Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google search links don't work, Redirect Virus aftermath?

Started by singersashaw , Apr 30 2012 04:14 PM

Please log in to reply

#1
singersashaw

Posted 30 April 2012 - 04:14 PM

New Member

Member
3 posts

Hi Everyone,

My boss' work computer had the Google Happili Redirect Virus, along with the Smart HDD virus last week. I removed the Smart HDD virus with a tutorial from bleepingcomputer.com, using TDSS Kill, RKill, and Malwarebytes.

Since then, Google no longer redirects to random websites (including the Happili site), but now just won't work. I do a normal google search using a toolbar, and the results come up, but when I click on the link, the page functions as if it were loading, and then stays on the same page. Right clicking the link and opening in new page opens a blank page (url: www.google.com/url?sa=t&rct...). What I have to do is copy the url underneath the link, and then copy and paste it into the browser.

Yahoo searches work fine.

I am wondering if in removing the Smart HDD virus, I removed part of the redirect virus, but not everything? Re-running the above programs resulted in zero results.

OTL report follows. Thanks a lot

--Stephanie

OTL logfile created on: 4/30/2012 3:02:26 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Andrew Han\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 335.47 Mb Available Physical Memory | 32.83% Memory free
2.41 Gb Paging File | 1.84 Gb Available in Paging File | 76.30% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 87.56 Gb Free Space | 80.64% Space Free | Partition Type: NTFS
Drive D: | 37.04 Gb Total Space | 36.93 Gb Free Space | 99.71% Space Free | Partition Type: NTFS

Computer Name: ELMWOOD1 | User Name: Andrew Han | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/30 15:01:53 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew Han\My Documents\Downloads\OTL.exe
PRC - [2012/02/14 16:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Andrew Han\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/01/03 09:59:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/05/27 15:57:28 | 002,015,136 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/05/27 15:57:26 | 007,025,568 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2008/09/08 08:21:05 | 000,112,072 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2008/09/08 08:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/04/28 06:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/02/09 15:34:54 | 000,106,496 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
PRC - [2005/06/10 08:44:02 | 000,618,496 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/25 09:52:23 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012/01/03 09:59:50 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/05/27 15:57:32 | 000,022,944 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/05/27 15:08:56 | 000,660,480 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/08/22 21:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 21:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 21:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 21:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 20:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wintab32.dll -- (hdthermal)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/05/27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/09/08 08:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\tsk55.tmp -- (NetBT)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\tsk53.tmp -- (Cdrom)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - File not found [File_System | Boot | Stopped] -- system32\drivers\24531435.sys -- (24347395)
DRV - [2010/08/22 21:01:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/12/12 08:55:22 | 000,017,636 | ---- | M] (SHARP ECR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ecrdrv.sys -- (ECRDRV)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = home.netscape.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = VWPT
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9DFD77E5-13E3-4FCD-A2E1-40B01BED1502}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\VWPT: "URL" = http://search.viewpo...iewpointV37x_xp
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.652
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Andrew Han\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Andrew Han\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/03 10:00:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/23 15:44:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Andrew Han\Application Data\Move Networks [2009/09/27 13:43:22 | 000,000,000 | ---D | M]

[2008/07/16 11:51:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew Han\Application Data\Mozilla\Extensions
[2012/04/25 09:08:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew Han\Application Data\Mozilla\Firefox\Profiles\n6mkvvcv.default\extensions
[2011/06/04 09:11:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Andrew Han\Application Data\Mozilla\Firefox\Profiles\n6mkvvcv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/01/26 10:08:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Andrew Han\Application Data\Mozilla\Firefox\Profiles\n6mkvvcv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/23 09:14:27 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Andrew Han\Application Data\Mozilla\Firefox\Profiles\n6mkvvcv.default\extensions\[email protected]
[2008/06/25 09:36:11 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Andrew Han\Application Data\Mozilla\Firefox\Profiles\n6mkvvcv.default\searchplugins\merriam-webster.xml
[2008/05/27 09:56:12 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Andrew Han\Application Data\Mozilla\Firefox\Profiles\n6mkvvcv.default\searchplugins\webster.xml
[2011/11/09 10:10:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/05/05 12:15:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/27 11:34:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/04/27 11:34:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/03 09:59:55 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/13 14:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/07/13 14:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/05 08:56:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 10:10:52 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/23 07:57:25 | 000,000,882 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [sIdCBCsAqrsll.exe] C:\Documents and Settings\All Users\Application Data\sIdCBCsAqrsll.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11f_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Andrew Han\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Andrew Han\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_19.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9369357D-7BA8-4510-9750-8E9FD41F1BF6}: NameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8076fc7c-436a-11db-bf02-0016764e2989}\Shell\AutoRun\command - "" = F:\JDSecure\Windows\JDSecure20.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/24 18:45:52 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Andrew Han\Desktop\TDSS-Killer.exe
[2012/04/24 13:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew Han\Application Data\Malwarebytes
[2012/04/24 13:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/24 13:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/24 13:39:16 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/24 13:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/24 13:28:33 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/04/24 13:06:42 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/24 08:15:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrew Han\Recent
[2012/04/23 09:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/04/16 12:25:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrew Han\My Documents\Dropbox
[2012/04/16 12:23:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew Han\Start Menu\Programs\Dropbox
[2012/04/16 12:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew Han\Application Data\Dropbox
[2012/04/02 17:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/02 17:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/30 11:39:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/04/30 08:48:53 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Andrew Han\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word (2).lnk
[2012/04/30 08:41:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/30 08:41:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/30 08:41:11 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/27 15:33:01 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2012/04/24 18:45:52 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Andrew Han\Desktop\TDSS-Killer.exe
[2012/04/24 13:39:18 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/24 13:29:58 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-iVP4xB8WTg81YG
[2012/04/24 13:29:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-iVP4xB8WTg81YGr
[2012/04/24 13:29:43 | 000,000,352 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\iVP4xB8WTg81YG
[2012/04/24 13:23:43 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/24 12:49:02 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Andrew Han\Desktop\AntiVirus-iExplore.exe
[2012/04/24 12:43:49 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/23 15:44:03 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\Andrew Han\Desktop\SMART_HDD.lnk
[2012/04/23 12:24:36 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/04/23 12:24:36 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/04/23 09:11:19 | 000,092,768 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\afbabeaebbcbdct.exe
[2012/04/23 07:57:25 | 000,000,882 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/22 14:04:27 | 000,003,350 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/04/22 14:04:19 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\E8D850706A.sys
[2012/04/16 12:25:42 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\Andrew Han\Desktop\Dropbox.lnk
[2012/04/16 12:23:55 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\Andrew Han\Start Menu\Programs\Startup\Dropbox.lnk
[2012/04/12 18:01:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/11 12:16:17 | 000,343,552 | ---- | M] () -- C:\Documents and Settings\Andrew Han\Desktop\08B6B000
[2012/04/06 10:43:57 | 000,004,694 | ---- | M] () -- C:\WINDOWS\xnview.ini
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/24 13:39:18 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/24 13:29:28 | 1071,697,920 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/24 12:49:00 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Andrew Han\Desktop\AntiVirus-iExplore.exe
[2012/04/23 15:44:05 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-iVP4xB8WTg81YG
[2012/04/23 15:44:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-iVP4xB8WTg81YGr
[2012/04/23 15:44:03 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\Andrew Han\Desktop\SMART_HDD.lnk
[2012/04/23 15:43:58 | 000,000,352 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\iVP4xB8WTg81YG
[2012/04/23 12:24:36 | 000,054,156 | ---- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/04/23 12:24:36 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/04/23 09:10:14 | 000,092,768 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\afbabeaebbcbdct.exe
[2012/04/16 12:25:42 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\Andrew Han\Desktop\Dropbox.lnk
[2012/04/16 12:23:55 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\Andrew Han\Start Menu\Programs\Startup\Dropbox.lnk
[2012/04/13 09:28:09 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.dat
[2012/04/11 12:16:13 | 000,343,552 | ---- | C] () -- C:\Documents and Settings\Andrew Han\Desktop\08B6B000
[2012/04/06 11:31:35 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/02 17:16:47 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/16 10:05:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== LOP Check ==========

[2011/10/03 14:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2010/02/11 13:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2011/04/23 09:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/02/22 10:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/04/10 14:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/02/22 10:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2007/02/22 15:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/05/08 12:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Han\Application Data\acccore
[2012/04/30 12:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Han\Application Data\Dropbox
[2006/12/09 14:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Han\Application Data\iWin
[2006/08/17 11:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Han\Application Data\Leadertech
[2006/08/23 18:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Han\Application Data\OurPictures
[2010/08/28 14:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Han\Application Data\SystemRequirementsLab
[2007/01/24 14:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Han\Application Data\Viewpoint
[2012/04/30 11:39:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

< End of report >

#2
RKinner

Posted 30 April 2012 - 04:29 PM

Malware Expert

Expert
24,748 posts

These two lines kill google and bing searches.

O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com

Copy the text in the code box by highlighting and Ctrl + c


:OTL
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [sIdCBCsAqrsll.exe] C:\Documents and Settings\All Users\Application Data\sIdCBCsAqrsll.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKCU..\Run: [Aim6] File not found
O33 - MountPoints2\{8076fc7c-436a-11db-bf02-0016764e2989}\Shell\AutoRun\command - "" = F:\JDSecure\Windows\JDSecure20.exe
[2012/04/24 13:29:58 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-iVP4xB8WTg81YG
[2012/04/24 13:29:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-iVP4xB8WTg81YGr
[2012/04/24 13:29:43 | 000,000,352 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\iVP4xB8WTg81YG
2012/04/24 12:49:02 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Andrew Han\Desktop\AntiVirus-iExplore.exe
[2012/04/24 12:43:49 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/23 15:44:03 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\Andrew Han\Desktop\SMART_HDD.lnk
[2012/04/23 09:11:19 | 000,092,768 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\afbabeaebbcbdct.exe

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config hdthermal start= disabled /c
reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg /c
    
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Download, Save and Run unhide.exe

http://download.blee...nler/unhide.exe

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan (allow the Avast Engine)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Ron

#3
singersashaw

Posted 01 May 2012 - 01:31 PM

New Member

Topic Starter
Member
3 posts

Thank you so much Ron.

OTL didn't save a log for me after the "fix", so I ran another quick scan so I had a log for you. I hope that was okay.

All the logs follow. I couldn't figure out how to make these scroll, so it's a really long post.

OTL Log

OTL logfile created on: 4/30/2012 3:56:32 PM - Run 2
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Documents and Settings\Andrew Han\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1021.98 Mb Total Physical Memory | 526.36 Mb Available Physical Memory | 51.50% Memory free
2.41 Gb Paging File | 2.04 Gb Available in Paging File | 84.98% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 87.61 Gb Free Space | 80.68% Space Free | Partition Type: NTFS
Drive D: | 37.04 Gb Total Space | 36.93 Gb Free Space | 99.71% Space Free | Partition Type: NTFS
 
Computer Name: ELMWOOD1 | User Name: Andrew Han | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/04/30 15:01:53 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew Han\My Documents\Downloads\OTL.exe
PRC - [2012/02/14 16:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Andrew Han\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/01/03 09:59:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/05/27 15:57:28 | 002,015,136 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/05/27 15:57:26 | 007,025,568 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2008/09/08 08:21:05 | 000,112,072 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2008/09/08 08:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/04/28 06:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/02/09 15:34:54 | 000,106,496 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012/01/03 09:59:50 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/05/27 15:57:32 | 000,022,944 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/05/27 15:08:56 | 000,660,480 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/08/22 21:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 21:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 21:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 21:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 20:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\wintab32.dll -- (hdthermal)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/05/27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/09/08 08:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\tsk55.tmp -- (NetBT)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\tsk53.tmp -- (Cdrom)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - File not found [File_System | Boot | Stopped] -- system32\drivers\24531435.sys -- (24347395)
DRV - [2010/08/22 21:01:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/12/12 08:55:22 | 000,017,636 | ---- | M] (SHARP ECR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ecrdrv.sys -- (ECRDRV)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = home.netscape.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = VWPT
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9DFD77E5-13E3-4FCD-A2E1-40B01BED1502}: "URL" = http://search.avg.com/route/?d=4cc6f791&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\VWPT: "URL" = http://search.viewpoint.com/pl/search?tab=1&k={searchTerms}&addr=1&query=vb=1%26tn%3D0%26addr%3D1%26type%3Drel39%5fxp%26instid%3DViewpointV37x%5fxp
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.652
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc6f791&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Andrew Han\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Andrew Han\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/03 10:00:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/23 15:44:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Andrew Han\Application Data\Move Networks [2009/09/27 13:43:22 | 000,000,000 | ---D | M]
 
[2008/07/16 11:51:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew Han\Application Data\Mozilla\Extensions
[2012/04/25 09:08:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew Han\Application Data\Mozilla\Firefox\Profiles\n6mkvvcv.default\extensions
[2011/06/04 09:11:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Andrew Han\Application Data\Mozilla\Firefox\Profiles\n6mkvvcv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/01/26 10:08:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Andrew Han\Application Data\Mozilla\Firefox\Profiles\n6mkvvcv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/23 09:14:27 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Andrew Han\Application Data\Mozilla\Firefox\Profiles\n6mkvvcv.default\extensions\[email protected]
[2008/06/25 09:36:11 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Andrew Han\Application Data\Mozilla\Firefox\Profiles\n6mkvvcv.default\searchplugins\merriam-webster.xml
[2008/05/27 09:56:12 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Andrew Han\Application Data\Mozilla\Firefox\Profiles\n6mkvvcv.default\searchplugins\webster.xml
[2011/11/09 10:10:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/05/05 12:15:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/27 11:34:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/04/27 11:34:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/03 09:59:55 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/13 14:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/07/13 14:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/05 08:56:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 10:10:52 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2012/04/30 15:51:54 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\Andrew Han\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Andrew Han\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_19.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9369357D-7BA8-4510-9750-8E9FD41F1BF6}: NameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/04/30 15:44:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/24 18:45:52 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Andrew Han\Desktop\TDSS-Killer.exe
[2012/04/24 13:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew Han\Application Data\Malwarebytes
[2012/04/24 13:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/24 13:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/24 13:39:16 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/24 13:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/24 13:28:33 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/04/24 13:06:42 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/24 08:15:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrew Han\Recent
[2012/04/23 09:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/04/16 12:25:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrew Han\My Documents\Dropbox
[2012/04/16 12:23:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew Han\Start Menu\Programs\Dropbox
[2012/04/16 12:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew Han\Application Data\Dropbox
[2012/04/02 17:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/02 17:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/04/30 15:53:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/30 15:53:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/30 15:53:14 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/30 15:51:54 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/04/30 15:33:00 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2012/04/30 11:39:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/04/30 08:48:53 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Andrew Han\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word (2).lnk
[2012/04/24 18:45:52 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Andrew Han\Desktop\TDSS-Killer.exe
[2012/04/24 13:39:18 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/24 13:23:43 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/24 12:49:02 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Andrew Han\Desktop\AntiVirus-iExplore.exe
[2012/04/23 12:24:36 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/04/23 12:24:36 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/04/22 14:04:27 | 000,003,350 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/04/22 14:04:19 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\E8D850706A.sys
[2012/04/16 12:25:42 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\Andrew Han\Desktop\Dropbox.lnk
[2012/04/16 12:23:55 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\Andrew Han\Start Menu\Programs\Startup\Dropbox.lnk
[2012/04/12 18:01:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/11 12:16:17 | 000,343,552 | ---- | M] () -- C:\Documents and Settings\Andrew Han\Desktop\08B6B000
[2012/04/06 10:43:57 | 000,004,694 | ---- | M] () -- C:\WINDOWS\xnview.ini
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/04/24 13:39:18 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/24 13:29:28 | 1071,697,920 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/24 12:49:00 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Andrew Han\Desktop\AntiVirus-iExplore.exe
[2012/04/23 12:24:36 | 000,054,156 | ---- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/04/23 12:24:36 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/04/16 12:25:42 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\Andrew Han\Desktop\Dropbox.lnk
[2012/04/16 12:23:55 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\Andrew Han\Start Menu\Programs\Startup\Dropbox.lnk
[2012/04/13 09:28:09 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.dat
[2012/04/11 12:16:13 | 000,343,552 | ---- | C] () -- C:\Documents and Settings\Andrew Han\Desktop\08B6B000
[2012/04/06 11:31:35 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/16 10:05:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/10/03 14:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2010/02/11 13:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2011/04/23 09:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/02/22 10:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/04/10 14:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/02/22 10:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2007/02/22 15:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/05/08 12:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Han\Application Data\acccore
[2012/04/30 15:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Han\Application Data\Dropbox
[2006/12/09 14:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Han\Application Data\iWin
[2006/08/17 11:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Han\Application Data\Leadertech
[2006/08/23 18:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Han\Application Data\OurPictures
[2010/08/28 14:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Han\Application Data\SystemRequirementsLab
[2007/01/24 14:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Han\Application Data\Viewpoint
[2012/04/30 11:39:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

Combo Fix:

ComboFix 12-04-31.02 - Andrew Han 04/30/2012  16:56:39.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.754 [GMT -7:00]
Running from: c:\documents and settings\Andrew Han\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\windows\EventSystem.log
c:\windows\system32\bszip.dll
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\urttemp
c:\windows\system32\urttemp\fusion.dll
c:\windows\system32\urttemp\mscoree.dll
c:\windows\system32\urttemp\mscoree.dll.local
c:\windows\system32\urttemp\mscorsn.dll
c:\windows\system32\urttemp\mscorwks.dll
c:\windows\system32\urttemp\msvcr71.dll
c:\windows\system32\urttemp\regtlib.exe
.
Infected copy of c:\windows\system32\kernel32.dll was found and disinfected 
Restored copy from - c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll 
.
.
(((((((((((((((((((((((((   Files Created from 2012-04-01 to 2012-05-01  )))))))))))))))))))))))))))))))
.
.
2012-04-30 22:44 . 2012-04-30 22:44	--------	d-----w-	C:\_OTL
2012-04-24 20:39 . 2012-04-24 20:39	--------	d-----w-	c:\documents and settings\Andrew Han\Application Data\Malwarebytes
2012-04-24 20:39 . 2012-04-24 20:39	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-24 20:39 . 2012-04-24 20:39	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-04-24 20:39 . 2012-04-04 22:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-24 20:28 . 2012-04-24 20:28	--------	d-----w-	C:\found.000
2012-04-24 20:06 . 2012-04-24 20:06	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-04-23 19:24 . 2012-04-23 19:24	1409	----a-w-	c:\windows\QTFont.for
2012-04-16 19:21 . 2012-05-01 00:10	--------	d-----w-	c:\documents and settings\Andrew Han\Application Data\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 20:24 . 2004-08-10 17:51	162816	----a-w-	c:\windows\system32\drivers\netbt.sys
2012-04-24 20:24 . 2004-08-04 03:59	62976	----a-w-	c:\windows\system32\drivers\cdrom.sys
2012-03-01 11:01 . 2004-08-10 17:51	916992	----a-w-	c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-10 17:51	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-10 17:51	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-10 17:51	177664	----a-w-	c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-10 17:51	148480	----a-w-	c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-10 17:51	385024	----a-w-	c:\windows\system32\html.iec
2012-02-25 16:52 . 2011-05-17 15:54	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-10 17:51	1860096	----a-w-	c:\windows\system32\win32k.sys
2012-01-03 16:59 . 2011-04-27 18:34	121816	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 03:52	762000	----a-r-	c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 03:52	762000	----a-r-	c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 03:52	762000	----a-r-	c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\documents and settings\Andrew Han\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\documents and settings\Andrew Han\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\documents and settings\Andrew Han\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\documents and settings\Andrew Han\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-28 282624]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
.
c:\documents and settings\Andrew Han\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Andrew Han\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Belkin\\Router Setup and Monitor\\BelkinRouterMonitor.exe"=
"c:\\Documents and Settings\\Andrew Han\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/16/2007 7:25 PM 24652]
S0 24347395;24347395;c:\windows\system32\drivers\24531435.sys --> c:\windows\system32\drivers\24531435.sys [?]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 ECRDRV;ECRDRV;c:\windows\system32\drivers\ecrdrv.sys [12/12/2004 8:55 AM 17636]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
cvsnt
clientservice
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = home.netscape.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9369357D-7BA8-4510-9750-8E9FD41F1BF6}: NameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Andrew Han\Application Data\Mozilla\Firefox\Profiles\n6mkvvcv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6f791&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKU-Default-Run-dplaysvr - c:\documents and settings\Andrew Han\Application Data\dplaysvr.exe
HKU-Default-Run-afbabeaebbcbdct - c:\documents and settings\All Users\Application Data\afbabeaebbcbdct.exe
SafeBoot-24347395.sys
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-30 17:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\drivers\tsk53.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\drivers\tsk55.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3600)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\documents and settings\Andrew Han\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2012-04-30  17:19:44 - machine was rebooted
ComboFix-quarantined-files.txt  2012-05-01 00:19
.
Pre-Run: 93,986,787,328 bytes free
Post-Run: 95,033,962,496 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - DB5426568D4B0BD6C039BE4462803B6D

TDSS Killer, standard settings:

17:26:24.0468 2784	TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
17:26:25.0187 2784	============================================================
17:26:25.0187 2784	Current date / time: 2012/04/30 17:26:25.0187
17:26:25.0187 2784	SystemInfo:
17:26:25.0187 2784	
17:26:25.0187 2784	OS Version: 5.1.2600 ServicePack: 3.0
17:26:25.0187 2784	Product type: Workstation
17:26:25.0187 2784	ComputerName: ELMWOOD1
17:26:25.0187 2784	UserName: Andrew Han
17:26:25.0187 2784	Windows directory: C:\WINDOWS
17:26:25.0187 2784	System windows directory: C:\WINDOWS
17:26:25.0187 2784	Processor architecture: Intel x86
17:26:25.0187 2784	Number of processors: 1
17:26:25.0187 2784	Page size: 0x1000
17:26:25.0187 2784	Boot type: Normal boot
17:26:25.0187 2784	============================================================
17:26:27.0531 2784	Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:26:27.0578 2784	============================================================
17:26:27.0578 2784	\Device\Harddisk0\DR0:
17:26:27.0578 2784	MBR partitions:
17:26:27.0578 2784	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0xD92C09F
17:26:27.0578 2784	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xD93FA64, BlocksNum 0x4A13723
17:26:27.0578 2784	============================================================
17:26:27.0703 2784	C: <-> \Device\Harddisk0\DR0\Partition0
17:26:27.0796 2784	D: <-> \Device\Harddisk0\DR0\Partition1
17:26:27.0796 2784	============================================================
17:26:27.0796 2784	Initialize success
17:26:27.0796 2784	============================================================
17:26:41.0156 0736	============================================================
17:26:41.0156 0736	Scan started
17:26:41.0156 0736	Mode: Manual; 
17:26:41.0156 0736	============================================================
17:26:42.0359 0736	24347395 - ok
17:26:42.0375 0736	Abiosdsk - ok
17:26:42.0437 0736	abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:26:42.0468 0736	abp480n5 - ok
17:26:42.0515 0736	ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:26:42.0531 0736	ACPI - ok
17:26:42.0578 0736	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:26:42.0578 0736	ACPIEC - ok
17:26:42.0609 0736	adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:26:42.0609 0736	adpu160m - ok
17:26:42.0656 0736	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:26:42.0656 0736	aec - ok
17:26:42.0734 0736	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:26:42.0734 0736	AFD - ok
17:26:42.0890 0736	AffinegyService (b29bc445561f1ac7b1daf67af954c36b) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
17:26:42.0906 0736	AffinegyService - ok
17:26:42.0921 0736	AFGMp50 - ok
17:26:42.0968 0736	AFGSp50         (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
17:26:42.0984 0736	AFGSp50 - ok
17:26:43.0015 0736	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:26:43.0015 0736	agp440 - ok
17:26:43.0031 0736	agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:26:43.0046 0736	agpCPQ - ok
17:26:43.0062 0736	Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:26:43.0078 0736	Aha154x - ok
17:26:43.0109 0736	aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:26:43.0125 0736	aic78u2 - ok
17:26:43.0156 0736	aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:26:43.0171 0736	aic78xx - ok
17:26:43.0218 0736	ALG             (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:26:43.0218 0736	ALG - ok
17:26:43.0281 0736	AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:26:43.0281 0736	AliIde - ok
17:26:43.0312 0736	alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:26:43.0328 0736	alim1541 - ok
17:26:43.0343 0736	amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:26:43.0359 0736	amdagp - ok
17:26:43.0375 0736	amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:26:43.0390 0736	amsint - ok
17:26:43.0406 0736	AppMgmt - ok
17:26:43.0453 0736	asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:26:43.0468 0736	asc - ok
17:26:43.0484 0736	asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:26:43.0500 0736	asc3350p - ok
17:26:43.0515 0736	asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:26:43.0531 0736	asc3550 - ok
17:26:43.0609 0736	aspnet_state    (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
17:26:43.0625 0736	aspnet_state - ok
17:26:43.0656 0736	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:26:43.0656 0736	AsyncMac - ok
17:26:43.0718 0736	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:26:43.0718 0736	atapi - ok
17:26:43.0734 0736	Atdisk - ok
17:26:43.0765 0736	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:26:43.0765 0736	Atmarpc - ok
17:26:43.0812 0736	AudioSrv        (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:26:43.0828 0736	AudioSrv - ok
17:26:43.0906 0736	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:26:43.0906 0736	audstub - ok
17:26:43.0968 0736	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:26:43.0968 0736	Beep - ok
17:26:44.0046 0736	BITS            (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:26:44.0062 0736	BITS - ok
17:26:44.0328 0736	CarboniteService (e581146b4e24601d3b3c60e960de4e3b) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
17:26:44.0453 0736	CarboniteService - ok
17:26:44.0468 0736	catchme - ok
17:26:44.0593 0736	cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:26:44.0593 0736	cbidf - ok
17:26:44.0609 0736	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:26:44.0609 0736	cbidf2k - ok
17:26:44.0640 0736	cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:26:44.0640 0736	cd20xrnt - ok
17:26:44.0671 0736	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:26:44.0687 0736	Cdaudio - ok
17:26:44.0750 0736	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:26:44.0750 0736	Cdfs - ok
17:26:44.0765 0736	Cdrom - ok
17:26:44.0781 0736	Changer - ok
17:26:44.0812 0736	CiSvc           (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:26:44.0828 0736	CiSvc - ok
17:26:44.0843 0736	ClipSrv         (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:26:44.0843 0736	ClipSrv - ok
17:26:44.0890 0736	CmdIde          (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:26:44.0890 0736	CmdIde - ok
17:26:44.0906 0736	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:26:44.0906 0736	Compbatt - ok
17:26:44.0921 0736	COMSysApp - ok
17:26:44.0937 0736	Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:26:44.0953 0736	Cpqarray - ok
17:26:45.0000 0736	CryptSvc        (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:26:45.0000 0736	CryptSvc - ok
17:26:45.0062 0736	dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:26:45.0078 0736	dac2w2k - ok
17:26:45.0109 0736	dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:26:45.0125 0736	dac960nt - ok
17:26:45.0187 0736	DcomLaunch      (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:26:45.0187 0736	DcomLaunch - ok
17:26:45.0250 0736	Dhcp            (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:26:45.0281 0736	Dhcp - ok
17:26:45.0312 0736	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:26:45.0312 0736	Disk - ok
17:26:45.0328 0736	dmadmin - ok
17:26:45.0562 0736	dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:26:45.0656 0736	dmboot - ok
17:26:45.0703 0736	dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:26:45.0718 0736	dmio - ok
17:26:45.0781 0736	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:26:45.0781 0736	dmload - ok
17:26:45.0796 0736	dmserver        (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:26:45.0828 0736	dmserver - ok
17:26:45.0859 0736	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:26:45.0921 0736	DMusic - ok
17:26:45.0984 0736	Dnscache        (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:26:46.0000 0736	Dnscache - ok
17:26:46.0062 0736	Dot3svc         (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:26:46.0078 0736	Dot3svc - ok
17:26:46.0109 0736	dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:26:46.0109 0736	dpti2o - ok
17:26:46.0171 0736	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:26:46.0171 0736	drmkaud - ok
17:26:46.0281 0736	DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
17:26:46.0296 0736	DSBrokerService - ok
17:26:46.0343 0736	DSproct         (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
17:26:46.0343 0736	DSproct - ok
17:26:46.0359 0736	dsunidrv        (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
17:26:46.0359 0736	dsunidrv - ok
17:26:46.0375 0736	E100B           (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:26:46.0390 0736	E100B - ok
17:26:46.0468 0736	EapHost         (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:26:46.0468 0736	EapHost - ok
17:26:46.0500 0736	ECRDRV          (79811f99ebcdbfc760f552842ec48a7f) C:\WINDOWS\system32\drivers\ecrdrv.sys
17:26:46.0515 0736	ECRDRV - ok
17:26:46.0578 0736	ERSvc           (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:26:46.0578 0736	ERSvc - ok
17:26:46.0609 0736	Eventlog        (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:26:46.0609 0736	Eventlog - ok
17:26:46.0671 0736	EventSystem     (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:26:46.0671 0736	EventSystem - ok
17:26:46.0718 0736	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:26:46.0718 0736	Fastfat - ok
17:26:46.0796 0736	FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:26:46.0796 0736	FastUserSwitchingCompatibility - ok
17:26:46.0859 0736	Fax             (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
17:26:46.0875 0736	Fax - ok
17:26:46.0921 0736	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:26:46.0937 0736	Fdc - ok
17:26:46.0984 0736	Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:26:46.0984 0736	Fips - ok
17:26:47.0015 0736	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:26:47.0031 0736	Flpydisk - ok
17:26:47.0062 0736	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:26:47.0078 0736	FltMgr - ok
17:26:47.0140 0736	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:26:47.0140 0736	Fs_Rec - ok
17:26:47.0156 0736	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:26:47.0156 0736	Ftdisk - ok
17:26:47.0218 0736	GEARAspiWDM     (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:26:47.0218 0736	GEARAspiWDM - ok
17:26:47.0234 0736	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:26:47.0250 0736	Gpc - ok
17:26:47.0265 0736	hdthermal - ok
17:26:47.0375 0736	helpsvc         (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:26:47.0375 0736	helpsvc - ok
17:26:47.0437 0736	HidBatt         (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
17:26:47.0453 0736	HidBatt - ok
17:26:47.0453 0736	HidServ - ok
17:26:47.0515 0736	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:26:47.0515 0736	HidUsb - ok
17:26:47.0578 0736	hkmsvc          (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:26:47.0593 0736	hkmsvc - ok
17:26:47.0625 0736	hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:26:47.0640 0736	hpn - ok
17:26:47.0687 0736	HPZid412        (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:26:47.0687 0736	HPZid412 - ok
17:26:47.0718 0736	HPZipr12        (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:26:47.0734 0736	HPZipr12 - ok
17:26:47.0781 0736	HPZius12        (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:26:47.0781 0736	HPZius12 - ok
17:26:47.0843 0736	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:26:47.0859 0736	HTTP - ok
17:26:47.0921 0736	HTTPFilter      (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:26:47.0921 0736	HTTPFilter - ok
17:26:47.0953 0736	i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:26:47.0953 0736	i2omgmt - ok
17:26:48.0000 0736	i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:26:48.0015 0736	i2omp - ok
17:26:48.0062 0736	i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:26:48.0062 0736	i8042prt - ok
17:26:48.0171 0736	ialm            (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:26:48.0203 0736	ialm - ok
17:26:48.0312 0736	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:26:48.0328 0736	IDriverT - ok
17:26:48.0343 0736	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:26:48.0375 0736	Imapi - ok
17:26:48.0453 0736	ImapiService    (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:26:48.0468 0736	ImapiService - ok
17:26:48.0515 0736	ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:26:48.0531 0736	ini910u - ok
17:26:48.0562 0736	IntelIde        (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:26:48.0562 0736	IntelIde - ok
17:26:48.0625 0736	intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:26:48.0640 0736	intelppm - ok
17:26:48.0671 0736	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:26:48.0671 0736	Ip6Fw - ok
17:26:48.0703 0736	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:26:48.0734 0736	IpFilterDriver - ok
17:26:48.0750 0736	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:26:48.0750 0736	IpInIp - ok
17:26:48.0812 0736	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:26:48.0812 0736	IpNat - ok
17:26:48.0890 0736	iPodService     (962bc769d1008d83f6a00b9de887eef4) C:\Program Files\iPod\bin\iPodService.exe
17:26:48.0906 0736	iPodService - ok
17:26:48.0921 0736	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:26:48.0921 0736	IPSec - ok
17:26:48.0968 0736	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:26:48.0984 0736	IRENUM - ok
17:26:49.0031 0736	isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:26:49.0046 0736	isapnp - ok
17:26:49.0171 0736	JavaQuickStarterService (74e30a41cdcf331c74bc4d97be40cc5b) C:\Program Files\Java\jre6\bin\jqs.exe
17:26:49.0171 0736	JavaQuickStarterService - ok
17:26:49.0234 0736	Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:26:49.0234 0736	Kbdclass - ok
17:26:49.0265 0736	kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:26:49.0281 0736	kbdhid - ok
17:26:49.0312 0736	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:26:49.0328 0736	kmixer - ok
17:26:49.0359 0736	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:26:49.0390 0736	KSecDD - ok
17:26:49.0468 0736	lanmanserver    (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:26:49.0484 0736	lanmanserver - ok
17:26:49.0500 0736	Lbd - ok
17:26:49.0500 0736	lbrtfdc - ok
17:26:49.0593 0736	LmHosts         (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:26:49.0609 0736	LmHosts - ok
17:26:49.0828 0736	McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
17:26:49.0859 0736	McComponentHostService - ok
17:26:49.0937 0736	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:26:49.0953 0736	mnmdd - ok
17:26:50.0000 0736	mnmsrvc         (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:26:50.0015 0736	mnmsrvc - ok
17:26:50.0062 0736	Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:26:50.0078 0736	Modem - ok
17:26:50.0093 0736	Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:26:50.0109 0736	Mouclass - ok
17:26:50.0171 0736	mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:26:50.0187 0736	mouhid - ok
17:26:50.0250 0736	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:26:50.0265 0736	MountMgr - ok
17:26:50.0312 0736	mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:26:50.0312 0736	mraid35x - ok
17:26:50.0640 0736	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:26:50.0687 0736	MRxDAV - ok
17:26:50.0750 0736	MSDTC           (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:26:50.0750 0736	MSDTC - ok
17:26:50.0750 0736	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:26:50.0765 0736	Msfs - ok
17:26:50.0765 0736	MSIServer - ok
17:26:50.0812 0736	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:26:50.0812 0736	MSKSSRV - ok
17:26:50.0828 0736	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:26:50.0828 0736	MSPCLOCK - ok
17:26:50.0843 0736	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:26:50.0843 0736	MSPQM - ok
17:26:50.0890 0736	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:26:50.0890 0736	mssmbios - ok
17:26:50.0953 0736	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:26:50.0984 0736	Mup - ok
17:26:51.0062 0736	napagent        (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:26:51.0078 0736	napagent - ok
17:26:51.0109 0736	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:26:51.0125 0736	NDIS - ok
17:26:51.0156 0736	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:26:51.0156 0736	NdisTapi - ok
17:26:51.0171 0736	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:26:51.0187 0736	Ndisuio - ok
17:26:51.0203 0736	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:26:51.0218 0736	NdisWan - ok
17:26:51.0281 0736	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:26:51.0281 0736	NDProxy - ok
17:26:51.0281 0736	NetBT - ok
17:26:51.0328 0736	NetDDE          (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:26:51.0343 0736	NetDDE - ok
17:26:51.0343 0736	NetDDEdsdm      (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:26:51.0343 0736	NetDDEdsdm - ok
17:26:51.0390 0736	Netman          (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:26:51.0390 0736	Netman - ok
17:26:51.0468 0736	Nla             (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:26:51.0484 0736	Nla - ok
17:26:51.0546 0736	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:26:51.0546 0736	Npfs - ok
17:26:51.0593 0736	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:26:51.0593 0736	Ntfs - ok
17:26:51.0671 0736	NtmsSvc         (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:26:51.0671 0736	NtmsSvc - ok
17:26:51.0718 0736	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:26:51.0734 0736	Null - ok
17:26:51.0843 0736	nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:26:51.0890 0736	nv - ok
17:26:51.0984 0736	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:26:52.0000 0736	NwlnkFlt - ok
17:26:52.0015 0736	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:26:52.0031 0736	NwlnkFwd - ok
17:26:52.0078 0736	Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:26:52.0093 0736	Parport - ok
17:26:52.0109 0736	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:26:52.0109 0736	PartMgr - ok
17:26:52.0156 0736	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:26:52.0156 0736	ParVdm - ok
17:26:52.0171 0736	PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:26:52.0187 0736	PCI - ok
17:26:52.0203 0736	PCIDump - ok
17:26:52.0234 0736	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:26:52.0234 0736	PCIIde - ok
17:26:52.0250 0736	Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:26:52.0265 0736	Pcmcia - ok
17:26:52.0265 0736	PDCOMP - ok
17:26:52.0281 0736	PDFRAME - ok
17:26:52.0281 0736	PDRELI - ok
17:26:52.0296 0736	PDRFRAME - ok
17:26:52.0312 0736	perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:26:52.0328 0736	perc2 - ok
17:26:52.0359 0736	perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:26:52.0359 0736	perc2hib - ok
17:26:52.0421 0736	PlugPlay        (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:26:52.0421 0736	PlugPlay - ok
17:26:52.0484 0736	PolicyAgent     (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:26:52.0500 0736	PolicyAgent - ok
17:26:52.0562 0736	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:26:52.0578 0736	PptpMiniport - ok
17:26:52.0578 0736	ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:26:52.0578 0736	ProtectedStorage - ok
17:26:52.0593 0736	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:26:52.0609 0736	PSched - ok
17:26:52.0671 0736	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:26:52.0687 0736	Ptilink - ok
17:26:52.0750 0736	PxHelp20        (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:26:52.0750 0736	PxHelp20 - ok
17:26:52.0781 0736	ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:26:52.0796 0736	ql1080 - ok
17:26:52.0812 0736	Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:26:52.0812 0736	Ql10wnt - ok
17:26:52.0828 0736	ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:26:52.0843 0736	ql12160 - ok
17:26:52.0843 0736	ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:26:52.0859 0736	ql1240 - ok
17:26:52.0890 0736	ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:26:52.0890 0736	ql1280 - ok
17:26:52.0906 0736	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:26:52.0937 0736	RasAcd - ok
17:26:52.0984 0736	RasAuto         (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:26:52.0984 0736	RasAuto - ok
17:26:53.0015 0736	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:26:53.0031 0736	Rasl2tp - ok
17:26:53.0093 0736	RasMan          (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:26:53.0109 0736	RasMan - ok
17:26:53.0125 0736	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:26:53.0125 0736	RasPppoe - ok
17:26:53.0140 0736	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:26:53.0140 0736	Raspti - ok
17:26:53.0140 0736	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:26:53.0140 0736	RDPCDD - ok
17:26:53.0203 0736	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:26:53.0203 0736	rdpdr - ok
17:26:53.0250 0736	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:26:53.0250 0736	RDPWD - ok
17:26:53.0281 0736	RDSessMgr       (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:26:53.0296 0736	RDSessMgr - ok
17:26:53.0343 0736	redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:26:53.0359 0736	redbook - ok
17:26:53.0406 0736	RemoteAccess    (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:26:53.0421 0736	RemoteAccess - ok
17:26:53.0484 0736	RpcSs           (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
17:26:53.0484 0736	RpcSs - ok
17:26:53.0546 0736	RSVP            (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:26:53.0562 0736	RSVP - ok
17:26:53.0593 0736	SamSs           (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:26:53.0593 0736	SamSs - ok
17:26:53.0625 0736	SCardSvr        (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:26:53.0640 0736	SCardSvr - ok
17:26:53.0687 0736	Schedule        (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:26:53.0703 0736	Schedule - ok
17:26:53.0750 0736	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:26:53.0750 0736	Secdrv - ok
17:26:53.0796 0736	seclogon        (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:26:53.0796 0736	seclogon - ok
17:26:53.0890 0736	senfilt         (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
17:26:53.0921 0736	senfilt - ok
17:26:53.0937 0736	SENS            (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:26:53.0937 0736	SENS - ok
17:26:54.0000 0736	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:26:54.0000 0736	serenum - ok
17:26:54.0015 0736	Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:26:54.0031 0736	Serial - ok
17:26:54.0046 0736	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:26:54.0062 0736	Sfloppy - ok
17:26:54.0140 0736	SharedAccess    (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:26:54.0140 0736	SharedAccess - ok
17:26:54.0218 0736	ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:26:54.0218 0736	ShellHWDetection - ok
17:26:54.0234 0736	Simbad - ok
17:26:54.0265 0736	sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:26:54.0281 0736	sisagp - ok
17:26:54.0343 0736	smwdm           (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
17:26:54.0359 0736	smwdm - ok
17:26:54.0406 0736	Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:26:54.0421 0736	Sparrow - ok
17:26:54.0437 0736	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:26:54.0453 0736	splitter - ok
17:26:54.0500 0736	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:26:54.0500 0736	Spooler - ok
17:26:54.0515 0736	sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:26:54.0531 0736	sr - ok
17:26:54.0593 0736	srservice       (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:26:54.0593 0736	srservice - ok
17:26:54.0625 0736	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:26:54.0640 0736	Srv - ok
17:26:54.0671 0736	SSDPSRV         (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:26:54.0671 0736	SSDPSRV - ok
17:26:54.0750 0736	stisvc          (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:26:54.0750 0736	stisvc - ok
17:26:54.0812 0736	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:26:54.0812 0736	swenum - ok
17:26:54.0828 0736	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:26:54.0843 0736	swmidi - ok
17:26:54.0843 0736	SwPrv - ok
17:26:54.0890 0736	symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:26:54.0906 0736	symc810 - ok
17:26:54.0921 0736	symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:26:54.0921 0736	symc8xx - ok
17:26:54.0953 0736	sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:26:54.0953 0736	sym_hi - ok
17:26:54.0968 0736	sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:26:54.0984 0736	sym_u3 - ok
17:26:55.0031 0736	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:26:55.0031 0736	sysaudio - ok
17:26:55.0078 0736	SysmonLog       (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:26:55.0078 0736	SysmonLog - ok
17:26:55.0156 0736	TapiSrv         (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:26:55.0156 0736	TapiSrv - ok
17:26:55.0234 0736	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:26:55.0234 0736	Tcpip - ok
17:26:55.0281 0736	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:26:55.0281 0736	TDPIPE - ok
17:26:55.0296 0736	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:26:55.0312 0736	TDTCP - ok
17:26:55.0359 0736	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:26:55.0375 0736	TermDD - ok
17:26:55.0484 0736	TermService     (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:26:55.0484 0736	TermService - ok
17:26:55.0546 0736	Themes          (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:26:55.0562 0736	Themes - ok
17:26:55.0609 0736	TosIde          (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:26:55.0609 0736	TosIde - ok
17:26:55.0640 0736	TrkWks          (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:26:55.0656 0736	TrkWks - ok
17:26:55.0703 0736	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:26:55.0703 0736	Udfs - ok
17:26:55.0718 0736	ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:26:55.0734 0736	ultra - ok
17:26:55.0781 0736	UMWdf           (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
17:26:55.0796 0736	UMWdf - ok
17:26:55.0875 0736	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:26:55.0890 0736	Update - ok
17:26:55.0953 0736	upnphost        (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:26:55.0953 0736	upnphost - ok
17:26:55.0968 0736	UPS             (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:26:55.0984 0736	UPS - ok
17:26:56.0031 0736	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:26:56.0031 0736	usbccgp - ok
17:26:56.0062 0736	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:26:56.0078 0736	usbehci - ok
17:26:56.0140 0736	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:26:56.0140 0736	usbhub - ok
17:26:56.0203 0736	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:26:56.0218 0736	usbprint - ok
17:26:56.0250 0736	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:26:56.0265 0736	USBSTOR - ok
17:26:56.0312 0736	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:26:56.0312 0736	usbuhci - ok
17:26:56.0390 0736	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:26:56.0453 0736	VgaSave - ok
17:26:56.0500 0736	viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:26:56.0500 0736	viaagp - ok
17:26:56.0531 0736	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:26:56.0531 0736	ViaIde - ok
17:26:56.0671 0736	Viewpoint Manager Service (d622530829e35d75526a814375eebcfd) C:\Program Files\Viewpoint\Common\ViewpointService.exe
17:26:56.0671 0736	Viewpoint Manager Service - ok
17:26:56.0734 0736	VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:26:56.0750 0736	VolSnap - ok
17:26:56.0781 0736	VSS             (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:26:56.0781 0736	VSS - ok
17:26:56.0859 0736	w32time         (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:26:56.0859 0736	w32time - ok
17:26:56.0875 0736	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:26:56.0890 0736	Wanarp - ok
17:26:56.0890 0736	wanatw - ok
17:26:56.0906 0736	WDICA - ok
17:26:56.0921 0736	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:26:56.0937 0736	wdmaud - ok
17:26:56.0953 0736	WebClient       (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:26:56.0968 0736	WebClient - ok
17:26:57.0093 0736	winmgmt         (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:26:57.0093 0736	winmgmt - ok
17:26:57.0156 0736	WmdmPmSN        (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
17:26:57.0156 0736	WmdmPmSN - ok
17:26:57.0203 0736	WmiApSrv        (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:26:57.0203 0736	WmiApSrv - ok
17:26:57.0250 0736	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:26:57.0265 0736	WS2IFSL - ok
17:26:57.0312 0736	wscsvc          (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:26:57.0312 0736	wscsvc - ok
17:26:57.0343 0736	wuauserv        (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:26:57.0343 0736	wuauserv - ok
17:26:57.0468 0736	WZCSVC          (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:26:57.0484 0736	WZCSVC - ok
17:26:57.0500 0736	xmlprov         (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:26:57.0515 0736	xmlprov - ok
17:26:57.0546 0736	MBR (0x1B8)     (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
17:26:57.0578 0736	\Device\Harddisk0\DR0 - ok
17:26:57.0625 0736	Boot (0x1200)   (381f4d1575b545bdc593a61c5deee429) \Device\Harddisk0\DR0\Partition0
17:26:57.0625 0736	\Device\Harddisk0\DR0\Partition0 - ok
17:26:57.0656 0736	Boot (0x1200)   (3b6a555c6f4f4249a14181985f8ff4f1) \Device\Harddisk0\DR0\Partition1
17:26:57.0656 0736	\Device\Harddisk0\DR0\Partition1 - ok
17:26:57.0656 0736	============================================================
17:26:57.0656 0736	Scan finished
17:26:57.0656 0736	============================================================
17:26:57.0671 2092	Detected object count: 0
17:26:57.0671 2092	Actual detected object count: 0

TDSS Killer Log, Adjusted Settings

17:29:04.0796 2924	============================================================
17:29:04.0796 2924	Scan started
17:29:04.0796 2924	Mode: Manual; SigCheck; TDLFS; 
17:29:04.0796 2924	============================================================
17:29:06.0390 2924	24347395 - ok
17:29:06.0406 2924	Abiosdsk - ok
17:29:06.0890 2924	abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:29:07.0218 2924	abp480n5 - ok
17:29:07.0312 2924	ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:29:07.0484 2924	ACPI - ok
17:29:07.0718 2924	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:29:07.0921 2924	ACPIEC - ok
17:29:10.0406 2924	adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:29:11.0046 2924	adpu160m - ok
17:29:11.0109 2924	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:29:11.0406 2924	aec - ok
17:29:11.0500 2924	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:29:11.0562 2924	AFD - ok
17:29:11.0718 2924	AffinegyService (b29bc445561f1ac7b1daf67af954c36b) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
17:29:11.0781 2924	AffinegyService - ok
17:29:11.0796 2924	AFGMp50 - ok
17:29:11.0921 2924	AFGSp50         (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
17:29:12.0109 2924	AFGSp50 - ok
17:29:12.0156 2924	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:29:12.0406 2924	agp440 - ok
17:29:12.0421 2924	agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:29:12.0687 2924	agpCPQ - ok
17:29:12.0703 2924	Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:29:12.0781 2924	Aha154x - ok
17:29:12.0812 2924	aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:29:13.0031 2924	aic78u2 - ok
17:29:13.0062 2924	aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:29:13.0296 2924	aic78xx - ok
17:29:13.0328 2924	ALG             (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:29:13.0453 2924	ALG - ok
17:29:13.0484 2924	AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:29:13.0687 2924	AliIde - ok
17:29:13.0718 2924	alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:29:14.0187 2924	alim1541 - ok
17:29:14.0218 2924	amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:29:14.0406 2924	amdagp - ok
17:29:14.0437 2924	amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:29:14.0531 2924	amsint - ok
17:29:14.0546 2924	AppMgmt - ok
17:29:14.0578 2924	asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:29:14.0796 2924	asc - ok
17:29:14.0828 2924	asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:29:14.0890 2924	asc3350p - ok
17:29:14.0906 2924	asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:29:15.0093 2924	asc3550 - ok
17:29:15.0171 2924	aspnet_state    (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
17:29:15.0187 2924	aspnet_state ( UnsignedFile.Multi.Generic ) - warning
17:29:15.0187 2924	aspnet_state - detected UnsignedFile.Multi.Generic (1)
17:29:15.0218 2924	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:29:15.0453 2924	AsyncMac - ok
17:29:15.0484 2924	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:29:15.0703 2924	atapi - ok
17:29:15.0718 2924	Atdisk - ok
17:29:15.0750 2924	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:29:15.0984 2924	Atmarpc - ok
17:29:16.0046 2924	AudioSrv        (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:29:16.0234 2924	AudioSrv - ok
17:29:16.0296 2924	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:29:16.0484 2924	audstub - ok
17:29:16.0531 2924	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:29:16.0734 2924	Beep - ok
17:29:16.0812 2924	BITS            (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:29:17.0046 2924	BITS - ok
17:29:17.0296 2924	CarboniteService (e581146b4e24601d3b3c60e960de4e3b) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
17:29:17.0437 2924	CarboniteService - ok
17:29:17.0437 2924	catchme - ok
17:29:17.0546 2924	cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:29:17.0734 2924	cbidf - ok
17:29:17.0734 2924	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:29:17.0937 2924	cbidf2k - ok
17:29:17.0953 2924	cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:29:18.0015 2924	cd20xrnt - ok
17:29:18.0062 2924	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:29:18.0250 2924	Cdaudio - ok
17:29:18.0281 2924	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:29:18.0468 2924	Cdfs - ok
17:29:18.0468 2924	Cdrom - ok
17:29:18.0484 2924	Changer - ok
17:29:18.0531 2924	CiSvc           (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:29:18.0703 2924	CiSvc - ok
17:29:18.0718 2924	ClipSrv         (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:29:18.0921 2924	ClipSrv - ok
17:29:18.0953 2924	CmdIde          (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:29:19.0125 2924	CmdIde - ok
17:29:19.0171 2924	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:29:19.0359 2924	Compbatt - ok
17:29:19.0359 2924	COMSysApp - ok
17:29:19.0406 2924	Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:29:19.0593 2924	Cpqarray - ok
17:29:19.0656 2924	CryptSvc        (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:29:19.0859 2924	CryptSvc - ok
17:29:19.0921 2924	dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:29:20.0125 2924	dac2w2k - ok
17:29:20.0156 2924	dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:29:20.0359 2924	dac960nt - ok
17:29:20.0421 2924	DcomLaunch      (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:29:20.0500 2924	DcomLaunch - ok
17:29:20.0531 2924	Dhcp            (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:29:20.0703 2924	Dhcp - ok
17:29:20.0750 2924	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:29:20.0953 2924	Disk - ok
17:29:20.0968 2924	dmadmin - ok
17:29:21.0031 2924	dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:29:21.0234 2924	dmboot - ok
17:29:21.0265 2924	dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:29:21.0468 2924	dmio - ok
17:29:21.0500 2924	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:29:21.0671 2924	dmload - ok
17:29:21.0703 2924	dmserver        (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:29:21.0890 2924	dmserver - ok
17:29:22.0015 2924	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:29:22.0234 2924	DMusic - ok
17:29:22.0265 2924	Dnscache        (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:29:22.0328 2924	Dnscache - ok
17:29:22.0359 2924	Dot3svc         (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:29:22.0531 2924	Dot3svc - ok
17:29:22.0562 2924	dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:29:22.0734 2924	dpti2o - ok
17:29:22.0781 2924	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:29:22.0953 2924	drmkaud - ok
17:29:23.0078 2924	DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
17:29:23.0093 2924	DSBrokerService - ok
17:29:23.0156 2924	DSproct         (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
17:29:23.0187 2924	DSproct ( UnsignedFile.Multi.Generic ) - warning
17:29:23.0187 2924	DSproct - detected UnsignedFile.Multi.Generic (1)
17:29:23.0218 2924	dsunidrv        (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
17:29:23.0281 2924	dsunidrv - ok
17:29:23.0328 2924	E100B           (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:29:23.0390 2924	E100B - ok
17:29:23.0437 2924	EapHost         (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:29:23.0640 2924	EapHost - ok
17:29:23.0671 2924	ECRDRV          (79811f99ebcdbfc760f552842ec48a7f) C:\WINDOWS\system32\drivers\ecrdrv.sys
17:29:23.0687 2924	ECRDRV ( UnsignedFile.Multi.Generic ) - warning
17:29:23.0687 2924	ECRDRV - detected UnsignedFile.Multi.Generic (1)
17:29:23.0750 2924	ERSvc           (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:29:23.0953 2924	ERSvc - ok
17:29:24.0031 2924	Eventlog        (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:29:24.0078 2924	Eventlog - ok
17:29:24.0125 2924	EventSystem     (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:29:24.0156 2924	EventSystem - ok
17:29:24.0187 2924	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:29:24.0359 2924	Fastfat - ok
17:29:24.0406 2924	FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:29:24.0468 2924	FastUserSwitchingCompatibility - ok
17:29:24.0515 2924	Fax             (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
17:29:24.0718 2924	Fax - ok
17:29:24.0734 2924	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:29:24.0921 2924	Fdc - ok
17:29:25.0031 2924	Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:29:25.0218 2924	Fips - ok
17:29:25.0265 2924	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:29:25.0453 2924	Flpydisk - ok
17:29:25.0500 2924	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:29:25.0718 2924	FltMgr - ok
17:29:25.0765 2924	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:29:25.0968 2924	Fs_Rec - ok
17:29:26.0000 2924	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:29:26.0187 2924	Ftdisk - ok
17:29:26.0234 2924	GEARAspiWDM     (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:29:26.0250 2924	GEARAspiWDM - ok
17:29:26.0312 2924	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:29:26.0484 2924	Gpc - ok
17:29:26.0484 2924	hdthermal - ok
17:29:26.0609 2924	helpsvc         (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:29:26.0796 2924	helpsvc - ok
17:29:26.0828 2924	HidBatt         (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
17:29:27.0015 2924	HidBatt - ok
17:29:27.0031 2924	HidServ - ok
17:29:27.0078 2924	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:29:27.0265 2924	HidUsb - ok
17:29:27.0296 2924	hkmsvc          (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:29:27.0484 2924	hkmsvc - ok
17:29:27.0515 2924	hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:29:27.0687 2924	hpn - ok
17:29:27.0734 2924	HPZid412        (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:29:27.0812 2924	HPZid412 - ok
17:29:27.0828 2924	HPZipr12        (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:29:27.0890 2924	HPZipr12 - ok
17:29:27.0921 2924	HPZius12        (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:29:28.0046 2924	HPZius12 - ok
17:29:28.0109 2924	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:29:28.0156 2924	HTTP - ok
17:29:28.0203 2924	HTTPFilter      (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:29:28.0578 2924	HTTPFilter - ok
17:29:28.0609 2924	i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:29:28.0843 2924	i2omgmt - ok
17:29:28.0890 2924	i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:29:29.0078 2924	i2omp - ok
17:29:29.0140 2924	i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:29:29.0343 2924	i8042prt - ok
17:29:29.0437 2924	ialm            (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:29:29.0531 2924	ialm - ok
17:29:29.0625 2924	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:29:29.0656 2924	IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:29:29.0656 2924	IDriverT - detected UnsignedFile.Multi.Generic (1)
17:29:29.0687 2924	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:29:29.0890 2924	Imapi - ok
17:29:29.0984 2924	ImapiService    (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:29:30.0187 2924	ImapiService - ok
17:29:30.0218 2924	ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:29:30.0437 2924	ini910u - ok
17:29:30.0484 2924	IntelIde        (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:29:30.0656 2924	IntelIde - ok
17:29:30.0718 2924	intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:29:30.0921 2924	intelppm - ok
17:29:30.0968 2924	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:29:31.0171 2924	Ip6Fw - ok
17:29:31.0203 2924	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:29:31.0375 2924	IpFilterDriver - ok
17:29:31.0390 2924	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:29:31.0546 2924	IpInIp - ok
17:29:31.0593 2924	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:29:31.0796 2924	IpNat - ok
17:29:31.0843 2924	iPodService     (962bc769d1008d83f6a00b9de887eef4) C:\Program Files\iPod\bin\iPodService.exe
17:29:31.0859 2924	iPodService ( UnsignedFile.Multi.Generic ) - warning
17:29:31.0859 2924	iPodService - detected UnsignedFile.Multi.Generic (1)
17:29:31.0875 2924	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:29:32.0062 2924	IPSec - ok
17:29:32.0093 2924	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:29:32.0171 2924	IRENUM - ok
17:29:32.0203 2924	isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:29:32.0390 2924	isapnp - ok
17:29:32.0515 2924	JavaQuickStarterService (74e30a41cdcf331c74bc4d97be40cc5b) C:\Program Files\Java\jre6\bin\jqs.exe
17:29:32.0546 2924	JavaQuickStarterService - ok
17:29:32.0593 2924	Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:29:32.0781 2924	Kbdclass - ok
17:29:32.0812 2924	kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:29:33.0000 2924	kbdhid - ok
17:29:33.0062 2924	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:29:33.0218 2924	kmixer - ok
17:29:33.0296 2924	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:29:33.0390 2924	KSecDD - ok
17:29:33.0453 2924	lanmanserver    (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:29:33.0531 2924	lanmanserver - ok
17:29:33.0531 2924	Lbd - ok
17:29:33.0546 2924	lbrtfdc - ok
17:29:33.0609 2924	LmHosts         (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:29:33.0796 2924	LmHosts - ok
17:29:33.0890 2924	McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
17:29:33.0921 2924	McComponentHostService - ok
17:29:33.0984 2924	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:29:34.0140 2924	mnmdd - ok
17:29:34.0171 2924	mnmsrvc         (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:29:34.0359 2924	mnmsrvc - ok
17:29:34.0390 2924	Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:29:34.0578 2924	Modem - ok
17:29:34.0609 2924	Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:29:34.0765 2924	Mouclass - ok
17:29:34.0796 2924	mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:29:34.0984 2924	mouhid - ok
17:29:35.0031 2924	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:29:35.0218 2924	MountMgr - ok
17:29:35.0250 2924	mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:29:35.0421 2924	mraid35x - ok
17:29:35.0468 2924	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:29:35.0671 2924	MRxDAV - ok
17:29:35.0718 2924	MSDTC           (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:29:35.0921 2924	MSDTC - ok
17:29:35.0953 2924	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:29:36.0156 2924	Msfs - ok
17:29:36.0171 2924	MSIServer - ok
17:29:36.0203 2924	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:29:36.0375 2924	MSKSSRV - ok
17:29:36.0390 2924	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:29:36.0546 2924	MSPCLOCK - ok
17:29:36.0578 2924	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:29:36.0750 2924	MSPQM - ok
17:29:36.0796 2924	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:29:36.0984 2924	mssmbios - ok
17:29:37.0015 2924	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:29:37.0078 2924	Mup - ok
17:29:37.0140 2924	napagent        (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:29:37.0328 2924	napagent - ok
17:29:37.0375 2924	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:29:37.0562 2924	NDIS - ok
17:29:37.0609 2924	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:29:37.0640 2924	NdisTapi - ok
17:29:37.0656 2924	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:29:37.0828 2924	Ndisuio - ok
17:29:37.0890 2924	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:29:38.0062 2924	NdisWan - ok
17:29:38.0078 2924	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:29:38.0140 2924	NDProxy - ok
17:29:38.0156 2924	NetBT - ok
17:29:38.0218 2924	NetDDE          (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:29:38.0390 2924	NetDDE - ok
17:29:38.0390 2924	NetDDEdsdm      (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:29:38.0562 2924	NetDDEdsdm - ok
17:29:38.0609 2924	Netman          (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:29:38.0781 2924	Netman - ok
17:29:38.0843 2924	Nla             (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:29:38.0859 2924	Nla - ok
17:29:38.0937 2924	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:29:39.0125 2924	Npfs - ok
17:29:39.0187 2924	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:29:39.0359 2924	Ntfs - ok
17:29:39.0406 2924	NtmsSvc         (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:29:39.0609 2924	NtmsSvc - ok
17:29:39.0671 2924	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:29:39.0859 2924	Null - ok
17:29:39.0984 2924	nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:29:40.0218 2924	nv - ok
17:29:40.0328 2924	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:29:40.0515 2924	NwlnkFlt - ok
17:29:40.0531 2924	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:29:40.0703 2924	NwlnkFwd - ok
17:29:40.0859 2924	Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:29:41.0062 2924	Parport - ok
17:29:41.0109 2924	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:29:41.0328 2924	PartMgr - ok
17:29:41.0359 2924	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:29:41.0531 2924	ParVdm - ok
17:29:41.0562 2924	PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:29:41.0750 2924	PCI - ok
17:29:41.0750 2924	PCIDump - ok
17:29:41.0781 2924	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:29:41.0937 2924	PCIIde - ok
17:29:42.0031 2924	Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:29:42.0203 2924	Pcmcia - ok
17:29:42.0203 2924	PDCOMP - ok
17:29:42.0218 2924	PDFRAME - ok
17:29:42.0234 2924	PDRELI - ok
17:29:42.0250 2924	PDRFRAME - ok
17:29:42.0265 2924	perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:29:42.0421 2924	perc2 - ok
17:29:42.0437 2924	perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:29:42.0609 2924	perc2hib - ok
17:29:42.0687 2924	PlugPlay        (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:29:42.0703 2924	PlugPlay - ok
17:29:42.0765 2924	PolicyAgent     (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:29:42.0968 2924	PolicyAgent - ok
17:29:43.0015 2924	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:29:43.0218 2924	PptpMiniport - ok
17:29:43.0234 2924	ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:29:43.0390 2924	ProtectedStorage - ok
17:29:43.0421 2924	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:29:43.0578 2924	PSched - ok
17:29:43.0625 2924	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:29:43.0781 2924	Ptilink - ok
17:29:43.0859 2924	PxHelp20        (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:29:43.0859 2924	PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
17:29:43.0859 2924	PxHelp20 - detected UnsignedFile.Multi.Generic (1)
17:29:43.0906 2924	ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:29:44.0078 2924	ql1080 - ok
17:29:44.0093 2924	Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:29:44.0281 2924	Ql10wnt - ok
17:29:44.0328 2924	ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:29:44.0484 2924	ql12160 - ok
17:29:44.0515 2924	ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:29:44.0687 2924	ql1240 - ok
17:29:44.0703 2924	ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:29:44.0875 2924	ql1280 - ok
17:29:44.0906 2924	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:29:45.0062 2924	RasAcd - ok
17:29:45.0109 2924	RasAuto         (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:29:45.0281 2924	RasAuto - ok
17:29:45.0328 2924	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:29:45.0546 2924	Rasl2tp - ok
17:29:45.0578 2924	RasMan          (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:29:45.0781 2924	RasMan - ok
17:29:45.0812 2924	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:29:46.0015 2924	RasPppoe - ok
17:29:46.0031 2924	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:29:46.0203 2924	Raspti - ok
17:29:46.0218 2924	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:29:46.0390 2924	RDPCDD - ok
17:29:46.0437 2924	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:29:46.0609 2924	rdpdr - ok
17:29:46.0656 2924	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:29:46.0703 2924	RDPWD - ok
17:29:46.0765 2924	RDSessMgr       (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:29:46.0937 2924	RDSessMgr - ok
17:29:47.0000 2924	redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:29:47.0203 2924	redbook - ok
17:29:47.0234 2924	RemoteAccess    (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:29:47.0406 2924	RemoteAccess - ok
17:29:47.0484 2924	RpcSs           (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
17:29:47.0515 2924	RpcSs - ok
17:29:47.0562 2924	RSVP            (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:29:47.0718 2924	RSVP - ok
17:29:47.0765 2924	SamSs           (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:29:47.0921 2924	SamSs - ok
17:29:47.0953 2924	SCardSvr        (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:29:48.0140 2924	SCardSvr - ok
17:29:48.0187 2924	Schedule        (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:29:48.0328 2924	Schedule - ok
17:29:48.0390 2924	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:29:48.0468 2924	Secdrv - ok
17:29:48.0515 2924	seclogon        (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:29:48.0656 2924	seclogon - ok
17:29:48.0750 2924	senfilt         (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
17:29:48.0828 2924	senfilt - ok
17:29:48.0890 2924	SENS            (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:29:49.0078 2924	SENS - ok
17:29:49.0125 2924	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:29:49.0328 2924	serenum - ok
17:29:49.0359 2924	Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:29:49.0531 2924	Serial - ok
17:29:49.0546 2924	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:29:49.0968 2924	Sfloppy - ok
17:29:50.0109 2924	SharedAccess    (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:29:50.0375 2924	SharedAccess - ok
17:29:50.0421 2924	ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:29:50.0437 2924	ShellHWDetection - ok
17:29:50.0453 2924	Simbad - ok
17:29:50.0500 2924	sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:29:50.0734 2924	sisagp - ok
17:29:50.0812 2924	smwdm           (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
17:29:50.0828 2924	smwdm - ok
17:29:50.0875 2924	Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:29:50.0953 2924	Sparrow - ok
17:29:51.0031 2924	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:29:51.0234 2924	splitter - ok
17:29:51.0281 2924	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:29:51.0296 2924	Spooler - ok
17:29:51.0312 2924	sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:29:51.0406 2924	sr - ok
17:29:51.0453 2924	srservice       (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:29:51.0546 2924	srservice - ok
17:29:51.0609 2924	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:29:51.0687 2924	Srv - ok
17:29:51.0734 2924	SSDPSRV         (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:29:51.0843 2924	SSDPSRV - ok
17:29:51.0906 2924	stisvc          (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:29:52.0093 2924	stisvc - ok
17:29:52.0140 2924	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:29:52.0343 2924	swenum - ok
17:29:52.0375 2924	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:29:52.0531 2924	swmidi - ok
17:29:52.0546 2924	SwPrv - ok
17:29:52.0593 2924	symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:29:52.0750 2924	symc810 - ok
17:29:52.0765 2924	symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:29:52.0953 2924	symc8xx - ok
17:29:52.0984 2924	sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:29:53.0156 2924	sym_hi - ok
17:29:53.0171 2924	sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:29:53.0343 2924	sym_u3 - ok
17:29:53.0390 2924	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:29:53.0562 2924	sysaudio - ok
17:29:53.0625 2924	SysmonLog       (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:29:53.0796 2924	SysmonLog - ok
17:29:53.0859 2924	TapiSrv         (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:29:54.0031 2924	TapiSrv - ok
17:29:54.0093 2924	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:29:54.0156 2924	Tcpip - ok
17:29:54.0187 2924	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:29:54.0375 2924	TDPIPE - ok
17:29:54.0390 2924	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:29:54.0546 2924	TDTCP - ok
17:29:54.0609 2924	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:29:54.0781 2924	TermDD - ok
17:29:54.0859 2924	TermService     (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:29:55.0562 2924	TermService - ok
17:29:55.0625 2924	Themes          (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:29:55.0640 2924	Themes - ok
17:29:55.0687 2924	TosIde          (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:29:55.0875 2924	TosIde - ok
17:29:56.0078 2924	TrkWks          (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:29:56.0265 2924	TrkWks - ok
17:29:56.0312 2924	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:29:56.0500 2924	Udfs - ok
17:29:56.0515 2924	ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:29:56.0593 2924	ultra - ok
17:29:56.0625 2924	UMWdf           (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
17:29:56.0671 2924	UMWdf - ok
17:29:56.0734 2924	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:29:56.0937 2924	Update - ok
17:29:56.0968 2924	upnphost        (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:29:57.0062 2924	upnphost - ok
17:29:57.0093 2924	UPS             (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:29:57.0234 2924	UPS - ok
17:29:57.0296 2924	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:29:57.0484 2924	usbccgp - ok
17:29:57.0531 2924	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:29:57.0703 2924	usbehci - ok
17:29:57.0750 2924	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:29:57.0906 2924	usbhub - ok
17:29:57.0953 2924	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:29:58.0140 2924	usbprint - ok
17:29:58.0156 2924	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:29:58.0343 2924	USBSTOR - ok
17:29:58.0375 2924	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:29:58.0546 2924	usbuhci - ok
17:29:58.0609 2924	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:29:58.0796 2924	VgaSave - ok
17:29:58.0812 2924	viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:29:58.0984 2924	viaagp - ok
17:29:59.0031 2924	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:29:59.0187 2924	ViaIde - ok
17:29:59.0343 2924	Viewpoint Manager Service (d622530829e35d75526a814375eebcfd) C:\Program Files\Viewpoint\Common\ViewpointService.exe
17:29:59.0343 2924	Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - warning
17:29:59.0343 2924	Viewpoint Manager Service - detected UnsignedFile.Multi.Generic (1)
17:29:59.0406 2924	VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:29:59.0593 2924	VolSnap - ok
17:29:59.0703 2924	VSS             (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:29:59.0781 2924	VSS - ok
17:29:59.0812 2924	w32time         (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:29:59.0984 2924	w32time - ok
17:30:00.0031 2924	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:30:00.0250 2924	Wanarp - ok
17:30:00.0250 2924	wanatw - ok
17:30:00.0265 2924	WDICA - ok
17:30:00.0312 2924	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:30:00.0468 2924	wdmaud - ok
17:30:00.0531 2924	WebClient       (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:30:00.0750 2924	WebClient - ok
17:30:00.0875 2924	winmgmt         (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:30:01.0031 2924	winmgmt - ok
17:30:01.0093 2924	WmdmPmSN        (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
17:30:01.0125 2924	WmdmPmSN - ok
17:30:01.0171 2924	WmiApSrv        (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:30:01.0359 2924	WmiApSrv - ok
17:30:01.0390 2924	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:30:01.0546 2924	WS2IFSL - ok
17:30:01.0593 2924	wscsvc          (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:30:01.0750 2924	wscsvc - ok
17:30:01.0781 2924	wuauserv        (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:30:01.0968 2924	wuauserv - ok
17:30:02.0031 2924	WZCSVC          (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:30:02.0250 2924	WZCSVC - ok
17:30:02.0281 2924	xmlprov         (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:30:02.0437 2924	xmlprov - ok
17:30:02.0468 2924	MBR (0x1B8)     (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
17:30:02.0671 2924	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:30:02.0671 2924	\Device\Harddisk0\DR0 - detected TDSS File System (1)
17:30:02.0703 2924	Boot (0x1200)   (381f4d1575b545bdc593a61c5deee429) \Device\Harddisk0\DR0\Partition0
17:30:02.0703 2924	\Device\Harddisk0\DR0\Partition0 - ok
17:30:02.0750 2924	Boot (0x1200)   (3b6a555c6f4f4249a14181985f8ff4f1) \Device\Harddisk0\DR0\Partition1
17:30:02.0750 2924	\Device\Harddisk0\DR0\Partition1 - ok
17:30:02.0750 2924	============================================================
17:30:02.0750 2924	Scan finished
17:30:02.0750 2924	============================================================
17:30:02.0859 0408	Detected object count: 8
17:30:02.0859 0408	Actual detected object count: 8
17:30:30.0921 0408	aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
17:30:30.0921 0408	aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:30:30.0921 0408	DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
17:30:30.0921 0408	DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:30:30.0921 0408	ECRDRV ( UnsignedFile.Multi.Generic ) - skipped by user
17:30:30.0921 0408	ECRDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:30:30.0921 0408	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:30:30.0921 0408	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:30:30.0921 0408	iPodService ( UnsignedFile.Multi.Generic ) - skipped by user
17:30:30.0921 0408	iPodService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:30:30.0937 0408	PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
17:30:30.0937 0408	PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:30:30.0937 0408	Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:30:30.0937 0408	Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:30:31.0125 0408	\Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
17:30:31.0359 0408	\Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:30:31.0359 0408	\Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
17:30:31.0375 0408	\Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
17:30:31.0390 0408	\Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
17:30:31.0390 0408	\Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
17:30:31.0390 0408	\Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
17:30:31.0468 0408	\Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
17:30:31.0484 0408	\Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
17:30:31.0484 0408	\Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
17:30:31.0484 0408	\Device\Harddisk0\DR0\TDLFS - deleted
17:30:31.0484 0408	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

aswMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-30 17:34:42
-----------------------------
17:34:42.531    OS Version: Windows 5.1.2600 Service Pack 3
17:34:42.531    Number of processors: 1 586 0x409
17:34:42.531    ComputerName: ELMWOOD1  UserName: 
17:34:43.796    Initialize success
17:46:13.890    AVAST engine defs: 12043001
17:46:44.015    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:46:44.015    Disk 0 Vendor: Maxtor_6L160P0 BAJ41G10 Size: 152587MB BusType: 3
17:46:44.031    Disk 0 MBR read successfully
17:46:44.046    Disk 0 MBR scan
17:46:44.171    Disk 0 unknown MBR code
17:46:44.171    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       31 MB offset 63
17:46:44.203    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       111192 MB offset 64260
17:46:44.234    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        37926 MB offset 227801700
17:46:44.265    Disk 0 Partition 4 00     DB  CP/M / CTOS MSWIN4.1     3427 MB offset 305475975
17:46:44.281    Disk 0 scanning sectors +312496380
17:46:44.390    Disk 0 scanning C:\WINDOWS\system32\drivers
17:46:59.640    Service scanning
17:47:22.203    Modules scanning
17:47:31.437    AVAST engine scan C:\WINDOWS
17:47:52.093    AVAST engine scan C:\WINDOWS\system32
17:50:34.031    AVAST engine scan C:\WINDOWS\system32\drivers
17:50:56.468    AVAST engine scan C:\Documents and Settings\Andrew Han
18:00:53.234    AVAST engine scan C:\Documents and Settings\All Users
18:03:28.156    Scan finished successfully
09:08:46.281    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Andrew Han\Desktop\MBR.dat"
09:08:46.281    The log file has been saved successfully to "C:\Documents and Settings\Andrew Han\Desktop\aswMBR.txt"

Malwarebytes:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.01.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Andrew Han :: ELMWOOD1 [administrator]

5/1/2012 9:10:44 AM
mbam-log-2012-05-01 (09-10-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197989
Time elapsed: 9 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Thanks so much for all your help.

#4
RKinner

Posted 01 May 2012 - 02:19 PM

Malware Expert

Expert
24,748 posts

Attached is a file netbt.zip. Download, Save it then right click on it and Extract all. You should get two files. netbt.reg and legacy_netbt.reg.

Right click on each and Merge it. Reboot and then run combofix again and post the log.

#5
singersashaw

Posted 02 May 2012 - 03:54 PM

New Member

Topic Starter
Member
3 posts

I'm getting an error when I try to merge Legacy_netbt.reg: "Cannot Import....Not all data was successfully written to the registry. Some keys are open by the system or other processes"