Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan horse Agent3.WJV [Solved]

Started by Reddoug , May 07 2012 08:23 PM

This topic is locked

#1
Reddoug

Posted 07 May 2012 - 08:23 PM

Member

Member
291 posts

Hi All

Trying to help a friend out with his computer. I have cleaned out a lot of adware but I have found a trogan horse Agent3WJV when I ran AVG rescue disk.
/mnt/sda2/WINDOWS/system32/drivers/acpi.sys Trojan horse Agent; Object is white-listed (critical system file and should not be removed. I am not able to get OTL run on this computer. IT also has wmiprvse.exe running at 50% in the process tab. Any ideas how I can get OTL to run in this computer?

Thanks, Reddoug

#2
maliprog

Posted 08 May 2012 - 12:49 AM

Trusted Helper

Malware Removal
6,172 posts

Hello Reddoug and welcome to my office here at G2G!

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
Absence of symptoms does not always mean the computer is clean
Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
Please DO NOT run any scans or fix on your own without my direction.
Please read all of my response through at least once before attempting to follow the procedures described.
If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
You must reply within 3 days or your topic will be closed

Step 1

Please delete your version of OTL and try to download this OTL to your Desktop

Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
acpi.*
wmiprvse.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on this link to see a list of programs that should be disabled.
Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "No", save the log and post back the results.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select all drives that are connected to your system to be scanned.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.log and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

OTL log
OTL Extras log
GMER log

It would be helpful if you could post each log in separate post

#3
Reddoug

Posted 08 May 2012 - 09:06 PM

Member

Topic Starter
Member
291 posts

Hi

I am unable to run OTL scan. I can not connect to the Net with the computer so I downloaded it and installed it on the problem computer with a memory stick and it will not start. wmiptvse.exe process stays running at 50%. I search the computer for the file and found WMIPRESVE.EXE-28F30A9.pf. I tried to end the process but it will not end. I tried to restart computer in safemode but will not start, goes into a loop back to the screen asking me how I want to start the computer. Computer will not shut down when clicking star and then shutdown, just hangs and have to hold in power button to shut down. The biggest problem is this is an older computer and he has a two programs and has lost the disks or I would wipe the drive and reinstall O.S.

Thanks, Doug

#4
maliprog

Posted 08 May 2012 - 11:18 PM

Trusted Helper

Malware Removal
6,172 posts

OK. Let's try this. You will need your clean PC and blank CD to burn this bootable tool on CD. After that try to start this CD on infected PC.

Download OTLPEStd.exe to your desktop
Ensure that you have a blank CD in the drive
Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
Double-click on the OTLPE icon.
Select the Windows folder of the infected drive if it asks for a location
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start.
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\\OTL.txt
Copy this file to your USB drive if you do not have internet connection on this system.
Right click the file and select send to : select the USB drive.
Confirm that it has copied to the USB drive by selecting it
You can backup any files that you wish from this OS
Please post the contents of the C:\\OTL.txt file in your reply.

#5
Reddoug

Posted 09 May 2012 - 03:55 PM

Member

Topic Starter
Member
291 posts

Hi

Below is the scan results. The disk work great. Hope we can get to the bottom of this. I did start to run sfc /scanonce and it was asking for Windows disk. I canceled it. I also ran chkdsk and it did not find any bad sectors. Can you tell me about this trojan and what is does?

Thanks, Doug

OTL logfile created on: 5/9/2012 5:41:55 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

495.00 Mb Total Physical Memory | 305.00 Mb Available Physical Memory | 62.00% Memory free
395.00 Mb Paging File | 337.00 Mb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 89.85 Gb Free Space | 80.38% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/03/26 18:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/09/13 10:38:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2005/09/11 17:21:52 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/03/18 20:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (USBSANDIS)
DRV - File not found [Kernel | On_Demand] -- -- (UsbSADObex)
DRV - File not found [Kernel | On_Demand] -- -- (USBSADModem)
DRV - File not found [Kernel | On_Demand] -- -- (UsbSADDiag)
DRV - File not found [Kernel | On_Demand] -- -- (PORTMON)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand] -- -- (PCTINDIS5)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (lgcpo)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (ddxgb)
DRV - File not found [Kernel | On_Demand] -- -- (cpuz135)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (cdc_ecm)
DRV - [2012/05/06 08:10:53 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/09/13 10:38:50 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/13 10:38:50 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2008/12/04 09:17:15 | 000,627,072 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/09/04 17:03:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/08/22 13:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/04/14 01:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/14 16:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2002/01/11 10:54:54 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2001/08/17 09:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\1_john_smith_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\1_john_smith_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\1_john_smith_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\1_john_smith_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\1_john_smith_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\Administrator.JOHN-RJB6SXQFOI_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Lazer_Graphics_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Lazer_Graphics_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com
IE - HKU\Lazer_Graphics_ON_C\..\URLSearchHook: {f15ff29f-85a1-43cd-9674-e5ba40016c97} - Reg Error: Key error. File not found
IE - HKU\Lazer_Graphics_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Lazer_Graphics_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Lazer_Graphics_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25559

IE - HKU\LocalService.NT_AUTHORITY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService.NT_AUTHORITY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@DailyBibleGuide.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\DailyBibleGuide\bar\1.bin [2012/02/26 12:42:18 | 000,000,000 | ---D | M]

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found
O2 - BHO: (US Job Search Toolbar) - {f409caa5-db4f-48aa-a238-ca307c481237} - C:\Program Files\usjobsearchtoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found
O3 - HKLM\..\Toolbar: (US Job Search Toolbar) - {f409caa5-db4f-48aa-a238-ca307c481237} - C:\Program Files\usjobsearchtoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\1_john_smith_ON_C\..\Toolbar\ShellBrowser: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No CLSID value found.
O3 - HKU\1_john_smith_ON_C\..\Toolbar\ShellBrowser: (no name) - {D49E9D35-254C-4C6A-9D17-95018D228FF5} - No CLSID value found.
O3 - HKU\1_john_smith_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\1_john_smith_ON_C\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\1_john_smith_ON_C\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\Lazer_Graphics_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Lazer_Graphics_ON_C\..\Toolbar\WebBrowser: (no name) - {2A942AB7-2073-49BC-A7E1-77E93835889A} - No CLSID value found.
O3 - HKU\Lazer_Graphics_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Lazer_Graphics_ON_C\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Lexmark 3100 Series] C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LXBRKsk] C:\Program Files\Lexmark 3100 Series\lxbrksk.exe ( )
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SpySpotter System Defender] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKU\1_john_smith_ON_C..\Run: [swg] File not found
O4 - HKU\Lazer_Graphics_ON_C..\Run: [HSE] C:\Documents and Settings\All Users.WINDOWS\Application Data\86bd12\HomeSE.exe ()
O4 - HKU\Lazer_Graphics_ON_C..\Run: [YSearchProtection] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\1_john_smith_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\1_john_smith_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 08 00 00 00 [binary data]
O7 - HKU\Administrator.JOHN-RJB6SXQFOI_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Lazer_Graphics_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Lazer_Graphics_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .pdf - C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll (Adobe Systems Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macrom...tor/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1310159303093 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} http://download.spys...rcabinstall.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\javascript\Software - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 17:08:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{73e18a71-22ca-11da-aa68-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{73e18a71-22ca-11da-aa68-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{73e18a71-22ca-11da-aa68-806d6172696f}\Shell\AutoRun\command - "" = E:\menu.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/05/09 17:32:37 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2012/05/09 17:32:36 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2012/05/09 17:32:36 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2012/05/09 17:32:35 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2012/05/09 17:32:35 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2012/05/09 17:32:35 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2012/05/09 17:32:27 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2012/05/09 17:32:27 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2012/05/09 17:32:26 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2012/05/09 17:32:26 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2012/05/09 17:32:25 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2012/05/09 17:32:25 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2012/05/09 17:32:25 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2012/05/09 17:32:24 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2012/05/09 17:32:24 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2012/05/09 17:32:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2012/05/09 17:32:18 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2012/05/09 17:31:47 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2012/05/09 17:31:46 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012/05/09 17:31:46 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2012/05/09 17:31:45 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2012/05/09 17:31:45 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2012/05/09 17:31:44 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2012/05/09 17:31:44 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2012/05/09 17:31:44 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2012/05/09 17:31:42 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2012/05/09 17:31:41 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2012/05/09 17:31:41 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2012/05/09 17:31:40 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2012/05/09 17:31:39 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2012/05/09 17:31:39 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2012/05/09 17:31:39 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2012/05/09 17:31:38 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2012/05/09 17:31:37 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2012/05/09 17:31:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2012/05/09 17:31:36 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012/05/09 17:31:35 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2012/05/09 17:31:35 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012/05/09 17:31:35 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2012/05/09 17:31:34 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2012/05/09 17:31:10 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2012/05/09 17:30:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/05/08 20:02:31 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lazer Graphics\Desktop\OTL.scr
[2012/05/06 08:10:53 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/05 22:33:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lazer Graphics\Start Menu\Programs\Revo Uninstaller
[2012/05/05 22:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/05/05 22:33:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
[2012/05/05 22:31:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
[2012/05/05 16:13:34 | 000,000,000 | ---D | C] -- C:\NBRT
[2012/05/05 10:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\PCHealth
[2012/05/01 20:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Application Data\Malwarebytes
[2012/05/01 19:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/01 19:59:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/01 19:57:00 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\My Documents\mbam-setup-1.61.0.1400.exe
[2012/05/01 19:51:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\IECompatCache
[2012/05/01 19:51:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Application Data\Adobe
[2012/05/01 19:50:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\IETldCache
[2012/05/01 19:50:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Application Data\Microsoft
[2012/05/01 19:50:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Application Data
[2012/05/01 19:50:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Cookies
[2012/05/01 19:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Application Data\Sun
[2012/05/01 19:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Application Data\Macromedia
[2012/05/01 19:50:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\SendTo
[2012/05/01 19:50:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Start Menu\Programs\Startup
[2012/05/01 19:50:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Start Menu
[2012/05/01 19:50:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Start Menu\Programs\Accessories
[2012/05/01 19:50:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Templates
[2012/05/01 19:50:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Recent
[2012/05/01 19:50:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\PrintHood
[2012/05/01 19:50:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\NetHood
[2012/05/01 19:50:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Local Settings
[2012/05/01 19:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\My Documents
[2012/05/01 19:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Local Settings\Application Data\Microsoft
[2012/05/01 19:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Favorites
[2012/05/01 19:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Desktop
[2012/05/01 19:43:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/05/01 18:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lazer Graphics\My Documents\Denny's
[2012/05/01 13:03:23 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/04/30 10:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia
[2012/04/30 10:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Adobe
[2012/04/26 18:55:06 | 000,000,000 | -H-D | C] -- C:\Recycl
[2012/04/23 19:28:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\IETldCache
[2012/04/23 19:28:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Favorites
[2012/04/17 17:44:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lazer Graphics\Application Data\A63F8552
[2007/08/11 16:47:24 | 000,118,784 | ---- | C] ( ) -- C:\Program Files\CutStudioPlugin.aip
[2005/11/19 20:05:24 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\flashshl.dll
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/09 17:30:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/09 17:29:57 | 000,000,023 | ---- | M] () -- C:\WINDOWS\FLASHKSK.INI
[2012/05/09 17:29:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/09 17:19:18 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{35E7ABF2-0DA8-4115-A68A-32400ED5601E}.job
[2012/05/08 23:00:56 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/08 19:54:28 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\Desktop\1mxbgq6q.exe
[2012/05/08 19:54:08 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\Desktop\2vhzfnmm.exe
[2012/05/08 19:52:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lazer Graphics\Desktop\OTL.scr
[2012/05/06 22:49:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/06 18:31:23 | 092,549,811 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\Backup 5-5-2012.zip
[2012/05/06 17:41:36 | 010,402,561 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\BLACKHAWK TRUCK.zip
[2012/05/06 08:10:53 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/05 22:33:59 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\Desktop\Revo Uninstaller.lnk
[2012/05/05 17:23:50 | 085,983,232 | -HS- | M] () -- C:\NBRTPage.sys
[2012/05/05 10:01:06 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/05/05 10:01:04 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/01 19:59:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/01 19:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/01 19:57:57 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\My Documents\mbam-setup-1.61.0.1400.exe
[2012/05/01 19:45:43 | 000,000,302 | RHS- | M] () -- C:\boot.ini
[2012/05/01 18:24:53 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit.INI
[2012/05/01 12:51:07 | 000,140,488 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\benson.cst
[2012/04/26 17:14:31 | 000,038,204 | ---- | M] () -- C:\a1ba.reg
[2012/04/26 17:14:31 | 000,014,752 | ---- | M] () -- C:\a2ba.reg
[2012/04/25 19:23:03 | 000,091,915 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\hOWE TRAILERS 1.cst
[2012/04/25 17:03:59 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/20 18:56:17 | 000,429,207 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\blake vangsness.cst
[2012/04/18 11:02:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/12 04:11:09 | 000,444,494 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/12 04:11:09 | 000,072,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/12 04:03:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/10 23:50:58 | 001,036,907 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\Howe Jason.cst
[2012/04/10 22:07:18 | 000,292,693 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\lazer custom graphics race car.cst
[2012/04/10 22:02:41 | 000,129,076 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\karate guy 1.cst
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/08 22:41:23 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\Desktop\1mxbgq6q.exe
[2012/05/08 22:41:20 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\Desktop\2vhzfnmm.exe
[2012/05/06 17:41:27 | 010,402,561 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\My Documents\BLACKHAWK TRUCK.zip
[2012/05/06 17:40:43 | 092,549,811 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\My Documents\Backup 5-5-2012.zip
[2012/05/05 22:33:59 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\Desktop\Revo Uninstaller.lnk
[2012/05/05 16:13:33 | 085,983,232 | -HS- | C] () -- C:\NBRTPage.sys
[2012/05/05 10:27:55 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/05 10:01:04 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/01 19:59:42 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/01 19:50:10 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Start Menu\Programs\Remote Assistance.lnk
[2012/05/01 19:50:10 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Start Menu\Programs\Windows Media Player.lnk
[2012/04/26 17:14:30 | 000,038,204 | ---- | C] () -- C:\a1ba.reg
[2012/04/26 17:14:30 | 000,014,752 | ---- | C] () -- C:\a2ba.reg
[2012/03/30 13:39:38 | 000,130,228 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/07/14 19:46:44 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/07/27 15:21:09 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/02 18:00:48 | 000,026,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2007/12/07 22:20:38 | 000,000,814 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2007/12/07 22:20:18 | 000,001,671 | ---- | C] () -- C:\WINDOWS\Powerup.ini
[2007/08/11 16:47:36 | 000,017,426 | ---- | C] () -- C:\Program Files\CutStudioPlugIn.gms
[2007/08/11 16:47:36 | 000,000,384 | ---- | C] () -- C:\Program Files\CutStudioPlugIn.bmp
[2007/08/11 16:47:24 | 000,066,053 | ---- | C] () -- C:\Program Files\CSAIPin_e.chm
[2007/02/18 23:32:24 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2006/09/10 19:35:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/08 21:29:05 | 000,004,413 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2005/11/28 23:45:27 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/28 23:43:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/19 20:05:24 | 000,000,023 | ---- | C] () -- C:\WINDOWS\FLASHKSK.INI
[2005/11/19 20:05:23 | 000,003,206 | ---- | C] () -- C:\WINDOWS\LXBRCAH.ini
[2005/11/19 20:05:23 | 000,000,468 | ---- | C] () -- C:\WINDOWS\LXBRFMT.INI
[2005/11/19 20:05:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\LXBRSET.EXE
[2005/11/19 20:05:22 | 000,004,608 | ---- | C] () -- C:\WINDOWS\DelShell.exe
[2005/11/19 20:05:20 | 000,002,178 | ---- | C] () -- C:\WINDOWS\System32\LXBRSET.INI
[2005/11/19 20:01:49 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/11/19 20:00:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbrvs.dll
[2005/11/19 20:00:04 | 000,000,181 | ---- | C] () -- C:\WINDOWS\System32\lxbrcoin.ini
[2005/11/11 18:08:09 | 000,000,097 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/11 17:57:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/11/04 21:21:02 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/10/19 23:07:11 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/10/19 22:57:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/09/11 18:07:30 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/09/11 17:24:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/09/11 17:05:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/09/11 09:54:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/09/11 09:53:00 | 001,031,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/04/15 09:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/04/15 09:00:00 | 000,005,114 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 08:00:00 | 000,444,494 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 08:00:00 | 000,072,370 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/30 08:46:24 | 000,015,312 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2002/01/11 10:54:54 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2002/01/03 21:50:39 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\Local Settings\Application Data\fusioncache.dat
[2002/01/02 21:00:12 | 000,104,292 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2002/01/02 21:00:12 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[1997/06/13 22:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2007/02/18 23:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 john smith\Application Data\Ulead Systems
[2012/04/30 10:26:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lazer Graphics\Application Data\A63F8552
[2010/07/02 18:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lazer Graphics\Application Data\AT&T
[2011/07/08 16:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lazer Graphics\Application Data\Auslogics
[2010/07/27 16:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lazer Graphics\Application Data\Bytemobile
[2010/07/27 15:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lazer Graphics\Application Data\DBUpdater
[2011/08/29 22:21:33 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Lazer Graphics\Application Data\Home Safety Essentials
[2011/08/24 18:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lazer Graphics\Application Data\searchquband
[2010/07/02 18:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lazer Graphics\Application Data\Sierra Wireless
[2007/08/31 22:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lazer Graphics\Application Data\Ulead Systems
[2011/08/23 09:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lazer Graphics\Application Data\usjobsearchtoolbar
[2011/08/15 18:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lazer Graphics\Application Data\vmntemplate
[2010/07/02 18:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Bytemobile
[2010/07/02 18:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Bytemobile
[2011/09/23 16:50:16 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\86bd12
[2010/07/28 17:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AT&T
[2007/08/12 17:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Broderbund LLC
[2007/08/12 17:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Broderbund Software
[2011/08/23 23:26:29 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HSMAIAE
[2012/01/22 12:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\kalu
[2007/08/12 17:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Riverdeep Interactive Learning Limited
[2007/06/14 01:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Roland DG Corporation
[2007/02/18 23:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
[2005/11/28 23:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
[2011/09/14 11:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/09 17:19:18 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{35E7ABF2-0DA8-4115-A68A-32400ED5601E}.job

========== Purity Check ==========

< End of report >

#6
maliprog

Posted 10 May 2012 - 12:01 AM

Trusted Helper

Malware Removal
6,172 posts

Hi Reddoug,

First I'll fix what I can see then we'll do another scan to see what we can do about infected system driver.

Step 1

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB

fix.txt 2.62KB 123 downloads

Insert your USB drive with fix.txt on it
Start OTLPE
Drag and drop fix.txt into the Custom scans and fixes box
- If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
Then click the Run Fix button at the top

Step 2

Start OTLPE as you did previously from CD
Copy the attached scan.txt to a USB

Insert your USB drive with fix.txt on it
Drag and drop this attached scan.txt into the Custom scans and fixes box
scan.txt 148bytes 95 downloads
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\\OTL.txt
Copy this file to your USB drive if you do not have internet connection on this system.
Right click the file and select send to : select the USB drive.
Confirm that it has copied to the USB drive by selecting it
Please post the contents of the C:\\OTL.txt file in your reply.

Step 3

Please don't forget to include these items in your reply:

OTLPE fix log
OTLPE new scan log

It would be helpful if you could post each log in separate post

#7
Reddoug

Posted 10 May 2012 - 05:33 AM

Member

Topic Starter
Member
291 posts

Thanks for the help, Doug

Can you tell me what you found wrong?

OTL logfile created on: 5/10/2012 9:18:14 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

495.00 Mb Total Physical Memory | 308.00 Mb Available Physical Memory | 62.00% Memory free
395.00 Mb Paging File | 334.00 Mb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 89.85 Gb Free Space | 80.38% Space Free | Partition Type: NTFS
Drive D: | 123.75 Mb Total Space | 117.94 Mb Free Space | 95.30% Space Free | Partition Type: FAT32
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/03/26 18:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/09/13 10:38:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2005/09/11 17:21:52 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/03/18 20:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (USBSANDIS)
DRV - File not found [Kernel | On_Demand] -- -- (UsbSADObex)
DRV - File not found [Kernel | On_Demand] -- -- (USBSADModem)
DRV - File not found [Kernel | On_Demand] -- -- (UsbSADDiag)
DRV - File not found [Kernel | On_Demand] -- -- (PORTMON)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand] -- -- (PCTINDIS5)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (lgcpo)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (ddxgb)
DRV - File not found [Kernel | On_Demand] -- -- (cpuz135)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (cdc_ecm)
DRV - [2012/05/06 08:10:53 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/09/13 10:38:50 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/13 10:38:50 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2008/12/04 09:17:15 | 000,627,072 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/09/04 17:03:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/08/22 13:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/04/14 01:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/14 16:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2002/01/11 10:54:54 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2001/08/17 09:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\1_john_smith_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\1_john_smith_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\1_john_smith_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\1_john_smith_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\1_john_smith_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\Administrator.JOHN-RJB6SXQFOI_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Lazer_Graphics_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Lazer_Graphics_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com
IE - HKU\Lazer_Graphics_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Lazer_Graphics_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\Lazer_Graphics_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\LocalService.NT_AUTHORITY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService.NT_AUTHORITY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@DailyBibleGuide.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\DailyBibleGuide\bar\1.bin [2012/02/26 12:42:18 | 000,000,000 | ---D | M]

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (US Job Search Toolbar) - {f409caa5-db4f-48aa-a238-ca307c481237} - C:\Program Files\usjobsearchtoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (US Job Search Toolbar) - {f409caa5-db4f-48aa-a238-ca307c481237} - C:\Program Files\usjobsearchtoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Lexmark 3100 Series] C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LXBRKsk] C:\Program Files\Lexmark 3100 Series\lxbrksk.exe ( )
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SpySpotter System Defender] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\1_john_smith_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\1_john_smith_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 08 00 00 00 [binary data]
O7 - HKU\Administrator.JOHN-RJB6SXQFOI_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Lazer_Graphics_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Lazer_Graphics_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .pdf - C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll (Adobe Systems Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macrom...tor/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1310159303093 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} http://download.spys...rcabinstall.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\javascript\Software - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 17:08:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/05/10 08:05:30 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012/05/10 08:05:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/09 17:32:37 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2012/05/09 17:32:36 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2012/05/09 17:32:36 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2012/05/09 17:32:35 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2012/05/09 17:32:35 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2012/05/09 17:32:35 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2012/05/09 17:32:27 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2012/05/09 17:32:27 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2012/05/09 17:32:26 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2012/05/09 17:32:26 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2012/05/09 17:32:25 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2012/05/09 17:32:25 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2012/05/09 17:32:25 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2012/05/09 17:32:24 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2012/05/09 17:32:24 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2012/05/09 17:32:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2012/05/09 17:32:18 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2012/05/09 17:31:47 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2012/05/09 17:31:46 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012/05/09 17:31:46 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2012/05/09 17:31:45 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2012/05/09 17:31:45 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2012/05/09 17:31:44 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2012/05/09 17:31:44 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2012/05/09 17:31:44 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2012/05/09 17:31:42 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2012/05/09 17:31:41 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2012/05/09 17:31:41 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2012/05/09 17:31:40 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2012/05/09 17:31:39 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2012/05/09 17:31:39 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2012/05/09 17:31:39 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2012/05/09 17:31:38 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2012/05/09 17:31:37 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2012/05/09 17:31:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2012/05/09 17:31:36 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012/05/09 17:31:35 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2012/05/09 17:31:35 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012/05/09 17:31:35 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2012/05/09 17:31:34 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2012/05/09 17:31:10 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2012/05/09 17:30:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/05/08 20:02:31 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lazer Graphics\Desktop\OTL.scr
[2012/05/06 08:10:53 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/05 22:33:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lazer Graphics\Start Menu\Programs\Revo Uninstaller
[2012/05/05 22:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/05/05 22:33:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
[2012/05/05 22:31:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
[2012/05/05 16:13:34 | 000,000,000 | ---D | C] -- C:\NBRT
[2012/05/05 10:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\PCHealth
[2012/05/01 20:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Application Data\Malwarebytes
[2012/05/01 19:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/01 19:59:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/01 19:57:00 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\My Documents\mbam-setup-1.61.0.1400.exe
[2012/05/01 19:51:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\IECompatCache
[2012/05/01 19:51:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Application Data\Adobe
[2012/05/01 19:50:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\IETldCache
[2012/05/01 19:50:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Application Data\Microsoft
[2012/05/01 19:50:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Application Data
[2012/05/01 19:50:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Cookies
[2012/05/01 19:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Application Data\Sun
[2012/05/01 19:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Application Data\Macromedia
[2012/05/01 19:50:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\SendTo
[2012/05/01 19:50:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Start Menu\Programs\Startup
[2012/05/01 19:50:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Start Menu
[2012/05/01 19:50:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Start Menu\Programs\Accessories
[2012/05/01 19:50:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Templates
[2012/05/01 19:50:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Recent
[2012/05/01 19:50:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\PrintHood
[2012/05/01 19:50:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\NetHood
[2012/05/01 19:50:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Local Settings
[2012/05/01 19:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\My Documents
[2012/05/01 19:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Local Settings\Application Data\Microsoft
[2012/05/01 19:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Favorites
[2012/05/01 19:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Desktop
[2012/05/01 19:43:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/05/01 18:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lazer Graphics\My Documents\Denny's
[2012/05/01 13:03:23 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/04/30 10:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia
[2012/04/30 10:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Adobe
[2012/04/26 18:55:06 | 000,000,000 | -H-D | C] -- C:\Recycl
[2012/04/23 19:28:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\IETldCache
[2012/04/23 19:28:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Favorites
[2007/08/11 16:47:24 | 000,118,784 | ---- | C] ( ) -- C:\Program Files\CutStudioPlugin.aip
[2005/11/19 20:05:24 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\flashshl.dll
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/09 17:30:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/09 17:29:57 | 000,000,023 | ---- | M] () -- C:\WINDOWS\FLASHKSK.INI
[2012/05/09 17:29:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/09 17:19:18 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{35E7ABF2-0DA8-4115-A68A-32400ED5601E}.job
[2012/05/08 23:00:56 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/08 19:54:28 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\Desktop\1mxbgq6q.exe
[2012/05/08 19:54:08 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\Desktop\2vhzfnmm.exe
[2012/05/08 19:52:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lazer Graphics\Desktop\OTL.scr
[2012/05/06 22:49:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/06 18:31:23 | 092,549,811 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\Backup 5-5-2012.zip
[2012/05/06 17:41:36 | 010,402,561 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\BLACKHAWK TRUCK.zip
[2012/05/06 08:10:53 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/05 22:33:59 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\Desktop\Revo Uninstaller.lnk
[2012/05/05 17:23:50 | 085,983,232 | -HS- | M] () -- C:\NBRTPage.sys
[2012/05/05 10:01:06 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/05/05 10:01:04 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/01 19:59:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/01 19:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/01 19:57:57 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\My Documents\mbam-setup-1.61.0.1400.exe
[2012/05/01 19:45:43 | 000,000,302 | RHS- | M] () -- C:\boot.ini
[2012/05/01 18:24:53 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit.INI
[2012/05/01 12:51:07 | 000,140,488 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\benson.cst
[2012/04/26 17:14:31 | 000,038,204 | ---- | M] () -- C:\a1ba.reg
[2012/04/26 17:14:31 | 000,014,752 | ---- | M] () -- C:\a2ba.reg
[2012/04/25 19:23:03 | 000,091,915 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\hOWE TRAILERS 1.cst
[2012/04/25 17:03:59 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/20 18:56:17 | 000,429,207 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\blake vangsness.cst
[2012/04/18 11:02:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/12 04:11:09 | 000,444,494 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/12 04:11:09 | 000,072,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/12 04:03:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/10 23:50:58 | 001,036,907 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\Howe Jason.cst
[2012/04/10 22:07:18 | 000,292,693 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\lazer custom graphics race car.cst
[2012/04/10 22:02:41 | 000,129,076 | ---- | M] () -- C:\Documents and Settings\Lazer Graphics\My Documents\karate guy 1.cst
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/08 22:41:23 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\Desktop\1mxbgq6q.exe
[2012/05/08 22:41:20 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\Desktop\2vhzfnmm.exe
[2012/05/06 17:41:27 | 010,402,561 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\My Documents\BLACKHAWK TRUCK.zip
[2012/05/06 17:40:43 | 092,549,811 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\My Documents\Backup 5-5-2012.zip
[2012/05/05 22:33:59 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\Desktop\Revo Uninstaller.lnk
[2012/05/05 16:13:33 | 085,983,232 | -HS- | C] () -- C:\NBRTPage.sys
[2012/05/05 10:27:55 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/05 10:01:04 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/01 19:59:42 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/01 19:50:10 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Start Menu\Programs\Remote Assistance.lnk
[2012/05/01 19:50:10 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.JOHN-RJB6SXQFOI\Start Menu\Programs\Windows Media Player.lnk
[2012/04/26 17:14:30 | 000,038,204 | ---- | C] () -- C:\a1ba.reg
[2012/04/26 17:14:30 | 000,014,752 | ---- | C] () -- C:\a2ba.reg
[2012/03/30 13:39:38 | 000,130,228 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/07/14 19:46:44 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/07/27 15:21:09 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/02 18:00:48 | 000,026,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2007/12/07 22:20:38 | 000,000,814 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2007/12/07 22:20:18 | 000,001,671 | ---- | C] () -- C:\WINDOWS\Powerup.ini
[2007/08/11 16:47:36 | 000,017,426 | ---- | C] () -- C:\Program Files\CutStudioPlugIn.gms
[2007/08/11 16:47:36 | 000,000,384 | ---- | C] () -- C:\Program Files\CutStudioPlugIn.bmp
[2007/08/11 16:47:24 | 000,066,053 | ---- | C] () -- C:\Program Files\CSAIPin_e.chm
[2007/02/18 23:32:24 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2006/09/10 19:35:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/08 21:29:05 | 000,004,413 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2005/11/28 23:45:27 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/28 23:43:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/19 20:05:24 | 000,000,023 | ---- | C] () -- C:\WINDOWS\FLASHKSK.INI
[2005/11/19 20:05:23 | 000,003,206 | ---- | C] () -- C:\WINDOWS\LXBRCAH.ini
[2005/11/19 20:05:23 | 000,000,468 | ---- | C] () -- C:\WINDOWS\LXBRFMT.INI
[2005/11/19 20:05:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\LXBRSET.EXE
[2005/11/19 20:05:22 | 000,004,608 | ---- | C] () -- C:\WINDOWS\DelShell.exe
[2005/11/19 20:05:20 | 000,002,178 | ---- | C] () -- C:\WINDOWS\System32\LXBRSET.INI
[2005/11/19 20:01:49 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/11/19 20:00:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbrvs.dll
[2005/11/19 20:00:04 | 000,000,181 | ---- | C] () -- C:\WINDOWS\System32\lxbrcoin.ini
[2005/11/11 18:08:09 | 000,000,097 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/11 17:57:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/11/04 21:21:02 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/10/19 23:07:11 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/10/19 22:57:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/09/11 18:07:30 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/09/11 17:24:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/09/11 17:05:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/09/11 09:54:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/09/11 09:53:00 | 001,031,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/04/15 09:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/04/15 09:00:00 | 000,005,114 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 08:00:00 | 000,444,494 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 08:00:00 | 000,072,370 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/30 08:46:24 | 000,015,312 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2002/01/11 10:54:54 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2002/01/03 21:50:39 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Lazer Graphics\Local Settings\Application Data\fusioncache.dat
[2002/01/02 21:00:12 | 000,104,292 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2002/01/02 21:00:12 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[1997/06/13 22:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2007/02/18 23:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 john smith\Application Data\Ulead Systems
[2010/07/02 18:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lazer Graphics\Application Data\AT&T
[2011/07/08 16:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lazer Graphics\Application Data\Auslogics
[2010/07/27 16:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lazer Graphics\Application Data\Bytemobile
[2010/07/27 15:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lazer Graphics\Application Data\DBUpdater
[2011/08/29 22:21:33 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Lazer Graphics\Application Data\Home Safety Essentials
[2010/07/02 18:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lazer Graphics\Application Data\Sierra Wireless
[2007/08/31 22:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lazer Graphics\Application Data\Ulead Systems
[2011/08/23 09:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lazer Graphics\Application Data\usjobsearchtoolbar
[2011/08/15 18:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lazer Graphics\Application Data\vmntemplate
[2010/07/02 18:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Bytemobile
[2010/07/02 18:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Bytemobile
[2011/09/23 16:50:16 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\86bd12
[2010/07/28 17:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AT&T
[2007/08/12 17:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Broderbund LLC
[2007/08/12 17:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Broderbund Software
[2011/08/23 23:26:29 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HSMAIAE
[2012/01/22 12:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\kalu
[2007/08/12 17:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Riverdeep Interactive Learning Limited
[2007/06/14 01:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Roland DG Corporation
[2007/02/18 23:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
[2005/11/28 23:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
[2011/09/14 11:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/09 17:19:18 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{35E7ABF2-0DA8-4115-A68A-32400ED5601E}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2011/07/12 22:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe

< MD5 for: ACPI.IN_ >
[2003/03/31 07:00:00 | 000,001,377 | ---- | M] () MD5=75254860AED9FF9A67C5A0E4F22C66A7 -- C:\I386\ACPI.IN_

< MD5 for: ACPI.INF >
[2003/03/31 08:00:00 | 000,004,727 | ---- | M] () MD5=51FE7D176D893D40FE7A4036B2D9C982 -- C:\WINDOWS\inf\acpi.inf
[2003/03/31 08:00:00 | 000,004,727 | ---- | M] () MD5=51FE7D176D893D40FE7A4036B2D9C982 -- C:\WINDOWS\ServicePackFiles\i386\acpi.inf
[2003/03/31 08:00:00 | 000,004,727 | ---- | M] () MD5=51FE7D176D893D40FE7A4036B2D9C982 -- C:\WINNT\inf\acpi.inf

< MD5 for: ACPI.PNF >
[2005/10/16 02:08:53 | 000,012,512 | ---- | M] () MD5=5920141B9E3B57B4F3B5CEBD680BE907 -- C:\WINDOWS\inf\acpi.PNF
[2003/10/06 16:03:26 | 000,012,488 | ---- | M] () MD5=C9AF0AEA22D5CAD0A5197866941F0F36 -- C:\WINNT\inf\acpi.PNF

< MD5 for: ACPI.SY_ >
[2003/03/31 07:00:00 | 000,091,571 | ---- | M] () MD5=BC9B3904AB09EA8AB9AB5E44FE6E292C -- C:\I386\ACPI.SY_

< MD5 for: ACPI.SYS >
[2008/04/14 01:06:36 | 000,187,776 | ---- | M] (Microsoft Corporation) MD5=8FD99680A539792A30E97944FDAECF17 -- C:\WINDOWS\ServicePackFiles\i386\acpi.sys
[2008/04/14 01:06:36 | 000,187,776 | ---- | M] (Microsoft Corporation) MD5=8FD99680A539792A30E97944FDAECF17 -- C:\WINDOWS\system32\dllcache\acpi.sys
[2003/03/31 08:00:00 | 000,179,328 | ---- | M] (Microsoft Corporation) MD5=94DDD4B3ACBD7A9558E1762CD58386F9 -- C:\WINNT\system32\drivers\acpi.sys
[2004/08/04 02:07:38 | 000,187,776 | ---- | M] (Microsoft Corporation) MD5=A10C7534F7223F4A73A948967D00E69B -- C:\WINDOWS\$NtServicePackUninstall$\acpi.sys
[2008/04/14 01:06:36 | 000,187,776 | ---- | M] (Microsoft Corporation) MD5=D8FB7D1C3F5BFA3F53FE9CC6367E9E99 -- C:\WINDOWS\system32\drivers\acpi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2003/03/31 08:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINNT\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 16:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2003/03/31 08:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\WINNT\system32\svchost.exe
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 03:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2003/03/31 08:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\WINNT\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/04/04 16:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2003/03/31 07:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINNT\$NtUninstallQ814696$\winlogon.exe
[2003/03/31 08:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINNT\system32\winlogon.exe
[2004/05/26 21:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINNT\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WMIPRVSE.EX_ >
[2003/03/31 07:00:00 | 000,064,751 | ---- | M] () MD5=AB3145059C2658FFD8A46A64B1471ED4 -- C:\I386\WMIPRVSE.EX_

< MD5 for: WMIPRVSE.EXE >
[2004/08/04 03:56:57 | 000,218,112 | ---- | M] (Microsoft Corporation) MD5=075EA6C849AB0FE416A3D6DD65C3CF41 -- C:\WINDOWS\$NtServicePackUninstall$\wmiprvse.exe
[2004/08/04 03:56:57 | 000,218,112 | ---- | M] (Microsoft Corporation) MD5=075EA6C849AB0FE416A3D6DD65C3CF41 -- C:\WINNT\system32\wbem\wmiprvse.exe
[2008/04/14 06:42:42 | 000,218,112 | ---- | M] (Microsoft Corporation) MD5=0FFAE66E6D5B1C87CBD22D1F3B6079FD -- C:\WINDOWS\$NtUninstallKB956572$\wmiprvse.exe
[2008/04/14 06:42:42 | 000,218,112 | ---- | M] (Microsoft Corporation) MD5=0FFAE66E6D5B1C87CBD22D1F3B6079FD -- C:\WINDOWS\ServicePackFiles\i386\wmiprvse.exe
[2008/04/14 06:42:42 | 000,218,112 | ---- | M] (Microsoft Corporation) MD5=0FFAE66E6D5B1C87CBD22D1F3B6079FD -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wmiprvse.exe
[2009/02/06 06:10:02 | 000,227,840 | ---- | M] (Microsoft Corporation) MD5=798A9E6828997EEF4517ADA8A2259831 -- C:\WINDOWS\system32\dllcache\wmiprvse.exe
[2009/02/06 06:10:02 | 000,227,840 | ---- | M] (Microsoft Corporation) MD5=798A9E6828997EEF4517ADA8A2259831 -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2009/02/06 06:15:13 | 000,227,840 | ---- | M] (Microsoft Corporation) MD5=F520AB392D58C0A1070268032D809382 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\wmiprvse.exe

< MD5 for: WMIPRVSE.EXE-28F301A9.PF >
[2012/05/09 17:19:19 | 000,057,012 | ---- | M] () MD5=F9894C3AAD1C38AA0019C11B4012A5F5 -- C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf

< %systemroot%\*. /mp /s >
< End of report >

#8
maliprog

Posted 10 May 2012 - 05:59 AM

Trusted Helper

Malware Removal
6,172 posts

This malware infected one of system drivers and we must replace it with clean one. We will try to do it in Step 1. After this step we will try to restart in Normal mode and run Combofix scan.

Step 1

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB

fix.txt 106bytes 118 downloads

Insert your USB drive with fix.txt on it
Start OTLPE
Drag and drop fix.txt into the Custom scans and fixes box
- If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
Then click the Run Fix button at the top

Step 2

Please start your PC in Normal mode. Try to download and run Combofix.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Please don't forget to include these items in your reply:

Combofix log

It would be helpful if you could post each log in separate post

#9
Reddoug

Posted 11 May 2012 - 08:36 PM

Member

Topic Starter
Member
291 posts

Hi
I have had Combo Scan running for 2 hours. I am going to let it run all night and see what happens. Not that big of a hard drive.

Thanks, Doug

#10
Reddoug

Posted 11 May 2012 - 10:31 PM

Member

Topic Starter
Member
291 posts

Hi
Scan has been running for 5 hrs with the screen AutoScan that says scan will take 10 minutes ro double if badly infected. I can here the hard drive working. CPU usage is 3%. Only time I click with mouse was when it asked about installing recovery console.

Doug

#11
maliprog

Posted 11 May 2012 - 11:00 PM

Trusted Helper

Malware Removal
6,172 posts

That is too long. Please try to shut it down and restart your PC. If you must force it to shut down. After restart try these steps.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside:
- Verify Driver Digital Signature
- Detect TDLFS file system
then click OK.
Click the Start Scan button to start the scan.
If a suspicious object is detected, the default action will be Skip
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected for malicious objects
Click Continue then Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
That is too long. Please try to shut it down and restart your PC. After restart try these steps.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
Also, ZIP MBR.dat it creates and attach it to your next reply

Step 3

Please don't forget to include these items in your reply:

TDSSKiller log
aswMBR log

It would be helpful if you could post each log in separate post+

#12
Reddoug

Posted 12 May 2012 - 12:31 PM

Member

Topic Starter
Member
291 posts

Hi

Attached is the MBR.dat in a compressed folder. I sure hope I have everything you want.

Thanks for your help. Doug

TDSSkiller log

07:09:33.0578 1252 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
07:09:35.0875 1252 ============================================================
07:09:35.0875 1252 Current date / time: 2012/05/12 07:09:35.0875
07:09:35.0875 1252 SystemInfo:
07:09:35.0875 1252
07:09:35.0968 1252 OS Version: 5.1.2600 ServicePack: 3.0
07:09:35.0968 1252 Product type: Workstation
07:09:35.0968 1252 ComputerName: JOHN-RJB6SXQFOI
07:09:36.0406 1252 UserName: Lazer Graphics
07:09:36.0406 1252 Windows directory: C:\WINDOWS
07:09:36.0406 1252 System windows directory: C:\WINDOWS
07:09:36.0406 1252 Processor architecture: Intel x86
07:09:36.0406 1252 Number of processors: 2
07:09:36.0406 1252 Page size: 0x1000
07:09:36.0406 1252 Boot type: Normal boot
07:09:36.0406 1252 ============================================================
07:09:48.0062 1252 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:09:49.0453 1252 ============================================================
07:09:49.0453 1252 \Device\Harddisk0\DR0:
07:09:49.0500 1252 MBR partitions:
07:09:49.0500 1252 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
07:09:49.0500 1252 ============================================================
07:09:52.0640 1252 C: <-> \Device\Harddisk0\DR0\Partition0
07:09:52.0843 1252 ============================================================
07:09:52.0843 1252 Initialize success
07:09:52.0843 1252 ============================================================
07:09:58.0453 3772 ============================================================
07:09:58.0453 3772 Scan started
07:09:58.0453 3772 Mode: Manual;
07:09:58.0453 3772 ============================================================
07:10:17.0078 3772 !SASCORE - ok
07:10:25.0843 3772 Abiosdsk - ok
07:10:25.0859 3772 abp480n5 - ok
07:10:27.0875 3772 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:10:28.0187 3772 ACPI - ok
07:10:29.0859 3772 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:10:29.0906 3772 ACPIEC - ok
07:10:29.0906 3772 adpu160m - ok
07:10:30.0656 3772 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
07:10:30.0843 3772 aeaudio - ok
07:10:32.0062 3772 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:10:32.0171 3772 aec - ok
07:10:34.0125 3772 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
07:10:34.0171 3772 AFD - ok
07:10:34.0328 3772 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
07:10:34.0359 3772 AFS2K - ok
07:10:34.0359 3772 Aha154x - ok
07:10:34.0375 3772 aic78u2 - ok
07:10:34.0390 3772 aic78xx - ok
07:10:34.0515 3772 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
07:10:34.0515 3772 Alerter - ok
07:10:34.0640 3772 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
07:10:34.0656 3772 ALG - ok
07:10:34.0671 3772 AliIde - ok
07:10:34.0687 3772 amsint - ok
07:10:35.0031 3772 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:10:35.0093 3772 Apple Mobile Device - ok
07:10:35.0109 3772 AppMgmt - ok
07:10:35.0125 3772 asc - ok
07:10:35.0125 3772 asc3350p - ok
07:10:35.0140 3772 asc3550 - ok
07:10:36.0062 3772 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:10:36.0593 3772 aspnet_state - ok
07:10:36.0859 3772 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:10:36.0906 3772 AsyncMac - ok
07:10:38.0531 3772 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:10:38.0546 3772 atapi - ok
07:10:39.0109 3772 Atdisk - ok
07:10:39.0343 3772 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:10:39.0390 3772 Atmarpc - ok
07:10:39.0609 3772 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
07:10:39.0609 3772 AudioSrv - ok
07:10:39.0671 3772 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:10:39.0687 3772 audstub - ok
07:10:41.0218 3772 BCMModem (2d39d498108c4810ef8cc1103a2a5b73) C:\WINDOWS\system32\DRIVERS\BCMDM.sys
07:10:41.0640 3772 BCMModem - ok
07:10:41.0750 3772 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:10:41.0890 3772 Beep - ok
07:10:47.0796 3772 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
07:10:48.0109 3772 BITS - ok
07:10:50.0234 3772 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
07:10:50.0328 3772 Bonjour Service - ok
07:10:50.0437 3772 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
07:10:50.0453 3772 Browser - ok
07:10:50.0500 3772 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:10:50.0500 3772 cbidf2k - ok
07:10:50.0515 3772 cd20xrnt - ok
07:10:50.0562 3772 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:10:50.0578 3772 Cdaudio - ok
07:10:50.0593 3772 cdc_ecm - ok
07:10:50.0671 3772 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:10:50.0687 3772 Cdfs - ok
07:10:50.0750 3772 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:10:50.0750 3772 Cdrom - ok
07:10:50.0765 3772 Changer - ok
07:10:50.0859 3772 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
07:10:50.0890 3772 CiSvc - ok
07:10:51.0046 3772 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
07:10:51.0093 3772 ClipSrv - ok
07:10:51.0531 3772 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:10:52.0265 3772 clr_optimization_v2.0.50727_32 - ok
07:10:52.0281 3772 CmdIde - ok
07:10:52.0296 3772 COMSysApp - ok
07:10:52.0328 3772 Cpqarray - ok
07:10:53.0296 3772 cpuz135 - ok
07:10:53.0578 3772 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
07:10:53.0625 3772 CryptSvc - ok
07:10:53.0640 3772 dac2w2k - ok
07:10:53.0656 3772 dac960nt - ok
07:10:53.0750 3772 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
07:10:53.0781 3772 DcomLaunch - ok
07:10:53.0890 3772 ddxgb - ok
07:10:54.0031 3772 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
07:10:54.0046 3772 Dhcp - ok
07:10:54.0171 3772 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:10:54.0171 3772 Disk - ok
07:10:54.0187 3772 dmadmin - ok
07:10:54.0718 3772 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:10:54.0859 3772 dmboot - ok
07:10:55.0062 3772 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:10:55.0093 3772 dmio - ok
07:10:55.0125 3772 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:10:55.0140 3772 dmload - ok
07:10:55.0171 3772 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
07:10:55.0171 3772 dmserver - ok
07:10:55.0281 3772 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:10:55.0281 3772 DMusic - ok
07:10:55.0343 3772 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
07:10:55.0343 3772 Dnscache - ok
07:10:55.0484 3772 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
07:10:55.0484 3772 Dot3svc - ok
07:10:55.0500 3772 dpti2o - ok
07:10:55.0578 3772 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:10:55.0578 3772 drmkaud - ok
07:10:55.0640 3772 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
07:10:55.0656 3772 EapHost - ok
07:10:55.0718 3772 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
07:10:55.0718 3772 ERSvc - ok
07:10:55.0765 3772 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
07:10:55.0796 3772 Eventlog - ok
07:10:55.0937 3772 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
07:10:55.0953 3772 EventSystem - ok
07:10:56.0000 3772 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:10:56.0000 3772 Fastfat - ok
07:10:56.0140 3772 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:10:56.0140 3772 FastUserSwitchingCompatibility - ok
07:10:56.0187 3772 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
07:10:56.0203 3772 Fdc - ok
07:10:56.0328 3772 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:10:56.0359 3772 Fips - ok
07:10:56.0437 3772 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:10:56.0437 3772 Flpydisk - ok
07:10:56.0593 3772 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:10:56.0625 3772 FltMgr - ok
07:10:56.0765 3772 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:10:56.0796 3772 FontCache3.0.0.0 - ok
07:10:56.0859 3772 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:10:56.0859 3772 Fs_Rec - ok
07:10:56.0890 3772 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:10:56.0906 3772 Ftdisk - ok
07:10:57.0031 3772 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
07:10:57.0031 3772 GEARAspiWDM - ok
07:10:57.0093 3772 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:10:57.0125 3772 Gpc - ok
07:10:57.0375 3772 Hardlock (ed32d389f8b0e74e400932e020bcfbdf) C:\WINDOWS\system32\drivers\hardlock.sys
07:10:57.0515 3772 Hardlock - ok
07:10:57.0640 3772 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
07:10:57.0640 3772 Haspnt - ok
07:10:57.0734 3772 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:10:57.0734 3772 helpsvc - ok
07:10:57.0828 3772 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
07:10:57.0843 3772 HidServ - ok
07:10:57.0906 3772 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:10:57.0906 3772 HidUsb - ok
07:10:58.0031 3772 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
07:10:58.0062 3772 hkmsvc - ok
07:10:58.0078 3772 hpn - ok
07:10:58.0109 3772 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
07:10:58.0109 3772 HPZid412 - ok
07:10:58.0171 3772 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
07:10:58.0171 3772 HPZipr12 - ok
07:10:58.0203 3772 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
07:10:58.0203 3772 HPZius12 - ok
07:10:58.0406 3772 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:10:58.0468 3772 HTTP - ok
07:10:58.0593 3772 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
07:10:58.0593 3772 HTTPFilter - ok
07:10:58.0609 3772 i2omgmt - ok
07:10:58.0625 3772 i2omp - ok
07:10:58.0718 3772 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:10:58.0734 3772 i8042prt - ok
07:10:58.0859 3772 ialm (50d909fdaf6df35b04c6b6a4bcb6d675) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
07:10:58.0859 3772 ialm - ok
07:10:59.0078 3772 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
07:10:59.0140 3772 IDriverT - ok
07:10:59.0531 3772 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:10:59.0703 3772 idsvc - ok
07:10:59.0750 3772 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:10:59.0750 3772 Imapi - ok
07:10:59.0843 3772 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
07:10:59.0906 3772 ImapiService - ok
07:10:59.0921 3772 ini910u - ok
07:10:59.0937 3772 IntelIde - ok
07:11:00.0093 3772 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:11:00.0093 3772 intelppm - ok
07:11:00.0125 3772 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
07:11:00.0125 3772 ip6fw - ok
07:11:00.0156 3772 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:11:00.0156 3772 IpFilterDriver - ok
07:11:00.0203 3772 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:11:00.0218 3772 IpInIp - ok
07:11:00.0328 3772 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:11:00.0359 3772 IpNat - ok
07:11:00.0609 3772 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
07:11:00.0781 3772 iPod Service - ok
07:11:00.0843 3772 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:11:00.0859 3772 IPSec - ok
07:11:00.0906 3772 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:11:00.0906 3772 IRENUM - ok
07:11:01.0093 3772 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:11:01.0093 3772 isapnp - ok
07:11:01.0218 3772 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
07:11:01.0234 3772 JavaQuickStarterService - ok
07:11:01.0312 3772 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:11:01.0328 3772 Kbdclass - ok
07:11:01.0437 3772 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:11:01.0437 3772 kbdhid - ok
07:11:01.0468 3772 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:11:01.0500 3772 kmixer - ok
07:11:01.0562 3772 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:11:01.0609 3772 KSecDD - ok
07:11:01.0671 3772 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
07:11:01.0718 3772 lanmanserver - ok
07:11:01.0765 3772 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
07:11:01.0781 3772 lanmanworkstation - ok
07:11:01.0796 3772 lbrtfdc - ok
07:11:02.0125 3772 LexBceS (bfadbb0b68e566f6f46b856557a68ec1) C:\WINDOWS\system32\LEXBCES.EXE
07:11:02.0187 3772 LexBceS - ok
07:11:02.0187 3772 lgcpo - ok
07:11:02.0328 3772 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
07:11:02.0328 3772 LmHosts - ok
07:11:02.0453 3772 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
07:11:02.0453 3772 MBAMSwissArmy - ok
07:11:02.0500 3772 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
07:11:02.0500 3772 Messenger - ok
07:11:02.0625 3772 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:11:02.0625 3772 mnmdd - ok
07:11:02.0671 3772 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
07:11:02.0671 3772 mnmsrvc - ok
07:11:02.0750 3772 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:11:02.0750 3772 Modem - ok
07:11:02.0796 3772 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
07:11:02.0796 3772 MODEMCSA - ok
07:11:02.0843 3772 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:11:02.0843 3772 Mouclass - ok
07:11:02.0890 3772 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:11:02.0906 3772 mouhid - ok
07:11:03.0000 3772 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:11:03.0000 3772 MountMgr - ok
07:11:03.0156 3772 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
07:11:03.0156 3772 MpFilter - ok
07:11:03.0328 3772 MpKslca6966d3 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A596067D-703C-44B5-959E-3D563AEF5630}\MpKslca6966d3.sys
07:11:03.0328 3772 MpKslca6966d3 - ok
07:11:03.0343 3772 mraid35x - ok
07:11:03.0421 3772 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:11:03.0484 3772 MRxDAV - ok
07:11:03.0734 3772 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:11:03.0765 3772 MRxSmb - ok
07:11:03.0828 3772 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
07:11:03.0843 3772 MSDTC - ok
07:11:03.0921 3772 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:11:03.0921 3772 Msfs - ok
07:11:03.0937 3772 MSIServer - ok
07:11:04.0031 3772 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:11:04.0046 3772 MSKSSRV - ok
07:11:04.0312 3772 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
07:11:04.0328 3772 MsMpSvc - ok
07:11:04.0359 3772 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:11:04.0359 3772 MSPCLOCK - ok
07:11:04.0500 3772 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:11:04.0500 3772 MSPQM - ok
07:11:04.0593 3772 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:11:04.0671 3772 mssmbios - ok
07:11:04.0734 3772 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
07:11:04.0765 3772 Mup - ok
07:11:04.0859 3772 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
07:11:04.0890 3772 napagent - ok
07:11:05.0062 3772 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:11:05.0093 3772 NDIS - ok
07:11:05.0171 3772 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:11:05.0171 3772 NdisTapi - ok
07:11:05.0218 3772 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:11:05.0218 3772 Ndisuio - ok
07:11:05.0296 3772 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:11:05.0296 3772 NdisWan - ok
07:11:05.0359 3772 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
07:11:05.0359 3772 NDProxy - ok
07:11:05.0421 3772 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:11:05.0421 3772 NetBIOS - ok
07:11:05.0531 3772 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:11:05.0593 3772 NetBT - ok
07:11:05.0671 3772 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
07:11:05.0671 3772 NetDDE - ok
07:11:05.0687 3772 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
07:11:05.0687 3772 NetDDEdsdm - ok
07:11:05.0734 3772 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
07:11:05.0750 3772 Netlogon - ok
07:11:05.0796 3772 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
07:11:05.0812 3772 Netman - ok
07:11:05.0984 3772 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:11:06.0000 3772 NetTcpPortSharing - ok
07:11:06.0062 3772 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
07:11:06.0093 3772 Nla - ok
07:11:06.0140 3772 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:11:06.0156 3772 Npfs - ok
07:11:06.0375 3772 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:11:06.0484 3772 Ntfs - ok
07:11:06.0500 3772 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
07:11:06.0500 3772 NtLmSsp - ok
07:11:06.0671 3772 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
07:11:06.0718 3772 NtmsSvc - ok
07:11:06.0781 3772 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:11:06.0796 3772 Null - ok
07:11:06.0828 3772 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:11:06.0828 3772 NwlnkFlt - ok
07:11:06.0875 3772 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:11:06.0875 3772 NwlnkFwd - ok
07:11:07.0015 3772 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:11:07.0078 3772 ose - ok
07:11:07.0203 3772 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
07:11:07.0203 3772 Parport - ok
07:11:07.0234 3772 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:11:07.0234 3772 PartMgr - ok
07:11:07.0281 3772 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:11:07.0328 3772 ParVdm - ok
07:11:07.0375 3772 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
07:11:07.0375 3772 PCASp50 - ok
07:11:07.0468 3772 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:11:07.0484 3772 PCI - ok
07:11:07.0484 3772 PCIDump - ok
07:11:07.0531 3772 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:11:07.0531 3772 PCIIde - ok
07:11:07.0578 3772 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:11:07.0593 3772 Pcmcia - ok
07:11:07.0625 3772 PCTINDIS5 - ok
07:11:07.0640 3772 PDCOMP - ok
07:11:07.0656 3772 PDFRAME - ok
07:11:07.0687 3772 PDRELI - ok
07:11:07.0734 3772 PDRFRAME - ok
07:11:07.0734 3772 perc2 - ok
07:11:07.0750 3772 perc2hib - ok
07:11:07.0859 3772 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
07:11:07.0875 3772 PlugPlay - ok
07:11:07.0984 3772 Pml Driver HPZ12 (901c43516504cbe582e4c4193e00876a) C:\WINDOWS\system32\HPZipm12.exe
07:11:08.0031 3772 Pml Driver HPZ12 - ok
07:11:08.0046 3772 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:11:08.0046 3772 PolicyAgent - ok
07:11:08.0171 3772 PORTMON - ok
07:11:08.0250 3772 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:11:08.0250 3772 PptpMiniport - ok
07:11:08.0328 3772 PrismXL (6135b976e16f80c1b1363be882344785) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
07:11:08.0328 3772 PrismXL - ok
07:11:08.0406 3772 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
07:11:08.0406 3772 Processor - ok
07:11:08.0421 3772 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:11:08.0421 3772 ProtectedStorage - ok
07:11:08.0437 3772 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:11:08.0468 3772 PSched - ok
07:11:08.0531 3772 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:11:08.0531 3772 Ptilink - ok
07:11:08.0546 3772 ql1080 - ok
07:11:08.0562 3772 Ql10wnt - ok
07:11:08.0578 3772 ql12160 - ok
07:11:08.0593 3772 ql1240 - ok
07:11:08.0609 3772 ql1280 - ok
07:11:08.0640 3772 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:11:08.0640 3772 RasAcd - ok
07:11:08.0703 3772 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
07:11:08.0718 3772 RasAuto - ok
07:11:08.0750 3772 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:11:08.0765 3772 Rasl2tp - ok
07:11:08.0828 3772 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
07:11:08.0843 3772 RasMan - ok
07:11:08.0875 3772 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:11:08.0890 3772 RasPppoe - ok
07:11:08.0921 3772 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:11:08.0937 3772 Raspti - ok
07:11:08.0953 3772 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:11:08.0968 3772 Rdbss - ok
07:11:09.0031 3772 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:11:09.0046 3772 RDPCDD - ok
07:11:09.0171 3772 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
07:11:09.0171 3772 RDPWD - ok
07:11:09.0250 3772 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
07:11:09.0281 3772 RDSessMgr - ok
07:11:09.0343 3772 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:11:09.0343 3772 redbook - ok
07:11:09.0390 3772 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
07:11:09.0406 3772 RemoteAccess - ok
07:11:09.0468 3772 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
07:11:09.0468 3772 RimVSerPort - ok
07:11:09.0515 3772 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
07:11:09.0515 3772 ROOTMODEM - ok
07:11:09.0609 3772 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
07:11:09.0640 3772 RpcLocator - ok
07:11:09.0781 3772 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
07:11:09.0796 3772 RpcSs - ok
07:11:09.0921 3772 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
07:11:09.0984 3772 RSVP - ok
07:11:10.0031 3772 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
07:11:10.0031 3772 rtl8139 - ok
07:11:10.0078 3772 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:11:10.0078 3772 SamSs - ok
07:11:10.0203 3772 SASKUTIL - ok
07:11:10.0250 3772 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
07:11:10.0265 3772 SCardSvr - ok
07:11:10.0359 3772 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
07:11:10.0375 3772 Schedule - ok
07:11:10.0484 3772 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:11:10.0500 3772 Secdrv - ok
07:11:10.0531 3772 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
07:11:10.0546 3772 seclogon - ok
07:11:10.0578 3772 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
07:11:10.0593 3772 SENS - ok
07:11:10.0625 3772 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
07:11:10.0625 3772 serenum - ok
07:11:10.0656 3772 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
07:11:10.0687 3772 Serial - ok
07:11:10.0734 3772 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:11:10.0734 3772 Sfloppy - ok
07:11:10.0875 3772 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
07:11:10.0921 3772 SharedAccess - ok
07:11:11.0078 3772 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:11:11.0078 3772 ShellHWDetection - ok
07:11:11.0093 3772 Simbad - ok
07:11:11.0500 3772 smwdm (eba50c8f7efd8178e8c4bde6b74e744c) C:\WINDOWS\system32\drivers\smwdm.sys
07:11:11.0656 3772 smwdm - ok
07:11:11.0671 3772 Sparrow - ok
07:11:11.0750 3772 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:11:11.0750 3772 splitter - ok
07:11:11.0828 3772 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
07:11:11.0828 3772 Spooler - ok
07:11:11.0859 3772 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:11:11.0906 3772 sr - ok
07:11:12.0046 3772 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
07:11:12.0062 3772 srservice - ok
07:11:12.0296 3772 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
07:11:12.0343 3772 Srv - ok
07:11:12.0406 3772 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
07:11:12.0421 3772 SSDPSRV - ok
07:11:12.0515 3772 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
07:11:12.0578 3772 stisvc - ok
07:11:12.0640 3772 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:11:12.0687 3772 swenum - ok
07:11:12.0734 3772 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:11:12.0734 3772 swmidi - ok
07:11:12.0843 3772 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\WINDOWS\System32\drivers\swmsflt.sys
07:11:12.0859 3772 swmsflt - ok
07:11:12.0859 3772 SwPrv - ok
07:11:12.0890 3772 symc810 - ok
07:11:12.0906 3772 symc8xx - ok
07:11:12.0906 3772 sym_hi - ok
07:11:12.0921 3772 sym_u3 - ok
07:11:12.0968 3772 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:11:13.0000 3772 sysaudio - ok
07:11:13.0062 3772 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
07:11:13.0078 3772 SysmonLog - ok
07:11:13.0140 3772 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
07:11:13.0156 3772 TapiSrv - ok
07:11:13.0343 3772 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:11:13.0421 3772 Tcpip - ok
07:11:13.0484 3772 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:11:13.0484 3772 TDPIPE - ok
07:11:13.0531 3772 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:11:13.0562 3772 TDTCP - ok
07:11:13.0593 3772 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:11:13.0609 3772 TermDD - ok
07:11:13.0796 3772 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
07:11:13.0796 3772 TermService - ok
07:11:13.0875 3772 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:11:13.0875 3772 Themes - ok
07:11:13.0921 3772 TosIde - ok
07:11:14.0015 3772 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
07:11:14.0046 3772 TrkWks - ok
07:11:14.0125 3772 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:11:14.0125 3772 Udfs - ok
07:11:14.0140 3772 ultra - ok
07:11:14.0421 3772 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:11:14.0531 3772 Update - ok
07:11:14.0578 3772 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
07:11:14.0640 3772 upnphost - ok
07:11:14.0687 3772 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
07:11:14.0703 3772 UPS - ok
07:11:14.0781 3772 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
07:11:14.0796 3772 USBAAPL - ok
07:11:14.0843 3772 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:11:14.0843 3772 usbccgp - ok
07:11:14.0906 3772 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:11:14.0906 3772 usbehci - ok
07:11:14.0968 3772 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:11:14.0968 3772 usbhub - ok
07:11:15.0031 3772 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:11:15.0031 3772 usbprint - ok
07:11:15.0046 3772 UsbSADDiag - ok
07:11:15.0078 3772 USBSADModem - ok
07:11:15.0093 3772 UsbSADObex - ok
07:11:15.0109 3772 USBSANDIS - ok
07:11:15.0140 3772 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:11:15.0187 3772 usbscan - ok
07:11:15.0250 3772 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:11:15.0250 3772 usbstor - ok
07:11:15.0281 3772 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:11:15.0296 3772 usbuhci - ok
07:11:15.0328 3772 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
07:11:15.0328 3772 USB_RNDIS - ok
07:11:15.0375 3772 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:11:15.0375 3772 VgaSave - ok
07:11:15.0375 3772 ViaIde - ok
07:11:15.0437 3772 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:11:15.0437 3772 VolSnap - ok
07:11:15.0515 3772 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
07:11:15.0546 3772 VSS - ok
07:11:15.0593 3772 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
07:11:15.0640 3772 W32Time - ok
07:11:15.0734 3772 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:11:15.0750 3772 Wanarp - ok
07:11:16.0140 3772 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
07:11:16.0281 3772 Wdf01000 - ok
07:11:16.0281 3772 WDICA - ok
07:11:16.0343 3772 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:11:16.0375 3772 wdmaud - ok
07:11:16.0421 3772 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
07:11:16.0453 3772 WebClient - ok
07:11:16.0609 3772 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
07:11:16.0656 3772 winmgmt - ok
07:11:16.0796 3772 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
07:11:16.0796 3772 WmdmPmSN - ok
07:11:16.0937 3772 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
07:11:17.0031 3772 WmiApSrv - ok
07:11:17.0593 3772 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
07:11:17.0734 3772 WMPNetworkSvc - ok
07:11:17.0906 3772 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
07:11:17.0921 3772 WS2IFSL - ok
07:11:18.0000 3772 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
07:11:18.0015 3772 wscsvc - ok
07:11:18.0140 3772 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
07:11:18.0187 3772 wuauserv - ok
07:11:18.0296 3772 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:11:18.0328 3772 WudfPf - ok
07:11:18.0359 3772 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:11:18.0375 3772 WudfRd - ok
07:11:18.0437 3772 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
07:11:18.0453 3772 WudfSvc - ok
07:11:18.0703 3772 WUSB54GCv3 (326c012c7fe573829871fe9c9e41cf9b) C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys
07:11:18.0734 3772 WUSB54GCv3 - ok
07:11:19.0046 3772 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
07:11:19.0234 3772 WZCSVC - ok
07:11:19.0281 3772 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
07:11:19.0312 3772 xmlprov - ok
07:11:19.0421 3772 {6080A529-897E-4629-A488-ABA0C29B635E} (1a301c3c65a3d119803fbac5ab65897f) C:\WINDOWS\system32\drivers\ialmsbw.sys
07:11:19.0437 3772 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
07:11:19.0546 3772 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (4afee4b1625d5146b16526e48953d7a6) C:\WINDOWS\system32\drivers\ialmkchw.sys
07:11:19.0546 3772 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
07:11:19.0578 3772 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
07:11:19.0593 3772 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
07:11:19.0593 3772 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
07:11:19.0609 3772 Boot (0x1200) (5696cf2af37e5486fd0f41533773986b) \Device\Harddisk0\DR0\Partition0
07:11:19.0609 3772 \Device\Harddisk0\DR0\Partition0 - ok
07:11:19.0609 3772 ============================================================
07:11:19.0609 3772 Scan finished
07:11:19.0609 3772 ============================================================
07:11:19.0625 1852 Detected object count: 1
07:11:19.0625 1852 Actual detected object count: 1
07:12:00.0406 1852 \Device\Harddisk0\DR0\# - copied to quarantine
07:12:00.0421 1852 \Device\Harddisk0\DR0 - copied to quarantine
07:12:00.0531 1852 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
07:12:00.0531 1852 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
07:12:00.0546 1852 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
07:12:00.0546 1852 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
07:12:00.0546 1852 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
07:12:00.0562 1852 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
07:12:00.0562 1852 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
07:12:00.0593 1852 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
07:12:00.0593 1852 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
07:12:00.0625 1852 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
07:12:00.0640 1852 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
07:12:00.0640 1852 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
07:12:00.0703 1852 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
07:12:00.0703 1852 \Device\Harddisk0\DR0 - ok
07:12:01.0765 1852 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
07:12:08.0578 1960 Deinitialize success

awsMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-12 07:24:33
-----------------------------
07:24:33.546 OS Version: Windows 5.1.2600 Service Pack 3
07:24:33.546 Number of processors: 2 586 0x207
07:24:33.546 ComputerName: JOHN-RJB6SXQFOI UserName: Lazer Graphics
07:24:36.984 Initialize success
07:29:55.125 AVAST engine defs: 12051200
07:32:16.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:32:16.546 Disk 0 Vendor: WDC_WD1200BB-53DWA0 15.05R15 Size: 114473MB BusType: 3
07:32:16.562 Disk 0 MBR read successfully
07:32:16.562 Disk 0 MBR scan
07:32:16.640 Disk 0 Windows XP default MBR code
07:32:16.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114470 MB offset 63
07:32:16.656 Disk 0 scanning sectors +234436545
07:32:16.750 Disk 0 scanning C:\WINDOWS\system32\drivers
07:32:30.140 Service scanning
07:32:52.031 Modules scanning
07:33:07.421 Disk 0 trace - called modules:
07:33:07.437 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
07:33:07.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863ca9c0]
07:33:07.468 3 CLASSPNP.SYS[f777ffd7] -> nt!IofCallDriver -> \Device\00000066[0x86375f18]
07:33:07.468 5 ACPI.sys[f76f6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86376700]
07:33:08.468 AVAST engine scan C:\WINDOWS
07:33:28.796 AVAST engine scan C:\WINDOWS\system32
07:36:40.031 AVAST engine scan C:\WINDOWS\system32\drivers
07:37:03.734 AVAST engine scan C:\Documents and Settings\Lazer Graphics
07:41:14.078 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
07:42:04.671 Scan finished successfully
13:06:54.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lazer Graphics\My Documents\MBR.dat"
13:06:54.062 The log file has been saved successfully to "C:\Documents and Settings\Lazer Graphics\My Documents\aswMBR.txt"

Attached Files

MBR.zip 499bytes 93 downloads

#13
Reddoug

Posted 12 May 2012 - 05:47 PM

Member

Topic Starter
Member
291 posts

Hi
One other thing. I found some memory, up to 2gb's,(4 512mb's) ran memtest86 all checked ok, computer was running real good, shut down for a few hours and restarted. Nothing came up on monitor and cpu fan running hard. Tried removing two sticks of memory and still would not output to monitor. Now I only have one stick of memory in it. Computer runs okay but slower as expected. I had some different memory in it earlier and had to same problem. Would you have any idea what is up with it. I know this computer is old,(2003 build date) I told my friend he needs to be finding a new or newer computer. 512mb's is what this computer had when I started, was trying to speed it up.
Comp spec's P4 3.06Ghz showing 496mb's of RAM. It is an old Gateway MFATXHRN MDW 510 with an Intel board. Computer is running a lot better after running scans.

Thanks, Doug

#14
Reddoug

Posted 12 May 2012 - 08:01 PM

Member

Topic Starter
Member
291 posts

Hi

I ran Malwarebytes this evening. Below is the log file on what it found.

Doug

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.12.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lazer Graphics :: JOHN-RJB6SXQFOI [administrator]

5/12/2012 6:51:14 PM
mbam-log-2012-05-12 (18-51-14).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 540045
Time elapsed: 1 hour(s), 44 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\TDSSKiller_Quarantine\12.05.2012_07.09.35\mbr0000\tdlfs0000\tsk0001.dta (Trojan.Agent.CR) -> Quarantined and deleted successfully.

(end)

#15
maliprog

Posted 13 May 2012 - 09:36 AM

Trusted Helper

Malware Removal
6,172 posts

First we will deal with malware then we will try to speed it a little bit. As you sad RAM = speed and because you don't have it much we'll try to do our best. First malware...

How is your system now? Any malware related problems?