WDC_WD2000JD-98HBB0 08.02D08 Size: 190782MB BusType: 3
15:24:37.250 Disk 0 MBR read successfully
15:24:37.250 Disk 0 MBR scan
15:24:37.281 Disk 0 Windows XP default MBR code
15:24:37.281 Disk 0 scanning sectors +390716865
15:24:37.406 Disk 0 scanning C:\WINDOWS\system32\drivers
15:25:01.578 Service scanning
15:25:02.203 Service MpKslbab528d5 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC75A828-3950-4D52-8F9B-0F5572C70FF3}\MpKslbab528d5.sys **LOCKED** 32
15:25:02.906 Modules scanning
15:25:08.406 Disk 0 trace - called modules:
15:25:08.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:25:08.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af3eab8]
15:25:08.437 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000068[0x8af769a8]
15:25:08.437 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-19[0x8af0e940]
15:25:09.015 AVAST engine scan C:\WINDOWS
15:25:23.203 AVAST engine scan C:\WINDOWS\system32
15:29:21.890 AVAST engine scan C:\WINDOWS\system32\drivers
15:29:49.093 AVAST engine scan C:\Documents and Settings\Kevin Henry
15:34:39.890 File: C:\Documents and Settings\Kevin Henry\Desktop\OTL.exe **INFECTED** Win32:Rootkit-gen [Rtk]
15:44:47.000 Verifying
15:44:57.046 Disk 0 Windows 501 MBR fixed successfully
15:54:23.906 AVAST engine scan C:\Documents and Settings\All Users
16:02:33.796 Scan finished successfully
16:26:32.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kevin Henry\Desktop\MBR.dat"
16:26:32.078 The log file has been saved successfully to "C:\Documents and Settings\Kevin Henry\Desktop\2 aswMBR.txt"




*******************



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.30.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kevin Henry :: ITZAMNA [administrator]

4/30/2012 2:10:38 AM
mbam-log-2012-04-30 (02-10-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240608
Time elapsed: 6 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



**************



QuickScan 32-bit v0.9.9.114
---------------------------
Scan date: Mon Apr 30 02:18:45 2012
Machine ID: CC528ECC

C:\WINDOWS\system32\ivireg.ivr - could not be scanned


No infection found.
-------------------



Processes
---------
DivX Player 2896 C:\Program Files\DivX\DivX Plus Player\DivX Plus Player.exe
Microsoft® Windows® Operating System 3272 C:\WINDOWS\system32\wscntfy.exe
(unsigned) FileHippo.com Update Checker 2672 C:\Program Files\FileHippo.com\UpdateChecker.exe

(verified) ArcSoft Connect 1864 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(verified) Bluetooth Software 1220 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(verified) Bonjour 1952 C:\Program Files\Bonjour\mDNSResponder.exe
(verified) DivX Update 2328 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(verified) Dropbox 2844 C:\Documents and Settings\Kevin Henry\Application Data\Dropbox\bin\Dropbox.exe
(verified) EKAiOHostService Module 2028 C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(verified) Firefox 4064 C:\Program Files\Mozilla Firefox\firefox.exe
(verified) Firefox 4152 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Giga Pocket 3384 C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
(verified) KODAK AiO Printer Driver 1372 C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
(verified) Logitech SetPoint 2548 C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(verified) Logitech SetPoint 2404 C:\Program Files\Logitech\SetPointP\SetPoint.exe
(verified) Microsoft Malware Protection 1160 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(verified) Microsoft Security Client 1976 C:\Program Files\Microsoft Security Client\msseces.exe
(verified) Microsoft® Windows® Operating System 3488 C:\WINDOWS\ehome\ehmsas.exe
(verified) Microsoft® Windows® Operating System 1984 C:\WINDOWS\ehome\ehRecvr.exe
(verified) Microsoft® Windows® Operating System 2000 C:\WINDOWS\ehome\ehSched.exe
(verified) Microsoft® Windows® Operating System 1296 C:\WINDOWS\ehome\ehtray.exe
(verified) Microsoft® Windows® Operating System 1856 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 3632 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 768 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 3004 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 3512 C:\WINDOWS\system32\dllhost.exe
(verified) Microsoft® Windows® Operating System 848 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 932 C:\WINDOWS\system32\notepad.exe
(verified) Microsoft® Windows® Operating System 2468 C:\WINDOWS\system32\rundll32.exe
(verified) Microsoft® Windows® Operating System 836 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 712 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1548 C:\WINDOWS\system32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 1120 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1024 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1196 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 644 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1388 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1464 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1676 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 728 C:\WINDOWS\system32\wdfmgr.exe
(verified) Microsoft® Windows® Operating System 792 C:\WINDOWS\system32\winlogon.exe
(verified) Microsoft® Windows® Operating System 944 C:\WINDOWS\system32\wuauclt.exe
(verified) MobileDeviceService 1888 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(verified) NVIDIA Driver Helper Service, Version 2 280 C:\WINDOWS\system32\nvsvc32.exe
(verified) NVIDIA Update Components 400 C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(verified) PsiService System Service 528 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(verified) Razer Mamba Driver 2056 C:\Program Files\Razer\Mamba\RazerTray.exe
(verified) RealPlayer (32-bit) 2184 C:\Program Files\Real\RealPlayer\Update\realsched.exe
(verified) Realtek HD Sound Manager 1628 C:\WINDOWS\SOUNDMAN.EXE
(verified) SonicStageMonitoring Module 580 C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
(verified) Sony TV Tuner Library 608 C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
(verified) StartMan Application 480 C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
(verified) VAIO Entertainment 1056 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(verified) VAIO Entertainment 1880 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(verified) VAIO Entertainment 2224 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe


Network activity
----------------
Process Dropbox.exe (2844) connected on port 80 (HTTP) --> 199.47.216.144
Process firefox.exe (4064) connected on port 80 (HTTP) --> 74.125.226.238
Process firefox.exe (4064) connected on port 80 (HTTP) --> 23.64.255.139
Process firefox.exe (4064) connected on port 80 (HTTP) --> 24.24.52.139
Process firefox.exe (4064) connected on port 80 (HTTP) --> 74.125.226.238
Process firefox.exe (4064) connected on port 443 (HTTP over SSL) --> 72.14.204.95
Process firefox.exe (4064) connected on port 80 (HTTP) --> 63.108.88.105
Process firefox.exe (4064) connected on port 80 (HTTP) --> 173.194.73.147
Process firefox.exe (4064) connected on port 80 (HTTP) --> 63.108.88.105

Process VCSW.exe (1056) listens on ports: 51493
Process svchost.exe (1120) listens on ports: 135 (RPC)
Process EKAiOHostService.exe (2028) listens on ports: 9322
Process Dropbox.exe (2844) listens on ports: 17500


Autoruns and critical files
---------------------------
Malwarebytes Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(unsigned) FileHippo.com Update Checker C:\Program Files\FileHippo.com\UpdateChecker.exe
(unsigned) QuickTime C:\Program Files\QuickTime\QTTask.exe

(verified) Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(verified) Adobe® Flash® Player Update Service C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
(verified) ALCWZRD C:\WINDOWS\ALCWZRD.EXE
(verified) Apple Push C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(verified) Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
(verified) DivX Update C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(verified) Dropbox C:\Documents and Settings\Kevin Henry\Application Data\Dropbox\bin\Dropbox.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) KODAK AiO Printer Driver C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
(verified) Logitech SetPoint c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
(verified) Logitech SetPoint C:\Program Files\Logitech\SetPointP\SetPoint.exe
(verified) Microsoft Malware Protection C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
(verified) Microsoft Security Client C:\Program Files\Microsoft Security Client\msseces.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\ehome\ehtray.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\conime.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\HDAudPropShortcut.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\nature.scr
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
(verified) NVIDIA Media Center Library C:\WINDOWS\system32\NvMCTray.dll
(verified) NVIDIA Windows Display driver, Version C:\WINDOWS\system32\NvCpl.dll
(verified) nwiz.exe C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
(verified) Razer Mamba Driver C:\Program Files\Razer\Mamba\RazerTray.exe
(verified) RealPlayer (32-bit) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(verified) Realtek HD Sound Manager C:\WINDOWS\SOUNDMAN.EXE
(verified) RealUpgrade C:\Program Files\Real\RealUpgrade\realupgrade.exe
(verified) Reminder Application C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
(unsigned) Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
(unsigned) RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
(unsigned) RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
(unsigned) RealNetworks™ Chrome Background Exte C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
(unsigned) RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
(unsigned) RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
(unsigned) RealPlayer™ HTML5VideoShim Plug-In ( C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
(unsigned) WeCareReminder c:\documents and settings\all users\application data\wecarereminder\iehelperv2.5.0.dll
(unsigned) Winamp Application Detector C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
(verified) Bitdefender QuickScan C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verified) Conduit Toolbar c:\program files\utorrentbar\prxtbuto0.dll
(verified) DivX Player Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
(verified) DivX Plus Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
(verified) DivX Plus Web Player HTML5 <video> c:\program files\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll
(verified) DivX VOD Helper Plug-in C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
(verified) Logitech Device Detection C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll
(verified) Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
(verified) Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
(verified) NPSWF32_11_2_202_233.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
(verified) Pando Web Plugin C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
(verified) RealPlayer Download and Record Plugin c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
(verified) RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
(verified) RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
(verified) Silverlight Plug-In c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
(verified) Windows Genuine Advantage C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
(verified) Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll


Scan
----
MD5: ffbc753853d0dc6fae5494864553c833 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
MD5: 405c0112d5a83d06d1278df1a76488b3 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
MD5: 09051ec0e81400da690ef54b7997c630 c:\documents and settings\all users\application data\wecarereminder\iehelperv2.5.0.dll
MD5: 70f4ab758f44086243638879bce2f1de C:\Program Files\Common Files\DivX Shared\Qt4.5\phonon4.dll
MD5: 6b12c37799220bc519c4449e1b32c577 C:\Program Files\Common Files\DivX Shared\Qt4.5\plugins\codecs\qcncodecs4.dll
MD5: 471d046bfe8ea3705cf20edcdf4c76c7 C:\Program Files\Common Files\DivX Shared\Qt4.5\plugins\codecs\qjpcodecs4.dll
MD5: 8ed752b58530f5fb341bd2e77eab063e C:\Program Files\Common Files\DivX Shared\Qt4.5\plugins\codecs\qkrcodecs4.dll
MD5: 70b1aaf8823518c001da29b6b87d57a6 C:\Program Files\Common Files\DivX Shared\Qt4.5\plugins\codecs\qtwcodecs4.dll
MD5: 31f27bc6af6748b1ca3c0a637b528e1f C:\Program Files\Common Files\DivX Shared\Qt4.5\plugins\imageformats\qgif4.dll
MD5: 8bee61fbd93760da0e2dbe5116d084e6 C:\Program Files\Common Files\DivX Shared\Qt4.5\plugins\imageformats\qico4.dll
MD5: 31c514e1b5111ec9ff1dfbe55e64fd07 C:\Program Files\Common Files\DivX Shared\Qt4.5\plugins\imageformats\qjpeg4.dll
MD5: a1cd7c64fce3a3a584c30533756bb63e C:\Program Files\Common Files\DivX Shared\Qt4.5\plugins\imageformats\qtiff4.dll
MD5: 7e390e94c553c349a275b1f3daa03310 C:\Program Files\Common Files\DivX Shared\Qt4.5\plugins\sqldrivers\qsqlite4.dll
MD5: 5298ed7c7c56a683edcc2a8aa1a4c475 C:\Program Files\Common Files\DivX Shared\Qt4.5\QtCore4.dll
MD5: 778d6adba6d49578ea45f600daf4687b C:\Program Files\Common Files\DivX Shared\Qt4.5\QtGui4.dll
MD5: 9d18c01db929e266bef674baf05327f7 C:\Program Files\Common Files\DivX Shared\Qt4.5\QtNetwork4.dll
MD5: bfd666d51ca5ea1e70be3f3d09d28cb8 C:\Program Files\Common Files\DivX Shared\Qt4.5\QtSql4.dll
MD5: 5a5fc4fa40022880ce4096146d4a8a5d C:\Program Files\Common Files\DivX Shared\Qt4.5\QtWebKit4.dll
MD5: 5224a38c683179246bc5b5a07ba04ca4 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\sonyuppc.dll
MD5: d043c883e81bf37d94940557d0363d25 C:\Program Files\DivX\DivX Codec\DivXDec.ax
MD5: 5975ee98ca0278efab66bb17a1dc1831 C:\Program Files\DivX\DivX Plus Player\DivX Plus Player.dll
MD5: cc55091c1030666ca62753a55dcb1dcf C:\Program Files\DivX\DivX Plus Player\DivX Plus Player.exe
MD5: 840ff7750f8ebeeb4ae9912e7598f73a C:\Program Files\DivX\DivX Plus Player\divx_icuuc40.dll
MD5: 8e8722043107606da027e7d07667dd26 C:\Program Files\DivX\DivX Plus Player\divx_LIBEAY32.dll
MD5: 55c1d86de5c130d728d94a68909ab6d5 C:\Program Files\DivX\DivX Plus Player\divx_SSLEAY32.dll
MD5: d5549a4a4661da22c741a34e06318e0c C:\Program Files\DivX\DivX Plus Player\DPB3.dll
MD5: 3ede2f36f4f6fcc0cb41d238dc0ec73c C:\Program Files\DivX\DivX Plus Player\dpl100.dll
MD5: c08575c67ab4a2bf2735689baaed701a C:\Program Files\DivX\DivX Plus Player\DPXLibrary.dll
MD5: 5d99518adc793cdbabaa8178b7f4df6d C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll
MD5: a716b8b66d93cb97b2bca376e3a9809d C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll
MD5: a53685f983b813e3f5e925329f53daa3 C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll
MD5: 708b87f227e33c62ad59f6e36cfbcdb9 C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll
MD5: d69b7a9514379b13717b574e4a5232f7 C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll
MD5: 6822f47de728aa79134823ce843fec49 C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll
MD5: f49deb7847333c671d9ebf2def29e996 C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll
MD5: 8a7982ce18ae1ef238a99ef85fc12d49 C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXASPDecode.dll
MD5: d52d27e163fb96d55e1395efe1a02ed3 C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll
MD5: 7f273e2e6181c44c0050de6009d3c283 C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll
MD5: 1d2b1e61d171d1c7d52e3e2468b40ab6 C:\Program Files\DivX\DivX Plus Player\DSEPlugins\MP3SurroundDecode.dll
MD5: 20fe90b37c89f9e7d6453a4dd95f17e2 C:\Program Files\DivX\DivX Plus Player\DSEPlugins\XA2AudioOutput.dll
MD5: ca9c25c29c32881d0f75b0578a1d39c8 C:\Program Files\DivX\DivX Plus Player\icudt40.dll
MD5: 3484bfaee75cae219d4515d7a87238b7 C:\Program Files\DivX\DivX Plus Player\libxml2.dll
MD5: 3d0a2cb20ef05f32d8116bdf52c34d6b C:\Program Files\FileHippo.com\UpdateChecker.exe
MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 1b82bcf0b8f9228b39f75b0dfa079a21 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: 52adf2256e4df1f2837270617ba27b3c C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
MD5: 03b65f4a482da5bcb6f43d12cc51475a C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
MD5: f6a25814f6d9df2c2c14189bf7231258 C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
MD5: af43c4f7f3c8bc95dad95024f96cdc4a C:\Program Files\QuickTime\QTTask.exe
MD5: 52adf2256e4df1f2837270617ba27b3c C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
MD5: 03b65f4a482da5bcb6f43d12cc51475a C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
MD5: e676a2c17581d84cf739e2785e5e760b C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
MD5: 9ba7faedc9d45e0d6641b87406e8ba1b C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
MD5: 3566fb21da0140e114609a38e99a2fb3 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\2060c6851428e508f673a0dfd819e5fb\Inkjet.Automation.ni.dll
MD5: b4f2ca01474684162c3b002bbb6ab50e C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\0664ade269ba04a1c292766bf6bdbfda\Inkjet.Configuration.ni.dll
MD5: a17620a38e7b904d4dd4a75d2695a5bf C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\208eec72db077cfd6cd224844260e565\Inkjet.DeviceSettings.ni.dll
MD5: bec384990e44836d1ea67477cbe64bf8 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\313de9c18ccddcf244989ca8f29b1f97\Inkjet.Diagnostics.ni.dll
MD5: 07ab4603974f7f6084dc6af073091059 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\80ed8e95369d2bea16616895b35771d6\Inkjet.Hardware.ni.dll
MD5: f06ab136ea4248cd12b6220895124486 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\2aa9cd8641dd01937191c2cbf2572f4b\Inkjet.Localization.ni.dll
MD5: 9cb94924a724eaf4ec89ee1a070cb474 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\1e8aad9950f2993546a3be08455d86f0\Inkjet.Statistics.ni.dll
MD5: 16337ee4308c042bced8b72098178ee0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\00125794f1181f15d252991c32be59e7\Inkjet.Utilities.ni.dll
MD5: 26f1623e2aa348a7a58780ab3e3a02b3 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c\Microsoft.VisualBasic.ni.dll
MD5: 516fd7927172bbbe2d335ea94d816b9e C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MD5: 03268a21932cbfe164e750944f63c63a C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MD5: 5c0a34fcee772bc77a62ed829bf992b5 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
MD5: 463d14a1dfd16282844c7d40744209c9 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
MD5: 140929970bb7c4aadf533a4a8d617b27 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
MD5: 68ce34d6b2449eba81f5bd38e2515598 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
MD5: 01d92f377f7afa834b4a3be41a28fd17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MD5: 3943907a519731f925511e75db92e6f4 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MD5: 14d7cb7ddf3cc8f4824b2e51b6a378d3 C:\WINDOWS\system32\nvoglnt.dll
MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe
MD5: e684c5fa18adf9ea14737757413bf727 C:\WINDOWS\system32\XAudio2_4.dll


No file uploaded.

Scan finished - communication took 4 sec
Total traffic - 0.00 MB sent, 0.31 KB recvd
Scanned 803 files and modules - 52 seconds

==============================================================================



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f2042f80e3792b429eed52ee66bd4e0d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-31 01:18:24
# local_time=2011-10-30 09:18:24 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 22118954 22118954 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776533 42 87 0 15937836 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=184109
# found=6
# cleaned=6
# scan_time=17338
C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\dmnillpmkimgklmdcmaeljjhhpoehdje\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8CF4D3C9-A44D-4F6E-8C86-DBA5BFC36BC5}\RP284\A0071972.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8CF4D3C9-A44D-4F6E-8C86-DBA5BFC36BC5}\RP284\A0071974.dll a variant of Win32/Kryptik.UQZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
J:\Torrents\Azureus Downloads\VST & VSTi Plugins\VSTi\Tone2 Firebird 1.2.1 VSTi\Tone2 Firebird 1.2.1 (Keygen).exe a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
J:\Torrents\VST & VSTi Plugins\VSTi\Tone2 Firebird 1.2.1 VSTi\Tone2 Firebird 1.2.1 (Keygen).exe a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
J:\pc\My Music\VST & VSTi Plugins\VSTi\Tone2 Firebird 1.2.1 VSTi\Tone2 Firebird 1.2.1 (Keygen).exe a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f2042f80e3792b429eed52ee66bd4e0d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-30 05:38:15
# local_time=2012-04-30 01:38:15 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 37864925 37864925 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776869 42 87 0 31683807 0 0
# compatibility_mode=8192 67108863 100 0 15659810 15659810 0 0
# scanned=173773
# found=0
# cleaned=0
# scan_time=11758




Thanks,

Kevin
  • 0

#5
RKinner
Posted 30 April 2012 - 01:26 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
ESET did find a few.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute for things to settle down.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Go to http://www.speedtest.net/ and click on Begin Test

When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v
  • 0

#6
Arboreal
Posted 30 April 2012 - 04:27 PM

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Well I called time warner again today, they now claim my modem is showing multiple errors. Saturday it was clean, now their story changed. Not sure what the story is, so a tech is coming out tomorrow to help get to the bottom of it. The whole thing has been the weirdest customer support I have ever received from their company, usually they are on point.

Here are the logs:




Vino's Event Viewer v01c run on Windows XP in English
Report run at 30/04/2012 2:16:48 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/04/2012 12:28:48 PM
Type: error Category: 0
Event: 1002 Source: Dhcp
The IP address lease 192.168.1.100 for the Network Card with network address 0008544917A6 has been denied by the DHCP server 24.24.29.157 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 30/04/2012 3:33:06 AM
Type: error Category: 0
Event: 1002 Source: Dhcp
The IP address lease 24.93.29.155 for the Network Card with network address 0008544917A6 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 29/04/2012 9:24:01 PM
Type: error Category: 0
Event: 1000 Source: Dhcp
Your computer has lost the lease to its IP address 192.168.100.10 on the Network Card with network address 0008544917A6.

Log: 'System' Date/Time: 29/04/2012 12:44:15 PM
Type: error Category: 0
Event: 1000 Source: Dhcp
Your computer has lost the lease to its IP address 192.168.100.10 on the Network Card with network address 0008544917A6.

Log: 'System' Date/Time: 29/04/2012 12:42:47 PM
Type: error Category: 0
Event: 1000 Source: Dhcp
Your computer has lost the lease to its IP address 192.168.100.10 on the Network Card with network address 0008544917A6.

Log: 'System' Date/Time: 28/04/2012 4:30:10 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 28/04/2012 4:30:10 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Log: 'System' Date/Time: 28/04/2012 4:30:10 PM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Log: 'System' Date/Time: 27/04/2012 8:08:17 PM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Log: 'System' Date/Time: 27/04/2012 3:06:46 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 27/04/2012 3:06:45 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Log: 'System' Date/Time: 27/04/2012 3:06:44 PM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Log: 'System' Date/Time: 26/04/2012 6:31:32 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 26/04/2012 6:31:32 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Log: 'System' Date/Time: 26/04/2012 6:31:32 PM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Log: 'System' Date/Time: 26/04/2012 6:29:49 PM
Type: error Category: 0
Event: 1000 Source: Dhcp
Your computer has lost the lease to its IP address 192.168.100.10 on the Network Card with network address 0008544917A6.

Log: 'System' Date/Time: 26/04/2012 8:38:11 AM
Type: error Category: 0
Event: 1000 Source: Dhcp
Your computer has lost the lease to its IP address 192.168.100.10 on the Network Card with network address 0008544917A6.

Log: 'System' Date/Time: 26/04/2012 8:36:34 AM
Type: error Category: 0
Event: 1002 Source: Dhcp
The IP address lease 24.93.29.214 for the Network Card with network address 0008544917A6 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 26/04/2012 12:26:29 AM
Type: error Category: 0
Event: 1002 Source: Dhcp
The IP address lease 24.93.29.214 for the Network Card with network address 0008544917A6 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 25/04/2012 6:05:59 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/04/2012 10:16:47 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0008544917A6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/04/2012 10:16:04 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0008544917A6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/04/2012 10:14:41 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0008544917A6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/04/2012 10:11:50 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0008544917A6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/04/2012 10:06:05 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0008544917A6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/04/2012 9:54:36 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0008544917A6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/04/2012 9:24:01 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0008544917A6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/04/2012 7:25:37 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0008544917A6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/04/2012 7:23:21 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0008544917A6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/04/2012 7:18:53 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0008544917A6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/04/2012 7:09:54 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0008544917A6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/04/2012 6:51:54 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0008544917A6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/04/2012 6:34:53 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0008544917A6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/04/2012 5:41:52 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0008544917A6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/04/2012 12:44:15 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0008544917A6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/04/2012 12:42:47 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0008544917A6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/04/2012 12:27:56 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0008544917A6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/04/2012 12:27:09 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0008544917A6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/04/2012 12:25:32 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0008544917A6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/04/2012 12:22:20 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0008544917A6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.



****************


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.30.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kevin Henry :: ITZAMNA [administrator]

4/30/2012 2:10:38 AM
mbam-log-2012-04-30 (02-10-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240608
Time elapsed: 6 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



*******************



Process PID CPU Private Bytes Working Set Description Company Name Window Status Verified Signer CPU History Network Receives Network Sends Network Delta Sends
System Idle Process 0 98.46 0 K 28 K
procexp.exe 2244 1.54 23,160 K 28,892 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com Running (Verified) Microsoft Corporation 206 8
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
wuauclt.exe 2484 12,900 K 109,372 K Windows Update Microsoft Corporation (Verified) Microsoft Windows Component Publisher
wmiprvse.exe 3184 2,472 K 5,068 K WMI Microsoft Corporation (Verified) Microsoft Windows Component Publisher
winlogon.exe 808 6,632 K 2,728 K Windows NT Logon Application Microsoft Corporation (Verified) Microsoft Windows Component Publisher
wdfmgr.exe 1760 1,536 K 1,872 K Windows User Mode Driver Manager Microsoft Corporation (Verified) Microsoft Windows Component Publisher
VzFw.exe 1136 4,472 K 8,236 K VAIO Entertainment File Import Service Sony Corporation (Unable to verify) Sony Corporation
VzCdbSvc.exe 652 5,596 K 9,568 K VAIO Entertainment Database Service Sony Corporation (Unable to verify) Sony Corporation
VCSW.exe 556 2,724 K 5,088 K VAIO Entertainment UPnP Client Adapter Sony Corporation (Unable to verify) Sony Corporation
UpdateChecker.exe 3196 19,208 K 22,488 K FileHippo.com Update Checker FileHippo.com (Unable to verify) FileHippo.com
System 4 0 K 248 K 1 1
svchost.exe 1216 20,732 K 33,084 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1088 2,028 K 4,944 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1040 3,240 K 5,580 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1308 1,340 K 3,708 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher 6 8
svchost.exe 1496 1,536 K 4,032 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1868 1,348 K 3,924 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 996 2,484 K 4,364 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
StartManSvc.exe 484 1,148 K 3,620 K StartMan Application PC Tools (Verified) PC Tools
spoolsv.exe 1588 6,568 K 8,252 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows Component Publisher
SOUNDMAN.EXE 2888 1,924 K 3,096 K Realtek Sound Manager Realtek Semiconductor Corp. (Verified) Microsoft Windows Hardware Compatibility Publisher
SonicStageMonitoring.exe 1376 716 K 2,476 K SonicStageMonitoring Module Sony Corporation (Unable to verify) Sony Corporation
smss.exe 716 172 K 440 K Windows NT Session Manager Microsoft Corporation (Verified) Microsoft Windows Component Publisher
SMceMan.exe 1416 1,756 K 4,664 K SMceMan Module Sony Corporation (Unable to verify) Sony Corporation
SetPoint.exe 3108 5,136 K 11,792 K Logitech SetPoint Event Manager (UNICODE) Logitech, Inc. (Verified) Logitech
services.exe 852 1,900 K 3,700 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Component Publisher
rundll32.exe 3140 7,776 K 10,304 K Run a DLL as an App Microsoft Corporation (Verified) Microsoft Windows Component Publisher
RM_SV.exe 2812 1,236 K 4,016 K RM_SV Module Sony Corporation (Unable to verify) Sony Corporation
realsched.exe 3000 1,116 K 648 K RealNetworks Scheduler RealNetworks, Inc. (Verified) RealNetworks, Inc.
RazerTray.exe 2908 4,784 K 6,832 K Razer Mamba Configuration Utility Razer USA Ltd (Verified) Razer USA Ltd
PsiService_2.exe 1144 568 K 2,168 K PsiService PsiService Protexis Inc. (Verified) Protexis Inc.
nvsvc32.exe 428 5,048 K 6,844 K NVIDIA Driver Helper Service, Version 296.10 NVIDIA Corporation (Verified) NVIDIA Corporation
notepad.exe 3420 1,044 K 3,812 K Notepad Microsoft Corporation Running (Verified) Microsoft Windows Component Publisher
msseces.exe 3168 6,192 K 10,988 K Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
MsMpEng.exe 1180 64,328 K 56,388 K Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
mDNSResponder.exe 1936 1,232 K 3,824 K Bonjour Service Apple Inc. (Verified) Apple Inc.
lsass.exe 864 4,080 K 1,448 K LSA Shell (Export Version) Microsoft Corporation (Verified) Microsoft Windows Component Publisher
KHALMNPR.exe 744 4,404 K 7,468 K Logitech KHAL Main Process Logitech, Inc. (Verified) Logitech
explorer.exe 628 19,772 K 25,672 K Windows Explorer Microsoft Corporation Running (Verified) Microsoft Windows Component Publisher
EKIJ5000MUI.exe 2776 1,320 K 4,104 K Status Monitor for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build) Eastman Kodak Company (Verified) Microsoft Windows Hardware Compatibility Publisher
EKAiOHostService.exe 264 21,808 K 21,576 K EKAiOHostService Module for Kodak AiO Printers Eastman Kodak Company (Verified) Eastman Kodak Company
ehtray.exe 2752 2,332 K 1,324 K Media Center Tray Applet Microsoft Corporation (Verified) Microsoft Windows Component Publisher
ehSched.exe 2008 1,640 K 5,128 K Media Center Scheduler Service Microsoft Corporation (Verified) Microsoft Windows Component Publisher
ehRecvr.exe 1976 4,692 K 9,784 K Media Center Receiver Service Microsoft Corporation (Verified) Microsoft Windows XP Publisher
ehmsas.exe 3080 740 K 2,868 K Media Center Media Status Aggregator Service Microsoft Corporation (Verified) Microsoft Windows Component Publisher
Dropbox.exe 3544 45,396 K 50,060 K Dropbox Dropbox, Inc. (Verified) Dropbox 3 3
dllhost.exe 3720 2,312 K 6,424 K COM Surrogate Microsoft Corporation (Verified) Microsoft Windows Component Publisher
DivXUpdate.exe 3028 3,212 K 9,384 K DivX Update (Unable to verify)
daemonu.exe 472 2,348 K 4,760 K NVIDIA Settings Update Manager NVIDIA Corporation (Verified) NVIDIA Corporation
ctfmon.exe 3224 956 K 3,696 K CTF Loader Microsoft Corporation (Verified) Microsoft Windows Component Publisher
csrss.exe 776 1,716 K 4,012 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Component Publisher
btwdins.exe 1244 2,124 K 3,360 K Bluetooth Support Server Broadcom Corporation. (Verified) Broadcom Corporation
AppleMobileDeviceService.exe 1920 5,428 K 8,364 K MobileDeviceService Apple Inc. (Verified) Apple Inc.
alg.exe 196 1,244 K 3,756 K Application Layer Gateway Service Microsoft Corporation (Verified) Microsoft Windows Component Publisher
ACService.exe 1908 816 K 2,476 K ArcSoft Connect Service ArcSoft Inc. (Verified) ArcSoft, Inc.



**********************


Posted Image




-Kevin
  • 0

#7
RKinner
Posted 30 April 2012 - 05:11 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Your Process Explorer shows high CPU idle which is good and means nothing is slowing down your PC.

It appears you have lost the NVSvc service. This is NVIDIA Driver Helper Service so you may want to visit Sony's site and download a new graphics driver or not. Bleeping Computer says:
NVIDIA Driver Helper Service - installed when you change from the WDM drivers to nVidia's latest versions but not required. Extreme shutdown delays can be encountered with this service active, but no adverse side effects with it disabled. NOTE: If using drivers other than nVidia's, such as Asus, this service may have been renamed to reflect that.

You might just want to turn it off. I assume it is a service so right click on (My) Computer and select Manage (Continue) then Services and Applications then Services. If you find NVIDIA Driver Helper Service then right click on it and select Properties then change the Startup Type to Disabled and Apply.

Also IMAPI CD-Burning COM Service is not working. You can uninstall this program or find the service as above and change it to Disabled.

These will delay the boot a bit but shouldn't cause your download to die like it has. Don't think I've ever seen one where the download speed was so low compared to the upload speed.
  • 0

#8
Arboreal
Posted 30 April 2012 - 05:48 PM

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Well I disabled both of those services, and my bandwidth is still shot. Attempted to run sppedtest.net thrice, and only once could get past connection errors, the test results were pitiful once again. What was with all the dhcp warnings and Your computer has lost the lease to its IP address" in event viewer? Is that somehow related? Trying to learn along the way here, sorry for the questions. So, in your professional opinion, would it be safe to assume that this is a hardware issue? Can I rest safe knowing that my pc isn't rampaged by some bug hijacking me?

Edited by Arboreal, 30 April 2012 - 05:54 PM.

  • 0

#9
RKinner
Posted 30 April 2012 - 06:06 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Appears to be bug free. Not sure why you lost your lease. Usually that just means that another computer got it. If it was a local router assigning IP addresses then I would think it was another computer on the same line but judging by the IP of the DHCP server they have a central DHCP server so that may be normal.

I don't suppose there is any chance you have both a wireless connection and a wired connection on at the same time? Is there even wireless involved? If so is it encrypted? WEP or WPA/WPA2?


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

ipconfig  /all  >>  \junk.txt

netstat  -rn  >>  \junk.txt

netstat  -e  >>  \junk.txt

netstat  -s  >>  \junk.txt

notepad  \junk.txt
(I use 2 spaces so you can see where 1 space goes. that's -RN on the second one)

Copy and paste the text from notepad to a reply.
  • 0

#10
Arboreal
Posted 30 April 2012 - 06:23 PM

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
There was once a wireless router connected, it had been running encrypted WPA/WPA2, but a few weeks ago it started acting up only when secured, so I would leave it with security off and only plug it in when I needed it. When this craziness started happening I left it unplugged and remained hardwired from modem directly to the tower. Today I went out and bought a new wireless router, since my other one was having issues (it's ~7 years old). Does this have any relevance?

As is right now, there is no wireless router nor a WiFi pickup on the tower. It is hardlined from modem directly to the pc, and the old wireless router has been disconnected and unplugged.

On the last set of instructions, I think I am typing it wrong. Not sure I am following the directions 100%. Could you retype them as is? I can figure out where the spaces are without the doubles ( i think lol).


Adeendum: Nevermind the repost, I think I got it.



Windows IP Configuration



Host Name . . . . . . . . . . . . : Itzamna

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : rochester.rr.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : rochester.rr.com

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-08-54-49-17-A6

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 24.93.29.155

Subnet Mask . . . . . . . . . . . : 255.255.240.0

Default Gateway . . . . . . . . . : 24.93.16.1

DHCP Server . . . . . . . . . . . : 10.240.96.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Monday, April 30, 2012 7:34:01 PM

Lease Expires . . . . . . . . . . : Tuesday, May 01, 2012 6:00:27 AM



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-11-11-BE-B7-58




is that what you are looking for?

Edited by Arboreal, 30 April 2012 - 06:33 PM.

  • 0

Advertisements

#11
RKinner
Posted 30 April 2012 - 06:36 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I forgot to use the code tag so you can see the spaces. I did give you the vista/win7 instructions by mistake. With XP you don't need to right click on command prompt. Just left click or start, run, cmd, OK.
  • 0

#12
Arboreal
Posted 30 April 2012 - 06:57 PM

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Ok, now I feel like the punchline to a joke or something, lol. I keep getting "incorrect or incomplete command" errors. I am going to give you an example, tell me where I am going wrong if you can.


ipconfig(space)/all(space x3)\junk.txt

netstat(space)-rn(space x 3)\junk.txt
  • 0

#13
RKinner
Posted 30 April 2012 - 07:05 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
You are leaving out the >>

ipconfig(space)/all(space)>>(space)\junk.txt
  • 0

#14
Arboreal
Posted 30 April 2012 - 07:13 PM

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Windows IP Configuration



Host Name . . . . . . . . . . . . : Itzamna

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : rochester.rr.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : rochester.rr.com

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-08-54-49-17-A6

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 24.93.29.155

Subnet Mask . . . . . . . . . . . : 255.255.240.0

Default Gateway . . . . . . . . . : 24.93.16.1

DHCP Server . . . . . . . . . . . : 10.240.96.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Monday, April 30, 2012 7:34:01 PM

Lease Expires . . . . . . . . . . : Tuesday, May 01, 2012 6:00:27 AM



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-11-11-BE-B7-58

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 08 54 49 17 a6 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 11 11 be b7 58 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 24.93.16.1 24.93.29.155 20
24.93.16.0 255.255.240.0 24.93.29.155 24.93.29.155 20
24.93.29.155 255.255.255.255 127.0.0.1 127.0.0.1 20
24.255.255.255 255.255.255.255 24.93.29.155 24.93.29.155 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 24.93.29.155 24.93.29.155 20
224.0.0.0 240.0.0.0 24.93.29.155 24.93.29.155 20
255.255.255.255 255.255.255.255 24.93.29.155 24.93.29.155 1
255.255.255.255 255.255.255.255 24.93.29.155 3 1
Default Gateway: 24.93.16.1
===========================================================================
Persistent Routes:
None

Route Table


Windows IP Configuration



Host Name . . . . . . . . . . . . : Itzamna

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : rochester.rr.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : rochester.rr.com

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-08-54-49-17-A6

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 24.93.29.155

Subnet Mask . . . . . . . . . . . : 255.255.240.0

Default Gateway . . . . . . . . . : 24.93.16.1

DHCP Server . . . . . . . . . . . : 10.240.96.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Monday, April 30, 2012 7:34:01 PM

Lease Expires . . . . . . . . . . : Tuesday, May 01, 2012 6:00:27 AM



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-11-11-BE-B7-58

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 08 54 49 17 a6 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 11 11 be b7 58 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 24.93.16.1 24.93.29.155 20
24.93.16.0 255.255.240.0 24.93.29.155 24.93.29.155 20
24.93.29.155 255.255.255.255 127.0.0.1 127.0.0.1 20
24.255.255.255 255.255.255.255 24.93.29.155 24.93.29.155 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 24.93.29.155 24.93.29.155 20
224.0.0.0 240.0.0.0 24.93.29.155 24.93.29.155 20
255.255.255.255 255.255.255.255 24.93.29.155 24.93.29.155 1
255.255.255.255 255.255.255.255 24.93.29.155 3 1
Default Gateway: 24.93.16.1
===========================================================================
Persistent Routes:
None

Route Table
Interface Statistics

Received Sent

Bytes 24554360 3562141
Unicast packets 31434 30042
Non-unicast packets 69346 321
Discards 0 0
Errors 0 0
Unknown protocols 0

IPv4 Statistics

Packets Received = 32219
Received Header Errors = 0
Received Address Errors = 191
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 95
Received Packets Delivered = 32123
Output Requests = 30357
Routing Discards = 0
Discarded Output Packets = 2
Output Packet No Route = 0
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0

ICMPv4 Statistics

Received Sent
Messages 9 13
Errors 0 0
Destination Unreachable 9 10
Time Exceeded 0 0
Parameter Problems 0 0
Source Quenches 0 0
Redirects 0 0
Echos 0 0
Echo Replies 0 0
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Address Mask Replies 0 0

TCP Statistics for IPv4

Active Opens = 678
Passive Opens = 5
Failed Connection Attempts = 3
Reset Connections = 53
Current Connections = 8
Segments Received = 30949
Segments Sent = 29200
Segments Retransmitted = 284

UDP Statistics for IPv4

Datagrams Received = 650
No Ports = 1022
Receive Errors = 0
Datagrams Sent = 699



did i get it this time?
  • 0

#15
RKinner
Posted 30 April 2012 - 07:33 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Looks good. The reason you lost your IP address is that it was assigned by another router. The service you are on now does not use the 192.168. addresses.

I don't see any reason why it shouldn't work so I expect your modem is toast.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP