Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Runs slow - like something's running in background


  • Please log in to reply

#1
elijahmobile

elijahmobile

    Member

  • Member
  • PipPip
  • 41 posts
Computer runs slow - just like something is running in the background. Worse at times - maybe working even harder when browser is open. NO error messages or other strange things. Sometimes unable to shutdown normally.

Since help from Geeks in 2005, have been running up-to-date Norton AntiVirus and MVP Hosts as recommended.

Had great difficulty running OTL (including other versions). Got varying and inconsistent blocking from Norton - finally was able to run OTL.exe. From my previous experience with Geeks I found it strange that Norton had any problem with your tools. OTL logfile & extras follows.

-----------------------------

OTL logfile created on: 5/10/2012 11:18:29 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Ted Goldstone\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 118.49 Mb Available Physical Memory | 11.59% Memory free
2.40 Gb Paging File | 1.72 Gb Available in Paging File | 71.41% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.50 Gb Total Space | 80.61 Gb Free Space | 55.40% Space Free | Partition Type: NTFS
Drive F: | 279.46 Gb Total Space | 35.10 Gb Free Space | 12.56% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: Ted Goldstone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/10 11:17:22 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ted Goldstone\Desktop\OTL.exe
PRC - [2012/03/27 16:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\ccsvchst.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/07 16:10:14 | 000,106,496 | ---- | M] ( ) -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
PRC - [2006/02/06 09:22:54 | 000,073,728 | ---- | M] (EMC Dantz) -- C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
PRC - [2006/01/09 14:56:04 | 000,049,152 | ---- | M] () -- C:\WINDOWS\SYSTEM32\LxrSII1s.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005/03/14 13:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2004/06/29 09:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/06/29 09:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2003/10/23 21:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2003/02/20 14:45:40 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTHELPER.EXE
PRC - [2002/10/29 07:18:24 | 000,049,152 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2002/09/29 23:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
PRC - [2000/02/20 23:05:20 | 000,611,328 | ---- | M] () -- C:\unzipped\mclipbrd\MClipbrd\MClipboard.exe


========== Modules (No Company Name) ==========

MOD - [2008/03/30 00:42:20 | 000,159,744 | ---- | M] () -- C:\Program Files\SuperAVConverter\mmfinfo.dll
MOD - [2008/03/30 00:41:52 | 000,023,552 | ---- | M] () -- C:\Program Files\SuperAVConverter\mkunicode.dll
MOD - [2006/01/09 14:56:04 | 000,049,152 | ---- | M] () -- C:\WINDOWS\SYSTEM32\LxrSII1s.exe
MOD - [2003/05/15 01:03:46 | 000,147,456 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
MOD - [2000/02/20 23:05:20 | 000,611,328 | ---- | M] () -- C:\unzipped\mclipbrd\MClipbrd\MClipboard.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Wirtfrv)
SRV - File not found [On_Demand | Stopped] -- -- (Themtv1me)
SRV - File not found [On_Demand | Stopped] -- -- (Slidoauncpore)
SRV - File not found [On_Demand | Stopped] -- -- (Qlsnredrtp_p)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\Documents and Settings\Ted Goldstone\Desktop\WEB Security\CWShredder V2.15.exe service -- (CWShredder Service)
SRV - File not found [On_Demand | Stopped] -- -- (Ccstocatars)
SRV - File not found [On_Demand | Stopped] -- -- (Audclasce)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [On_Demand | Stopped] -- -- (Ahomsspins)
SRV - File not found [On_Demand | Stopped] -- -- (Agpenuppp)
SRV - File not found [On_Demand | Stopped] -- -- (Aecieteqta)
SRV - [2012/03/27 16:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe -- (NAV)
SRV - [2009/10/20 11:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/01/29 17:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2006/10/05 16:22:36 | 000,024,072 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\SYSTEM32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006/05/08 04:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/04/27 17:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 17:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 17:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/02/07 16:10:14 | 000,106,496 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe -- (NTService1)
SRV - [2006/02/06 09:22:54 | 000,073,728 | ---- | M] (EMC Dantz) [Auto | Running] -- C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe -- (RetroExpLauncher)
SRV - [2006/01/09 14:56:04 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2005/03/14 13:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/06/29 09:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
SRV - [2002/08/29 03:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\COMPACT.EXE -- (Aslprcsora)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | On_Demand | Stopped] -- -- (Wuc0kxics)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NAV\1002000.007\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMNDIS.SYS -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMIDS.SYS -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NAV\1002000.007\SYMDNS.SYS -- (SYMDNS)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (Scs4815sbmad)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (P32tsrpl)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (P310wnqs)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (Neapdekipwad)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (Mssusfetsd)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (Aullskartucc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Alsrier)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (Agxatntinp_po)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (Acpgpw12hadu)
DRV - [2012/04/27 17:18:22 | 000,356,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120509.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/04/02 16:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/03/28 23:28:38 | 000,388,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NAV\1307000.009\symtdi.sys -- (SYMTDI)
DRV - [2012/03/28 23:28:30 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NAV\1307000.009\symefa.sys -- (SymEFA)
DRV - [2012/03/28 23:06:25 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NAV\1307000.009\ironx86.sys -- (SymIRON)
DRV - [2012/03/28 23:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NAV\1307000.009\srtsp.sys -- (SRTSP)
DRV - [2012/03/28 23:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NAV\1307000.009\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2012/03/23 11:32:19 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/02/04 12:32:53 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/04 12:32:53 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/01/12 14:14:33 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120510.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/01/12 14:14:33 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120510.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/29 15:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NAV\1307000.009\ccsetx86.sys -- (ccSet_NAV)
DRV - [2011/07/25 19:18:35 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NAV\1307000.009\symds.sys -- (SymDS)
DRV - [2011/06/01 05:17:14 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\appliand.sys -- (appliandMP)
DRV - [2011/06/01 05:17:14 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\appliand.sys -- (appliand)
DRV - [2009/10/20 11:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)
DRV - [2008/05/12 09:30:02 | 003,007,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2008/02/15 17:50:20 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/12/14 10:37:40 | 000,072,672 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LxrSII1d.sys -- (LxrSII1d)
DRV - [2006/11/28 22:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\APLMp50.sys -- (APLMp50)
DRV - [2005/04/06 15:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mxopswd.sys -- (MXOPSWD)
DRV - [2005/02/14 12:15:33 | 000,010,112 | ---- | M] (OrangeWare Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\o1394b.sys -- (O1394B)
DRV - [2004/08/03 22:59:50 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm)
DRV - [2004/08/03 22:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/06/15 20:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/05/29 15:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/03/05 20:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 20:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 20:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/12/19 02:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup)
DRV - [2003/10/08 16:34:24 | 000,032,084 | R--- | M] (Cirrus Logic Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\adsexpb.sys -- (ADSEXPB)
DRV - [2003/04/28 20:38:08 | 000,010,940 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2003/03/27 08:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/26 13:33:58 | 000,498,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/03/26 13:32:32 | 000,189,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/03/26 13:32:02 | 000,141,536 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hap16v2k.sys -- (hap16v2k)
DRV - [2003/03/26 13:31:40 | 000,823,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/03/13 14:23:28 | 000,019,712 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mxofwfp.sys -- (MaxtorFrontPanel1)
DRV - [2003/03/06 07:10:34 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfmodnt.sys -- (PfModNT)
DRV - [2003/02/20 14:24:46 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)
DRV - [2003/02/20 14:24:34 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/02/20 14:24:18 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/02/20 14:22:38 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)
DRV - [2002/12/13 01:06:40 | 000,129,875 | R--- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/01/14 22:07:50 | 000,015,584 | ---- | M] (Ahead Software AG
im Stoeckmaedle 18
76307 Karlsbad, Germany
Fax: ++49-7248-911-888
e-mail: [email protected]) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NeroCd2k.sys -- (NeroCd2k)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [1997/06/17 04:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ATMHELPR.SYS -- (ATMhelpr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.charter.n...le/index.php?q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
IE - HKCU\..\SearchScopes,DefaultScope = {FCBD308E-E22E-4B97-A979-091CBD5DEDCF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0AAB7FBA-437E-45B7-AC66-4FAB4B04517B}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{FCBD308E-E22E-4B97-A979-091CBD5DEDCF}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2012/01/31 11:59:38 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/04/18 21:03:53 | 000,601,780 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 16120 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Ted Goldstone\Start Menu\Programs\Startup\MClipboard.lnk = C:\unzipped\mclipbrd\MClipbrd\MClipboard.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: = 014
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} https://install.char...in/ssctlsma.dll (SmartAccess Ctl Class)
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} http://install.homes...ive/HS_live.cab (HS_live Control)
O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} http://webgames.d.tm...eb.1.0.0.12.cab (CPlayFirstDairyDashWControl Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macr...are/awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcopho...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} https://support.micr...ActiveX/odc.cab (Microsoft PID Sniffer)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcopho...stcoActivia.cab (Snapfish Activia)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} http://install.homes...ive/HS_live.cab (HS_live Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1260650850031 (WUWebControl Class)
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} http://www.nero.com/...ckerControl.cab (NeroVersionCheckerControl Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1256929071347 (MUWebControl Class)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.gamehouse...se/ghplayer.cab (GameHouse Games Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner)
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} http://www.costcopho...ostcoUpload.cab (Snapfish File Upload ActiveX Control)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} http://71.136.8.221/xplugDL.cab (Gif89 Lite Class)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...sa/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.app.../ITDetector.cab (iTunesDetector Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} http://h20270.www2.h...cdetection3.cab (DeviceEnum Class)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} http://entimg.msn.co...snmusax3028.cab (MsnMusicAx Class)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcopho...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.ao.../ampx_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDF6B752-43DE-4973-8C39-625450E7E7D9}: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ted Goldstone\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ted Goldstone\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/10 11:17:22 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ted Goldstone\Desktop\OTL.exe
[2012/05/10 11:16:14 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ted Goldstone\Desktop\OTL.com
[2012/05/06 20:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ted Goldstone\Desktop\Strawberries
[2012/05/05 15:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ted Goldstone\Desktop\road trips
[2012/04/27 17:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ted Goldstone\Desktop\Sears purses
[2012/04/26 17:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ted Goldstone\Desktop\Etsy locket
[2012/04/20 17:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ted Goldstone\Desktop\Colton Dixon
[2012/04/19 13:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ted Goldstone\Desktop\Family Christian
[2012/04/17 17:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ted Goldstone\Desktop\netflix
[2012/04/12 18:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ted Goldstone\Desktop\Sears
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/10 11:24:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FB9BC8B9-98D4-4581-B7E1-CF0DA27CE09B}.job
[2012/05/10 11:17:22 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ted Goldstone\Desktop\OTL.exe
[2012/05/10 11:16:15 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ted Goldstone\Desktop\OTL.com
[2012/05/10 10:41:30 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/05/10 10:40:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/05/10 10:40:44 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/09 21:05:22 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/05/09 21:05:22 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/05/09 21:05:22 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/05/09 21:05:22 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/05/09 21:05:22 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/05/09 21:05:22 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/05/09 21:05:22 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2012/05/09 21:05:22 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2012/05/09 21:04:38 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-10031102}.CDF
[2012/05/09 16:50:04 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Minnesotta Cuke 2.lnk
[2012/05/09 16:49:15 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Ballad of Little Joe 2.lnk
[2012/05/09 16:49:15 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Ballad of Little Joe.lnk
[2012/05/09 11:07:52 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Amazon.com Energizer Watch-Electronic Batteries, 3 Volts, 2032, 2 batteries (Lithium Button Cell) Watches.url
[2012/05/07 19:49:55 | 000,000,396 | ---- | M] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Costco Connection - April 2012 - Page 8-9.url
[2012/05/07 16:24:05 | 000,000,425 | ---- | M] () -- C:\Documents and Settings\Ted Goldstone\Desktop\~The Tide Of Life 1-3~ - YouTube.url
[2012/05/06 17:49:20 | 000,000,573 | ---- | M] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Hawaii Five-0 Loa Aloha (2011).url
[2012/05/05 15:48:12 | 000,115,712 | ---- | M] () -- C:\Documents and Settings\Ted Goldstone\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/05 15:02:26 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\Ted Goldstone\Desktop\FASTENation - 3M™ & SCOTCH® SPRAY ADHESIVES.url
[2012/05/02 11:40:53 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\Ted Goldstone\Desktop\holding FAITH ornament (2) Good.lnk
[2012/05/01 17:28:48 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/01 17:20:30 | 000,000,489 | ---- | M] () -- C:\Documents and Settings\Ted Goldstone\Desktop\2.lnk
[2012/05/01 15:44:18 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Ted Goldstone\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2012/04/29 12:29:54 | 000,000,573 | ---- | M] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Hawaii Five-0 Kame'e (2011).url
[2012/04/27 13:10:50 | 000,001,880 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG
[2012/04/23 15:10:02 | 000,756,488 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1307000.009\Cat.DB
[2012/04/23 15:09:37 | 000,008,942 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1307000.009\VT20120410.034
[2012/04/20 20:09:07 | 000,004,566 | ---- | M] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Switchfoot’s 'Vice Verses' receives two GMA Dove Awards - Washington DC gospel music Examiner.com.url
[2012/04/18 21:03:53 | 000,601,780 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2012/04/18 20:50:55 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1307000.009\isolate.ini
[2012/04/17 16:17:47 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\Ted Goldstone\Desktop\God Lives Within You Pt 2.lnk
[2012/04/17 16:17:38 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\Ted Goldstone\Desktop\God Lives Within You Pt 1.lnk
[2012/04/16 16:51:20 | 000,000,290 | ---- | M] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Bob short haircut-Ambra-Angiolini-shag-bob.url
[2012/04/15 15:15:18 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Fear Not.lnk
[2012/04/14 19:36:29 | 000,001,901 | ---- | M] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Heart, Hands, Home Taco Seasoning Mix.url
[2012/04/13 19:23:57 | 000,000,279 | ---- | M] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Exclusive Interview with The Rocket Summer « My Switchfeed.url
[2012/04/13 14:26:29 | 000,678,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/11 19:51:33 | 000,600,910 | ---- | M] () -- C:\Documents and Settings\Ted Goldstone\Desktop\long bob cut like the straightness little layers (about.com beatuy).jpg
[2012/04/10 18:06:11 | 000,126,532 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/09 16:50:04 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Minnesotta Cuke 2.lnk
[2012/05/09 16:49:15 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Ballad of Little Joe 2.lnk
[2012/05/09 16:49:15 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Ballad of Little Joe.lnk
[2012/05/09 11:07:52 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Amazon.com Energizer Watch-Electronic Batteries, 3 Volts, 2032, 2 batteries (Lithium Button Cell) Watches.url
[2012/05/07 19:49:55 | 000,000,396 | ---- | C] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Costco Connection - April 2012 - Page 8-9.url
[2012/05/07 16:24:05 | 000,000,425 | ---- | C] () -- C:\Documents and Settings\Ted Goldstone\Desktop\~The Tide Of Life 1-3~ - YouTube.url
[2012/05/05 15:02:26 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\Ted Goldstone\Desktop\FASTENation - 3M™ & SCOTCH® SPRAY ADHESIVES.url
[2012/05/01 17:20:30 | 000,000,489 | ---- | C] () -- C:\Documents and Settings\Ted Goldstone\Desktop\2.lnk
[2012/05/01 17:14:12 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Ted Goldstone\Desktop\holding FAITH ornament (2) Good.lnk
[2012/04/20 20:09:07 | 000,004,566 | ---- | C] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Switchfoot’s 'Vice Verses' receives two GMA Dove Awards - Washington DC gospel music Examiner.com.url
[2012/04/17 16:17:47 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\Ted Goldstone\Desktop\God Lives Within You Pt 2.lnk
[2012/04/17 16:17:38 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\Ted Goldstone\Desktop\God Lives Within You Pt 1.lnk
[2012/04/15 15:15:18 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Fear Not.lnk
[2012/04/14 19:36:29 | 000,001,901 | ---- | C] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Heart, Hands, Home Taco Seasoning Mix.url
[2012/04/13 17:51:44 | 000,000,279 | ---- | C] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Exclusive Interview with The Rocket Summer « My Switchfeed.url
[2012/04/11 20:04:59 | 000,000,290 | ---- | C] () -- C:\Documents and Settings\Ted Goldstone\Desktop\Bob short haircut-Ambra-Angiolini-shag-bob.url
[2012/04/11 20:03:32 | 000,600,910 | ---- | C] () -- C:\Documents and Settings\Ted Goldstone\Desktop\long bob cut like the straightness little layers (about.com beatuy).jpg
[2012/03/01 17:14:44 | 000,105,290 | ---- | C] () -- C:\WINDOWS\HPFins09.dat
[2012/03/01 17:14:44 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat
[2012/03/01 15:59:22 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2012/03/01 15:58:16 | 000,000,732 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2012/03/01 15:54:36 | 000,105,290 | ---- | C] () -- C:\WINDOWS\HPFins09.dat.temp
[2012/03/01 15:54:36 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat.temp
[2012/02/27 18:40:26 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/10/14 14:49:12 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Ted Goldstone\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/14 14:44:08 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/06/03 19:38:14 | 000,126,532 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

========== LOP Check ==========

[2011/05/05 18:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applian
[2011/12/30 20:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2007/06/29 10:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/01/09 19:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2012/01/02 17:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2012/03/02 19:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2006/01/04 21:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2005/04/21 22:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/12/30 20:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/02/20 11:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2004/10/11 22:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ted Goldstone\Application Data\Aim
[2009/05/07 20:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ted Goldstone\Application Data\Amazon
[2009/11/19 21:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ted Goldstone\Application Data\AMPSoft
[2008/03/09 11:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ted Goldstone\Application Data\Applian
[2005/04/22 22:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ted Goldstone\Application Data\Backup MyPC Deluxe
[2006/07/15 16:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ted Goldstone\Application Data\Costco Photo Viewer
[2008/05/10 13:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ted Goldstone\Application Data\Costco Photo Viewer US
[2007/12/04 12:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ted Goldstone\Application Data\GetRightToGo
[2004/10/17 14:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ted Goldstone\Application Data\Leadertech
[2009/12/13 17:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ted Goldstone\Application Data\Octoshape
[2009/08/17 19:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ted Goldstone\Application Data\OfficeUpdate12
[2012/01/02 17:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ted Goldstone\Application Data\PlayFirst
[2011/06/16 16:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ted Goldstone\Application Data\Replay Media Catcher 4
[2006/05/19 16:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ted Goldstone\Application Data\Snapfish
[2011/10/23 18:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ted Goldstone\Application Data\Tific
[2006/01/04 21:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ted Goldstone\Application Data\TuneUp Software
[2012/05/10 11:24:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FB9BC8B9-98D4-4581-B7E1-CF0DA27CE09B}.job

========== Purity Check ==========



< End of report >

------------------

OTL Extras logfile created on: 5/10/2012 11:18:29 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Ted Goldstone\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 118.49 Mb Available Physical Memory | 11.59% Memory free
2.40 Gb Paging File | 1.72 Gb Available in Paging File | 71.41% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.50 Gb Total Space | 80.61 Gb Free Space | 55.40% Space Free | Partition Type: NTFS
Drive F: | 279.46 Gb Total Space | 35.10 Gb Free Space | 12.56% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: Ted Goldstone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Adobe\Photoshop CS\Photoshop.exe" = C:\Program Files\Adobe\Photoshop CS\Photoshop.exe:*:Enabled:Adobe Photoshop CS -- (Adobe Systems, Incorporated)
"C:\Program Files\Adobe\Photoshop CS\ImageReady.exe" = C:\Program Files\Adobe\Photoshop CS\ImageReady.exe:*:Enabled:Adobe ImageReady CS -- (Adobe Systems Incorporated)
"C:\Program Files\Homestead\PhotoSite AlbumBuilder\PhotoSite.exe" = C:\Program Files\Homestead\PhotoSite AlbumBuilder\PhotoSite.exe:*:Enabled:PhotoSite -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player -- (RealNetworks, Inc.)
"C:\WINDOWS\SYSTEM32\fxsclnt.exe" = C:\WINDOWS\SYSTEM32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal
"C:\Program Files\WM Recorder 10\RMR.exe" = C:\Program Files\WM Recorder 10\RMR.exe:*:Enabled:RM Stream Recorder
"C:\Program Files\WM Recorder 10\WMR.exe" = C:\Program Files\WM Recorder 10\WMR.exe:*:Enabled:WM Recorder 10
"C:\Program Files\WM Recorder\RMR.exe" = C:\Program Files\WM Recorder\RMR.exe:*:Enabled:RM Recorder
"C:\Program Files\Homestead\Homestead SiteBuilder LPX\SiteBuilderLPXLauncher.exe" = C:\Program Files\Homestead\Homestead SiteBuilder LPX\SiteBuilderLPXLauncher.exe:*:Enabled:Homestead SiteBuilder LPX -- ()
"C:\Program Files\WM Recorder 10\WMR90.exe" = C:\Program Files\WM Recorder 10\WMR90.exe:*:Enabled:Windows Media ™ Stream Recorder
"C:\Program Files\WM Recorder 10\WMVCR.exe" = C:\Program Files\WM Recorder 10\WMVCR.exe:*:Enabled:WM VCR 10
"C:\Program Files\Roxio\Easy Media Creator 7\Home Page\HomePageApp.exe" = C:\Program Files\Roxio\Easy Media Creator 7\Home Page\HomePageApp.exe:*:Enabled:Roxio Easy Media Creator Home
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Roxio\Easy Media Creator 8\Label Creator\RxLabelCreator.exe" = C:\Program Files\Roxio\Easy Media Creator 8\Label Creator\RxLabelCreator.exe:*:Enabled:RxLabelCreator
"C:\Program Files\Roxio\Easy Media Creator 8\Creator Classic\Creator8.exe" = C:\Program Files\Roxio\Easy Media Creator 8\Creator Classic\Creator8.exe:*:Enabled:Creator8
"C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe" = C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe:*:Enabled:Roxio UPnP Renderer Service
"C:\Program Files\WMR11\WMR11.exe" = C:\Program Files\WMR11\WMR11.exe:*:Enabled:WM Recorder 11.0 -- (All Alex,Inc)
"C:\Program Files\Replay Screencast\Replay-Screencast.exe" = C:\Program Files\Replay Screencast\Replay-Screencast.exe:*:Enabled:Replay Screencast 1.21 -- (Applian Technologies Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe" = C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service
"C:\WINDOWS\LMI1A.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI1A.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- (LogMeIn, Inc.)
"C:\Documents and Settings\Ted Goldstone\Local Settings\Temp\WZSE0.TMP\SymNRT.exe" = C:\Documents and Settings\Ted Goldstone\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\WINDOWS\LMI14.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI14.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\Documents and Settings\Ted Goldstone\Local Settings\Temp\WZSE1.TMP\SymNRT.exe" = C:\Documents and Settings\Ted Goldstone\Local Settings\Temp\WZSE1.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Documents and Settings\Ted Goldstone\Local Settings\Temp\WZSE2.TMP\SymNRT.exe" = C:\Documents and Settings\Ted Goldstone\Local Settings\Temp\WZSE2.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Ted Goldstone\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Ted Goldstone\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client
"E:\setup\HPZNET01.EXE" = E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05410044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0F40754C-F1FD-43df-B73E-9DA38399CDD6}" = hpf_ProductContext
"{106B839C-DBA9-0AA9-07E9-9A2597151FF6}" = Catalyst Control Center Graphics Full Existing
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3389299C-9F50-D0C4-197C-A8804303B79F}" = Catalyst Control Center Graphics Light
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{37A17F53-D058-267B-C256-19FB6DDF3843}" = ccc-core-preinstall
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}" = Symantec Technical Support Advanced Chat Controls
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{559BA5B3-E3E1-C8A0-E301-5F50531BD44C}" = ccc-utility
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64850E90-82E2-4F1C-AD0B-E0B3F5FA8A4B}" = CodeFinder 1.23 and AWH update
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79E88160-A5E4-F7D2-1314-DEB8AADD9C29}" = ccc-core-static
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{83735930-0FB1-D871-8832-B5A9E27C93CA}" = CCC Help English
"{8410B358-107A-4FB7-AB2B-6FD952F15A8F}" = Nero 8 Essentials
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{87F59A07-55EE-415E-A966-31F3D8B6B7AD}" = LP6940_Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC6CA16-9B4E-4C10-95EE-2BD91EB0290C}" = LP6940Trb
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B8C0986-647E-40D5-8C36-C67E5A606EBB}" = RealProducer Basic 10
"{9C209B30-F71F-4c53-8D26-453208EC8E91}" = dj6940
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.0
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}" = DiscWizard for Windows
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4952AA3-FCBF-4D28-9DC4-A3935FDC5805}" = Retrospect Express HD 1.1
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0.1 Standard
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.8
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B55EF832-4613-A19B-A222-DDB8B6CE1B52}" = Catalyst Control Center Core Implementation
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CED5BB5B-2A24-2F7F-61B1-2B557484084B}" = Catalyst Control Center Graphics Previews Common
"{D1268F56-DE79-19A8-C8EC-961D48FFD2FE}" = Skins
"{D1B3874F-3057-11D6-B2EA-0050BA18806B}" = Camera Driver
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D780B6D0-4A6B-4336-8CEF-B9F520EFA76B}" = CodeFinder
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{DEB6C5B9-D5BB-D8AC-20F7-F1E0F8A67D5A}" = Catalyst Control Center Graphics Full New
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3812D83-86D2-4445-A841-3E0BA4F9A11C}" = Merriam-Webster
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe Type Manager 4.0" = Adobe Type Manager 4.0
"ADS Tech Master Installer V3.5" = ADS Tech Master Installer V3.5
"ADS Tech V3.5 DVD Xpress CapWiz" = ADS Tech V3.5 DVD Xpress CapWiz
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AMP Font Viewer" = AMP Font Viewer
"AOL Instant Messenger" = AOL Instant Messenger
"Applian FLV Player2.0.23" = Applian FLV Player
"ATI Display Driver" = ATI Display Driver
"CDex" = CDex extraction audio
"Cooking Dash" = Cooking Dash (remove only)
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Easy GIF Animator_is1" = Easy GIF Animator 4.1
"Freecorder_1.0" = Freecorder 2.3 (with Skype Call Recording)
"Hallmark Card Studio" = Hallmark Card Studio
"HijackThis" = HijackThis 1.99.1
"Homestead SiteBuilder LPX" = Homestead SiteBuilder LPX
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP PrecisionScan" = HP PrecisionScan
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"HTMLKit_is1" = HTML-Kit
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Indeo® software" = Indeo® software
"InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InstallShield_{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"MClipboard_is1" = MClipboard 2.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSN Music Assistant" = MSN Music Assistant
"NAV" = Norton AntiVirus
"newsBoys" = newsBoys Screen Saver
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01
"Photodex Presenter" = Photodex Presenter
"PhotoSite AlbumBuilder" = PhotoSite AlbumBuilder
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"Radio_Wizard_1" = Radio Wizard 1.0
"RealPlayer 6.0" = RealPlayer
"Replay Media Catcher 3.0" = Replay Media Catcher 3.0
"Replay Media Catcher 4" = Replay Media Catcher 4 (4.2.8)
"Replay Music3.41" = Replay Music
"Replay_AV_807" = Replay AV 8
"Replay_Converter_1" = Replay Converter 2.8
"Replay_Media_Splitter_1.2" = Replay Media Splitter 1.5.0.2
"Replay_Screencast_1.0" = Replay Screencast 1.21
"SanctusReal" = SanctusReal Screen Saver
"Shockwave" = Shockwave
"Silent-Bob 1.1" = Silent-Bob 1.1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SuperAVConverter V9.5 Build 6500_is1" = SuperAVConverter V9.5 Build 6500
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinZip" = WinZip
"WM Recorder" = WM Recorder
"WM Recorder 14" = WM Recorder 14
"WM Recorder14.10.1" = WM Recorder
"WMFDist11" = Windows Media Format 11 runtime
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoeGirl" = ZoeGirl Screen Saver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Charter Browser Updater" = Charter Browser Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/10/2012 2:21:28 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.

Error - 3/11/2012 4:18:37 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.

Error - 3/13/2012 10:47:24 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.

Error - 3/13/2012 11:48:57 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18928, fault address 0x00067838.

Error - 3/13/2012 11:50:01 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18928, fault address 0x00067838.

Error - 4/7/2012 8:33:42 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.

Error - 4/11/2012 8:33:42 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18928, fault address 0x00067838.

Error - 4/18/2012 8:36:11 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18928, fault address 0x000b9cd8.

Error - 4/21/2012 8:31:40 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.

Error - 5/10/2012 1:44:03 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ole32.dll, version 5.1.2600.2726, fault address 0x0001feab.

[ Application Events ]
Error - 3/10/2012 2:21:28 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.

Error - 3/11/2012 4:18:37 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.

Error - 3/13/2012 10:47:24 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.

Error - 3/13/2012 11:48:57 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18928, fault address 0x00067838.

Error - 3/13/2012 11:50:01 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18928, fault address 0x00067838.

Error - 4/7/2012 8:33:42 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.

Error - 4/11/2012 8:33:42 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18928, fault address 0x00067838.

Error - 4/18/2012 8:36:11 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18928, fault address 0x000b9cd8.

Error - 4/21/2012 8:31:40 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.

Error - 5/10/2012 1:44:03 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ole32.dll, version 5.1.2600.2726, fault address 0x0001feab.

[ System Events ]
Error - 5/10/2012 1:42:14 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Ahomsspins service failed to start due to the following error:
%%3

Error - 5/10/2012 1:42:14 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Alsrier service failed to start due to the following error: %%2

Error - 5/10/2012 1:42:14 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Aslprcsora service failed to start due to the following error:
%%2

Error - 5/10/2012 1:42:14 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Audclasce service failed to start due to the following error:
%%3

Error - 5/10/2012 1:42:14 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Ccstocatars service failed to start due to the following error:
%%3

Error - 5/10/2012 1:42:14 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Mssusfetsd service failed to start due to the following error:
%%2

Error - 5/10/2012 1:42:14 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Neapdekipwad service failed to start due to the following error:
%%2

Error - 5/10/2012 1:42:14 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The P310wnqs service failed to start due to the following error: %%2

Error - 5/10/2012 1:42:14 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Wirtfrv service failed to start due to the following error: %%3

Error - 5/10/2012 2:10:43 PM | Computer Name = DESKTOP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000009A'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.


< End of report >

Edited by elijahmobile, 10 May 2012 - 01:21 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,798 posts
  • MVP
Norton has started flagging OTL recently. We have complained to them but so far they are still doing it.

OK this is going to be a lot of scans and tests. I see signs of malware and I'm also going to look for other causes of slowness (besides Norton which is a CPU hog)

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Then go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7

Then you have a bunch of obsolete Adobe Acrobats and Readers:
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0.1 Standard
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.8
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0

These should be removed and the latest version of Adobe reader downloaded from adobe.com. Do not let them foist any toolbars or security scans on you.


If you did not install or if you no longer need WinPcap 4.1.1 you should uninstall it.

Copy the text in the code box by highlighting and Ctrl + c

:OTL
SRV - File not found [On_Demand | Stopped] -- -- (Wirtfrv)
SRV - File not found [On_Demand | Stopped] -- -- (Themtv1me)
SRV - File not found [On_Demand | Stopped] -- -- (Slidoauncpore)
SRV - File not found [On_Demand | Stopped] -- -- (Qlsnredrtp_p)
SRV - File not found [Disabled | Stopped] -- C:\Documents and Settings\Ted Goldstone\Desktop\WEB Security\CWShredder V2.15.exe service -- (CWShredder Service)
SRV - File not found [On_Demand | Stopped] -- -- (Ccstocatars)
SRV - File not found [On_Demand | Stopped] -- -- (Audclasce)
SRV - File not found [On_Demand | Stopped] -- -- (Ahomsspins)
SRV - File not found [On_Demand | Stopped] -- -- (Agpenuppp)
SRV - File not found [On_Demand | Stopped] -- -- (Aecieteqta)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (Wuc0kxics)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NAV\1002000.007\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMNDIS.SYS -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMIDS.SYS -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NAV\1002000.007\SYMDNS.SYS -- (SYMDNS)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (Scs4815sbmad)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (P32tsrpl)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (P310wnqs)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (Neapdekipwad)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (Mssusfetsd)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (Aullskartucc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Alsrier)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (Agxatntinp_po)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (Acpgpw12hadu)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...sa/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Post Back (copy/paste the .txt files, do not use attachments)

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan (Allow the Avast Engine download and scan)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute for things to settle down.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.





Ron
  • 0

#3
elijahmobile

elijahmobile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Thanks for the quick response.

Log files follow.

========== OTL ==========
Service Wirtfrv stopped successfully!
Service Wirtfrv deleted successfully!
Service Themtv1me stopped successfully!
Service Themtv1me deleted successfully!
Service Slidoauncpore stopped successfully!
Service Slidoauncpore deleted successfully!
Error: No service named Qlsnredrtp_p was found to stop!
Service\Driver key Qlsnredrtp_p not found.
Service CWShredder Service stopped successfully!
Service CWShredder Service deleted successfully!
File C:\Documents and Settings\Ted Goldstone\Desktop\WEB Security\CWShredder V2.15.exe service not found.
Service Ccstocatars stopped successfully!
Service Ccstocatars deleted successfully!
Service Audclasce stopped successfully!
Service Audclasce deleted successfully!
Service Ahomsspins stopped successfully!
Service Ahomsspins deleted successfully!
Service Agpenuppp stopped successfully!
Service Agpenuppp deleted successfully!
Service Aecieteqta stopped successfully!
Service Aecieteqta deleted successfully!
Service Wuc0kxics stopped successfully!
Service Wuc0kxics deleted successfully!
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Error: No service named wanatw) WAN Miniport (ATW was found to stop!
Service\Driver key wanatw) WAN Miniport (ATW not found.
File System32\DRIVERS\wanatw4.sys not found.
Service SYMREDRV stopped successfully!
Service SYMREDRV deleted successfully!
File C:\WINDOWS\system32\drivers\NAV\1002000.007\SYMREDRV.SYS not found.
Service SYMNDIS stopped successfully!
Service SYMNDIS deleted successfully!
File C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMNDIS.SYS not found.
Service SYMIDS stopped successfully!
Service SYMIDS deleted successfully!
File C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMIDS.SYS not found.
Service SYMFW stopped successfully!
Service SYMFW deleted successfully!
File C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMFW.SYS not found.
Service SYMDNS stopped successfully!
Service SYMDNS deleted successfully!
File C:\WINDOWS\system32\drivers\NAV\1002000.007\SYMDNS.SYS not found.
Service Scs4815sbmad stopped successfully!
Service Scs4815sbmad deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service P32tsrpl stopped successfully!
Service P32tsrpl deleted successfully!
Service P310wnqs stopped successfully!
Service P310wnqs deleted successfully!
Service Neapdekipwad stopped successfully!
Service Neapdekipwad deleted successfully!
Service Mssusfetsd stopped successfully!
Service Mssusfetsd deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service iAimTV2 stopped successfully!
Service iAimTV2 deleted successfully!
File System32\DRIVERS\wATV03nt.sys not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
Service bvrp_pci stopped successfully!
Service bvrp_pci deleted successfully!
Service Aullskartucc stopped successfully!
Service Aullskartucc deleted successfully!
Service Alsrier stopped successfully!
Service Alsrier deleted successfully!
Service Agxatntinp_po stopped successfully!
Service Agxatntinp_po deleted successfully!
Service Acpgpw12hadu stopped successfully!
Service Acpgpw12hadu deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
File C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE7CD045-E861-484f-8273-0445EE161910}\ deleted successfully.
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ deleted successfully.
File C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
File C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
File C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk moved successfully.
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk moved successfully.
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk moved successfully.
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe moved successfully.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Ted Goldstone\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Ted Goldstone\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Ted Goldstone\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Ted Goldstone\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Ted Goldstone\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Ted Goldstone\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Ted Goldstone\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Ted Goldstone\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner

User: Ted Goldstone
->Java cache emptied: 19140085 bytes

Total Java Files Cleaned = 18.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 300 bytes

User: Owner

User: Ted Goldstone
->Flash cache emptied: 1139613 bytes

Total Flash Files Cleaned = 1.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.42.3 log created on 05112012_123451

ComboFix 12-05-11.03 - Ted Goldstone 05/11/2012 13:15:17.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.381 [GMT -7:00]
Running from: c:\documents and settings\Ted Goldstone\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\documents and settings\Ted Goldstone\Local Settings\Temporary Internet Files\temp.dmf
c:\documents and settings\Ted Goldstone\WINDOWS
c:\windows\system32\Icons
c:\windows\system32\Icons\16 bit Fix.ico
c:\windows\system32\Icons\23min in [bleep].ico
c:\windows\system32\Icons\2wire SM.ico
c:\windows\system32\Icons\3 People Box.ico
c:\windows\system32\Icons\A BMP.ico
c:\windows\system32\Icons\A GIF.ico
c:\windows\system32\Icons\A JPEG.ico
c:\windows\system32\Icons\A PDF.ico
c:\windows\system32\Icons\A PNG.ico
c:\windows\system32\Icons\A TIFF.ico
c:\windows\system32\Icons\ABC 7 Circle Logo.ico
c:\windows\system32\Icons\ABC LG.ico
c:\windows\system32\Icons\ABC Logo.ico
c:\windows\system32\Icons\ABC News.ico
c:\windows\system32\Icons\ABetterInternet.ico
c:\windows\system32\Icons\Ad-Aware 2007.ico
c:\windows\system32\Icons\Adobe Acrobat NEW LG.ico
c:\windows\system32\Icons\Adobe Acrobat NEW SM.ico
c:\windows\system32\Icons\Adobe Acrobat SM.ico
c:\windows\system32\Icons\Adobe BMP Icon.ico
c:\windows\system32\Icons\ADOBE CLN.ico
c:\windows\system32\Icons\Adobe CS.ico
c:\windows\system32\Icons\ADOBE Logo.ico
c:\windows\system32\Icons\AIM LG.ico
c:\windows\system32\Icons\Air1.ico
c:\windows\system32\Icons\Alex.ico
c:\windows\system32\Icons\AlmondMacaroons.ico
c:\windows\system32\Icons\Almost there.ico
c:\windows\system32\Icons\Amazon LG.ico
c:\windows\system32\Icons\America's Cup.ico
c:\windows\system32\Icons\American Thinker.ico
c:\windows\system32\Icons\AMPfontviewer LG.ico
c:\windows\system32\Icons\AMPsoft.ico
c:\windows\system32\Icons\Annapolis Summit 07.ico
c:\windows\system32\Icons\Answers-BC #2.ico
c:\windows\system32\Icons\Answers-BC.ico
c:\windows\system32\Icons\AP.ico
c:\windows\system32\Icons\Applian Clear.ico
c:\windows\system32\Icons\Applian LG.ico
c:\windows\system32\Icons\Applian NEW SM.ico
c:\windows\system32\Icons\Applian NEW.ico
c:\windows\system32\Icons\Applian SM.ico
c:\windows\system32\Icons\Ardell Lashes.ico
c:\windows\system32\Icons\AskOxford SM.ico
c:\windows\system32\Icons\AT&T.ico
c:\windows\system32\Icons\ATI Radeon.ico
c:\windows\system32\Icons\ATI.ico
c:\windows\system32\Icons\Atribune.ico
c:\windows\system32\Icons\Attache Case LG.ico
c:\windows\system32\Icons\Attache Case SM.ico
c:\windows\system32\Icons\AudioA.ico
c:\windows\system32\Icons\Autry Museum.ico
c:\windows\system32\Icons\AVG 3D.ico
c:\windows\system32\Icons\AVG SM.ico
c:\windows\system32\Icons\AVG.ico
c:\windows\system32\Icons\B of A.ico
c:\windows\system32\Icons\Baby's Name World.ico
c:\windows\system32\Icons\Baby Blue BBQ.ico
c:\windows\system32\Icons\BackMagic.ico
c:\windows\system32\Icons\Baja Fresh.ico
c:\windows\system32\Icons\BandWidth LG.ico
c:\windows\system32\Icons\BandWidth SM.ico
c:\windows\system32\Icons\BandWidth.ico
c:\windows\system32\Icons\Bank of NY LG.ico
c:\windows\system32\Icons\Barnes & Noble.ico
c:\windows\system32\Icons\Bayless Conley.ico
c:\windows\system32\Icons\BBC- America.ico
c:\windows\system32\Icons\BBReports LG.ico
c:\windows\system32\Icons\Bec.ico
c:\windows\system32\Icons\Bed B& B Logo.ico
c:\windows\system32\Icons\Bed Bath & Beyond.ico
c:\windows\system32\Icons\Belarc.ico
c:\windows\system32\Icons\Ben Stein.ico
c:\windows\system32\Icons\Benny Hinn DKGold.ico
c:\windows\system32\Icons\Benny Hinn Pic LG.ico
c:\windows\system32\Icons\Benny Hinn Purple.ico
c:\windows\system32\Icons\Benny Hinn.ico
c:\windows\system32\Icons\Best Buy Clear.ico
c:\windows\system32\Icons\Best Buy CLR.ico
c:\windows\system32\Icons\Best Buy.ico
c:\windows\system32\Icons\BestBuy PoolSupply.ico
c:\windows\system32\Icons\Beta.ico
c:\windows\system32\Icons\Beverly Hills Sign.ico
c:\windows\system32\Icons\Bible Code LG.ico
c:\windows\system32\Icons\Bible Code SM.ico
c:\windows\system32\Icons\Bible Codes.ico
c:\windows\system32\Icons\Bible Gateway.ico
c:\windows\system32\Icons\Bible.ico
c:\windows\system32\Icons\Bill Cloud Pic LG.ico
c:\windows\system32\Icons\Bill Cloud.ico
c:\windows\system32\Icons\Biography.ico
c:\windows\system32\Icons\Black Angus.ico
c:\windows\system32\Icons\Blaze.ico
c:\windows\system32\Icons\Bliss.ico
c:\windows\system32\Icons\Blockbuster.ico
c:\windows\system32\Icons\Blogger.ico
c:\windows\system32\Icons\Blue Block.ico
c:\windows\system32\Icons\Blue i.ico
c:\windows\system32\Icons\Blue Left Arrow.ico
c:\windows\system32\Icons\Blue Marble.ico
c:\windows\system32\Icons\Blue Monitor.ico
c:\windows\system32\Icons\Boombox.ico
c:\windows\system32\Icons\Boston Globe.ico
c:\windows\system32\Icons\Box of Books.ico
c:\windows\system32\Icons\Boxed WMP.ico
c:\windows\system32\Icons\BrainyQuote.ico
c:\windows\system32\Icons\BREATHEcast LG.ico
c:\windows\system32\Icons\Briefcase LG.ico
c:\windows\system32\Icons\Briefcase SM.ico
c:\windows\system32\Icons\Brother.ico
c:\windows\system32\Icons\Burbank Leader.ico
c:\windows\system32\Icons\Burbank.ico
c:\windows\system32\Icons\Burger King.ico
c:\windows\system32\Icons\Butterball LG.ico
c:\windows\system32\Icons\BVOV.ico
c:\windows\system32\Icons\C-Span.ico
c:\windows\system32\Icons\CA DMV Round.ico
c:\windows\system32\Icons\CA DMV.ico
c:\windows\system32\Icons\CA State Seal SM.ico
c:\windows\system32\Icons\Camera Battery.ico
c:\windows\system32\Icons\Canning Pantry.ico
c:\windows\system32\Icons\Carly Simon.ico
c:\windows\system32\Icons\Carol's Car.ico
c:\windows\system32\Icons\Carrizo Plain.ico
c:\windows\system32\Icons\Caution Sign.ico
c:\windows\system32\Icons\CBN Fire LG.ico
c:\windows\system32\Icons\CBN Fire.ico
c:\windows\system32\Icons\CBN LG.ico
c:\windows\system32\Icons\CBS BLack SM.ico
c:\windows\system32\Icons\CBS Logo Blue.ico
c:\windows\system32\Icons\CBS2 Logo.ico
c:\windows\system32\Icons\CCM.ico
c:\windows\system32\Icons\CD Blue Arrow.ico
c:\windows\system32\Icons\CD Colored Label.ico
c:\windows\system32\Icons\CD Gold.ico
c:\windows\system32\Icons\CD Logs.ico
c:\windows\system32\Icons\CD Media.ico
c:\windows\system32\Icons\CD_audio_SONY.ico
c:\windows\system32\Icons\CEM Online.ico
c:\windows\system32\Icons\Centon.ico
c:\windows\system32\Icons\Charles Stanley.ico
c:\windows\system32\Icons\Charter Logo-SM.ico
c:\windows\system32\Icons\Charter Logo.ico
c:\windows\system32\Icons\Charter.ico
c:\windows\system32\Icons\Check Sheet SM.ico
c:\windows\system32\Icons\Cherryland.ico
c:\windows\system32\Icons\Chinese Food.ico
c:\windows\system32\Icons\Christian Ebner.ico
c:\windows\system32\Icons\Christian WorldView LG.ico
c:\windows\system32\Icons\Christian WorldView SM.ico
c:\windows\system32\Icons\Circuit City LG.ico
c:\windows\system32\Icons\Circuit City Logo.ico
c:\windows\system32\Icons\Citi LG.ico
c:\windows\system32\Icons\Citi.ico
c:\windows\system32\Icons\CNN Logo.ico
c:\windows\system32\Icons\Coca Cola.ico
c:\windows\system32\Icons\Cockroach.ico
c:\windows\system32\Icons\CodeFinder Chart LG.ico
c:\windows\system32\Icons\CodeFinder Chart SM.ico
c:\windows\system32\Icons\CodeFinder.ico
c:\windows\system32\Icons\Coleman Graphite.ico
c:\windows\system32\Icons\Commentary.ico
c:\windows\system32\Icons\CompUSA LG.ico
c:\windows\system32\Icons\Computer Associates.ico
c:\windows\system32\Icons\Conair Hair Dryer.ico
c:\windows\system32\Icons\ConfirmThem Gavel.ico
c:\windows\system32\Icons\Cookie.ico
c:\windows\system32\Icons\Cooking Dash.ico
c:\windows\system32\Icons\Corinth Chronicles LG.ico
c:\windows\system32\Icons\Cosmetic Puffs.ico
c:\windows\system32\Icons\Costco NEW SM.ico
c:\windows\system32\Icons\Costco v LG.ico
c:\windows\system32\Icons\Covenant EVF.ico
c:\windows\system32\Icons\Creation Evidence Museum.ico
c:\windows\system32\Icons\Creative White.ico
c:\windows\system32\Icons\Creative.ico
c:\windows\system32\Icons\Crosswalk LG.ico
c:\windows\system32\Icons\Crosswalk.ico
c:\windows\system32\Icons\Crysler Logo.ico
c:\windows\system32\Icons\Crystal Lewis.ico
c:\windows\system32\Icons\CSE Logo.ico
c:\windows\system32\Icons\Cuisinart Toaster.ico
c:\windows\system32\Icons\Cupcake Pin.ico
c:\windows\system32\Icons\Curb #.ico
c:\windows\system32\Icons\Curcuit City Logo.ico
c:\windows\system32\Icons\Current.ico
c:\windows\system32\Icons\Cuticle Nipper.ico
c:\windows\system32\Icons\CWShredder.ico
c:\windows\system32\Icons\Daily Caller.ico
c:\windows\system32\Icons\Daily News.ico
c:\windows\system32\Icons\Daily Standard.ico
c:\windows\system32\Icons\Dave Loggins.ico
c:\windows\system32\Icons\DavidWilkerson.ico
c:\windows\system32\Icons\Day 7 LG.ico
c:\windows\system32\Icons\DEBKAfile.ico
c:\windows\system32\Icons\Dell clear.ico
c:\windows\system32\Icons\DELL Gray.ico
c:\windows\system32\Icons\Dell Logo SM.ico
c:\windows\system32\Icons\DELL Page Clr LG.ico
c:\windows\system32\Icons\DELL Smooth LG.ico
c:\windows\system32\Icons\DELL Smooth SM.ico
c:\windows\system32\Icons\DELL Support LG.ico
c:\windows\system32\Icons\Dell Support.ico
c:\windows\system32\Icons\Democrat Seal.ico
c:\windows\system32\Icons\DHL MED.ico
c:\windows\system32\Icons\Diana Olson.ico
c:\windows\system32\Icons\Diane 7-21-05.ico
c:\windows\system32\Icons\digidesign.ico
c:\windows\system32\Icons\Direct TV.ico
c:\windows\system32\Icons\DIRECTV Wave.ico
c:\windows\system32\Icons\DiscoverThe Network.ico
c:\windows\system32\Icons\Discovery.ico
c:\windows\system32\Icons\Disney Shortcut.ico
c:\windows\system32\Icons\DivX.ico
c:\windows\system32\Icons\DIY Logo.ico
c:\windows\system32\Icons\DNA.ico
c:\windows\system32\Icons\Doctor.ico
c:\windows\system32\Icons\Dogfights LG.ico
c:\windows\system32\Icons\Dr Dobson.ico
c:\windows\system32\Icons\Dr Kennedy.ico
c:\windows\system32\Icons\Dr NObama.ico
c:\windows\system32\Icons\Dr TCP.ico
c:\windows\system32\Icons\Dreyer's SlowChurned.ico
c:\windows\system32\Icons\DVD Media.ico
c:\windows\system32\Icons\DVD.ico
c:\windows\system32\Icons\Eagle Mountian IC.ico
c:\windows\system32\Icons\Earth from Above.ico
c:\windows\system32\Icons\Earth&Moon Viewer.ico
c:\windows\system32\Icons\Earthlink e.ico
c:\windows\system32\Icons\Easy GIF B&W SM.ico
c:\windows\system32\Icons\Easy GIF Animator.ico
c:\windows\system32\Icons\Easy GIF B&W LG.ico
c:\windows\system32\Icons\Eddie Long.ico
c:\windows\system32\Icons\eDeal.ico
c:\windows\system32\Icons\Elder Geek.ico
c:\windows\system32\Icons\Elijah List Logo.ico
c:\windows\system32\Icons\Elliot.ico
c:\windows\system32\Icons\EMC 8 LG.ico
c:\windows\system32\Icons\Emerald Nuts.ico
c:\windows\system32\Icons\EMI.ico
c:\windows\system32\Icons\Encyclopediacom.ico
c:\windows\system32\Icons\Envelope.ico
c:\windows\system32\Icons\EPL.ico
c:\windows\system32\Icons\Estroven PM.ico
c:\windows\system32\Icons\Eureka Sanitaire LG.ico
c:\windows\system32\Icons\Eureka Sanitaire.ico
c:\windows\system32\Icons\Eurozone Logo.ico
c:\windows\system32\Icons\ewido-LG.ico
c:\windows\system32\Icons\ewido SM.ico
c:\windows\system32\Icons\ewido.ico
c:\windows\system32\Icons\F-8 Crusader.ico
c:\windows\system32\Icons\F-Secure LG.ico
c:\windows\system32\Icons\F-Secure.ico
c:\windows\system32\Icons\Facebook LG.ico
c:\windows\system32\Icons\FacebookLG.ico
c:\windows\system32\Icons\Fairburn.ico
c:\windows\system32\Icons\Family Christian LG.ico
c:\windows\system32\Icons\Fasting.ico
c:\windows\system32\Icons\FedEx MED LG.ico
c:\windows\system32\Icons\Feist Directory.ico
c:\windows\system32\Icons\FilePaper.ico
c:\windows\system32\Icons\Film.ico
c:\windows\system32\Icons\Financial Times.ico
c:\windows\system32\Icons\FIRE Folder.ico
c:\windows\system32\Icons\Flash Button.ico
c:\windows\system32\Icons\Flash LG.ico
c:\windows\system32\Icons\Flash logo LG.ico
c:\windows\system32\Icons\FLV File NEW.ico
c:\windows\system32\Icons\FLV File Type.ico
c:\windows\system32\Icons\FLV File.ico
c:\windows\system32\Icons\FLV Player NEW.ico
c:\windows\system32\Icons\FLV Player.ico
c:\windows\system32\Icons\FON SM.ico
c:\windows\system32\Icons\Food Facts.ico
c:\windows\system32\Icons\FOOD Network LG.ico
c:\windows\system32\Icons\FOOD Network.ico
c:\windows\system32\Icons\FoodSection.ico
c:\windows\system32\Icons\Forefront-SM.ico
c:\windows\system32\Icons\FOX News.ico
c:\windows\system32\Icons\FoxNews.ico
c:\windows\system32\Icons\Freecorder.ico
c:\windows\system32\Icons\Frigidaire Frig.ico
c:\windows\system32\Icons\FrontPage Mag SM.ico
c:\windows\system32\Icons\FrontPageMag LG.ico
c:\windows\system32\Icons\FrontPageMag2 SM.ico
c:\windows\system32\Icons\Fruit.ico
c:\windows\system32\Icons\Fry's SM.ico
c:\windows\system32\Icons\Fry's.ico
c:\windows\system32\Icons\Fuse TV.ico
c:\windows\system32\Icons\Gardening.ico
c:\windows\system32\Icons\Gear LG.ico
c:\windows\system32\Icons\GeeksToGo-LG.ico
c:\windows\system32\Icons\GeeksToGo-SM.ico
c:\windows\system32\Icons\GeeksToGo.ico
c:\windows\system32\Icons\GifWorks SM.ico
c:\windows\system32\Icons\Glenn Beck CG.ico
c:\windows\system32\Icons\Glenn Beck GB.ico
c:\windows\system32\Icons\Glenn Beck LOGO.ico
c:\windows\system32\Icons\Glenn Beck.ico
c:\windows\system32\Icons\Glick.ico
c:\windows\system32\Icons\Global Lights.ico
c:\windows\system32\Icons\Globe Grid SM.ico
c:\windows\system32\Icons\Globe NetMeeting.ico
c:\windows\system32\Icons\Globe.ico
c:\windows\system32\Icons\GMail.ico
c:\windows\system32\Icons\GOD TV.ico
c:\windows\system32\Icons\GoldenWeb LG.ico
c:\windows\system32\Icons\GoldenWeb SM.ico
c:\windows\system32\Icons\Google LG.ico
c:\windows\system32\Icons\Google NEW SM.ico
c:\windows\system32\Icons\Google.ico
c:\windows\system32\Icons\Googstapo.ico
c:\windows\system32\Icons\GOP.ico
c:\windows\system32\Icons\Gospel Music Channel.ico
c:\windows\system32\Icons\Green Plus.ico
c:\windows\system32\Icons\Grid Globe SM.ico
c:\windows\system32\Icons\Grid Globe.ico
c:\windows\system32\Icons\Griddler.ico
c:\windows\system32\Icons\Grosh.ico
c:\windows\system32\Icons\GSN Logo SM.ico
c:\windows\system32\Icons\GSN LogoLG.ico
c:\windows\system32\Icons\Guy Fieri.ico
c:\windows\system32\Icons\Hal Lindsey 2.ico
c:\windows\system32\Icons\Hal Lindsey 3.ico
c:\windows\system32\Icons\Hal Lindsey HL SM.ico
c:\windows\system32\Icons\Hal Lindsey.ico
c:\windows\system32\Icons\HalLindseyOracle.ico
c:\windows\system32\Icons\Hallmark LG.ico
c:\windows\system32\Icons\Halos Clear SM.ico
c:\windows\system32\Icons\Halos Clear.ico
c:\windows\system32\Icons\Ham.ico
c:\windows\system32\Icons\Happy Face SM.ico
c:\windows\system32\Icons\Hardware Accel OFF.ico
c:\windows\system32\Icons\HD LOGO.ico
c:\windows\system32\Icons\HE is here LG.ico
c:\windows\system32\Icons\Help.ico
c:\windows\system32\Icons\Henry's.ico
c:\windows\system32\Icons\High School Musical.ico
c:\windows\system32\Icons\HijackThis.ico
c:\windows\system32\Icons\History CH.ico
c:\windows\system32\Icons\HOLD.ico
c:\windows\system32\Icons\Hollywood Video SM.ico
c:\windows\system32\Icons\Holy Spirit Flame.ico
c:\windows\system32\Icons\Home Depot.ico
c:\windows\system32\Icons\Homestead.ico
c:\windows\system32\Icons\Hoster LG.ico
c:\windows\system32\Icons\Hoster.ico
c:\windows\system32\Icons\HOSTS OFF.ico
c:\windows\system32\Icons\Hot Air LG.ico
c:\windows\system32\Icons\Hot Air NEW SM.ico
c:\windows\system32\Icons\Hot Air SM.ico
c:\windows\system32\Icons\HotWater Dispenser.ico
c:\windows\system32\Icons\HP Logo LG.ico
c:\windows\system32\Icons\HP Orange.ico
c:\windows\system32\Icons\HP.ico
c:\windows\system32\Icons\HubbleSite LG.ico
c:\windows\system32\Icons\Hugh Hewitt.ico
c:\windows\system32\Icons\icon sushi.ico
c:\windows\system32\Icons\IE Page.ico
c:\windows\system32\Icons\IE.ico
c:\windows\system32\Icons\IECookie Viewer.ico
c:\windows\system32\Icons\IExplorer.ico
c:\windows\system32\Icons\IKEA LG.ico
c:\windows\system32\Icons\IKEA.ico
c:\windows\system32\Icons\IMDb LG.ico
c:\windows\system32\Icons\IMDb.ico
c:\windows\system32\Icons\IMDbLG.ico
c:\windows\system32\Icons\Indoctrinate U.ico
c:\windows\system32\Icons\Inpop.ico
c:\windows\system32\Icons\Intel.ico
c:\windows\system32\Icons\Intellicast SM.ico
c:\windows\system32\Icons\IntellicastRadar.ico
c:\windows\system32\Icons\IntelliMouse.ico
c:\windows\system32\Icons\Investor's Business Daily.ico
c:\windows\system32\Icons\IOGear LG.ico
c:\windows\system32\Icons\IRS Logo.ico
c:\windows\system32\Icons\Israel Flag.ico
c:\windows\system32\Icons\Israel Map.ico
c:\windows\system32\Icons\Jan Crouch.ico
c:\windows\system32\Icons\JapanFlag.ico
c:\windows\system32\Icons\JapanNavy Flag B.ico
c:\windows\system32\Icons\JapanNavy Furled.ico
c:\windows\system32\Icons\Java LG.ico
c:\windows\system32\Icons\Java SM.ico
c:\windows\system32\Icons\JavaScript.ico
c:\windows\system32\Icons\JC-TV.ico
c:\windows\system32\Icons\Jentzen Franklin.ico
c:\windows\system32\Icons\Jersualem Newswire.ico
c:\windows\system32\Icons\Jerusalem Post.ico
c:\windows\system32\Icons\Jesus Camp.ico
c:\windows\system32\Icons\Jill & Lee LG.ico
c:\windows\system32\Icons\Join Arnold.ico
c:\windows\system32\Icons\Jose Ole LG.ico
c:\windows\system32\Icons\Joseph Prince.ico
c:\windows\system32\Icons\JunkYard Blog.ico
c:\windows\system32\Icons\JunkYardBlog.ico
c:\windows\system32\Icons\JYB SM.ico
c:\windows\system32\Icons\Kenneth Copeland 2.ico
c:\windows\system32\Icons\Kenneth Copeland.ico
c:\windows\system32\Icons\Keys.ico
c:\windows\system32\Icons\Kim Clement Prophecy.ico
c:\windows\system32\Icons\Kim Clement.ico
c:\windows\system32\Icons\KimClement Prophecy.ico
c:\windows\system32\Icons\Kitchen Aid Blender.ico
c:\windows\system32\Icons\KitchenAid.ico
c:\windows\system32\Icons\Kitten.ico
c:\windows\system32\Icons\Kmart LG.ico
c:\windows\system32\Icons\Kmart SM.ico
c:\windows\system32\Icons\KMR.ico
c:\windows\system32\Icons\KozyShack LG.ico
c:\windows\system32\Icons\KreepyKrauly.ico
c:\windows\system32\Icons\LA County Seal.ico
c:\windows\system32\Icons\LA Times.ico
c:\windows\system32\Icons\Label Creator Colored.ico
c:\windows\system32\Icons\Label Creator.ico
c:\windows\system32\Icons\LadyBug.ico
c:\windows\system32\Icons\LAFD Logo.ico
c:\windows\system32\Icons\LATimes LG.ico
c:\windows\system32\Icons\Laura Bush.ico
c:\windows\system32\Icons\Lauren's PAGE.ico
c:\windows\system32\Icons\Lavasoft.ico
c:\windows\system32\Icons\Lemon.ico
c:\windows\system32\Icons\Leslie's Poolmart.ico
c:\windows\system32\Icons\Liberty Medical LG.ico
c:\windows\system32\Icons\Lighting Globe.ico
c:\windows\system32\Icons\Linen N Things.ico
c:\windows\system32\Icons\Litehouse.ico
c:\windows\system32\Icons\Live Doppler 7000+.ico
c:\windows\system32\Icons\Live Search.ico
c:\windows\system32\Icons\Lockman Foundation.ico
c:\windows\system32\Icons\Lomanco.ico
c:\windows\system32\Icons\Love's Abiding Joy.ico
c:\windows\system32\Icons\Love's Long Journey.ico
c:\windows\system32\Icons\Lowe's Lrg.ico
c:\windows\system32\Icons\Lowe's.ico
c:\windows\system32\Icons\Macromedia CLR LG.ico
c:\windows\system32\Icons\Macromedia SM.ico
c:\windows\system32\Icons\Magic of Ordinary Days LG.ico
c:\windows\system32\Icons\Malibu Light.ico
c:\windows\system32\Icons\MAMBOS.ico
c:\windows\system32\Icons\Mark Steyn.ico
c:\windows\system32\Icons\Marzetti.ico
c:\windows\system32\Icons\Maxtor SM.ico
c:\windows\system32\Icons\Maxtor Utilities.ico
c:\windows\system32\Icons\Maxtor.ico
c:\windows\system32\Icons\McAfee SM.ico
c:\windows\system32\Icons\MClipboard.ico
c:\windows\system32\Icons\MD.ico
c:\windows\system32\Icons\Medco Pill CLR.ico
c:\windows\system32\Icons\Medco Pill.ico
c:\windows\system32\Icons\Meuller.ico
c:\windows\system32\Icons\Michael Barone.ico
c:\windows\system32\Icons\Michaels LOGO.ico
c:\windows\system32\Icons\MightyFax.ico
c:\windows\system32\Icons\Military.ico
c:\windows\system32\Icons\Minute Fudge.ico
c:\windows\system32\Icons\Modem.ico
c:\windows\system32\Icons\Moen.ico
c:\windows\system32\Icons\Moonrays LOGO.ico
c:\windows\system32\Icons\Moonrays.ico
c:\windows\system32\Icons\Moore Life Ministries.ico
c:\windows\system32\Icons\Motorola LG.ico
c:\windows\system32\Icons\Motorola SM.ico
c:\windows\system32\Icons\Mountain High.ico
c:\windows\system32\Icons\MovieTickets.ico
c:\windows\system32\Icons\mp3.ico
c:\windows\system32\Icons\Mrs Grass.ico
c:\windows\system32\Icons\MS Beta Puck.ico
c:\windows\system32\Icons\MS Green Button LG.ico
c:\windows\system32\Icons\MS Mouse.ico
c:\windows\system32\Icons\MS Office 3D.ico
c:\windows\system32\Icons\MS Office Logo NEW.ico
c:\windows\system32\Icons\MS Puck.ico
c:\windows\system32\Icons\MS Streets & Trips LG.ico
c:\windows\system32\Icons\MS Update Button.ico
c:\windows\system32\Icons\MS Update Logo LG.ico
c:\windows\system32\Icons\MS Update Logo SM.ico
c:\windows\system32\Icons\MS Update.ico
c:\windows\system32\Icons\MS Win CLR.ico
c:\windows\system32\Icons\MS Windows SM.ico
c:\windows\system32\Icons\MS Windows.ico
c:\windows\system32\Icons\MS Word LG.ico
c:\windows\system32\Icons\MS Word SM.ico
c:\windows\system32\Icons\MS Works.ico
c:\windows\system32\Icons\MSN Butterfly LG.ico
c:\windows\system32\Icons\MSN Butterfly SM.ico
c:\windows\system32\Icons\MSNBC Logo.ico
c:\windows\system32\Icons\MTI Shorcut.ico
c:\windows\system32\Icons\MuVo V100.ico
c:\windows\system32\Icons\MVP HOSTS.ico
c:\windows\system32\Icons\myPCtuneup LG.ico
c:\windows\system32\Icons\MySpace Video.ico
c:\windows\system32\Icons\MySuperSoft LG.ico
c:\windows\system32\Icons\MySuperSoft NEW LG.ico
c:\windows\system32\Icons\MySuperSoft NEW SM.ico
c:\windows\system32\Icons\MySuperSoft SM.ico
c:\windows\system32\Icons\Name Origin.ico
c:\windows\system32\Icons\Nativity Story.ico
c:\windows\system32\Icons\NAV 2007.ico
c:\windows\system32\Icons\NAV LG.ico
c:\windows\system32\Icons\NAV New LG.ico
c:\windows\system32\Icons\Navy Photos.ico
c:\windows\system32\Icons\NAVY SM.ico
c:\windows\system32\Icons\NBC Logo CLEAN.ico
c:\windows\system32\Icons\NBC Logo.ico
c:\windows\system32\Icons\NBC Olympics.ico
c:\windows\system32\Icons\Nero Box LG.ico
c:\windows\system32\Icons\Nero NEW.ico
c:\windows\system32\Icons\Nero SM.ico
c:\windows\system32\Icons\Nero StartSmart.ico
c:\windows\system32\Icons\Nero2 LG.ico
c:\windows\system32\Icons\Netflix LOGO.ico
c:\windows\system32\Icons\New Madrid.ico
c:\windows\system32\Icons\New Yorker LG.ico
c:\windows\system32\Icons\Nikkei-A.ico
c:\windows\system32\Icons\Nikkei-B.ico
c:\windows\system32\Icons\NirSoft SM.ico
c:\windows\system32\Icons\NIST.ico
c:\windows\system32\Icons\NO Sign LG.ico
c:\windows\system32\Icons\NO Sign SM.ico
c:\windows\system32\Icons\NOAA.ico
c:\windows\system32\Icons\Noah's Ark LG.ico
c:\windows\system32\Icons\Northern Alliance.ico
c:\windows\system32\Icons\Norton Atom.ico
c:\windows\system32\Icons\Norton NIS.ico
c:\windows\system32\Icons\NortonCircle.ico
c:\windows\system32\Icons\NortonGlobe.ico
c:\windows\system32\Icons\NortonNIS.ico
c:\windows\system32\Icons\Notebook.ico
c:\windows\system32\Icons\NRO.ico
c:\windows\system32\Icons\NY Sun.ico
c:\windows\system32\Icons\NY Times.ico
c:\windows\system32\Icons\NYP LG.ico
c:\windows\system32\Icons\NYPLibrary.ico
c:\windows\system32\Icons\NYSE.ico
c:\windows\system32\Icons\ObamaSeal.ico
c:\windows\system32\Icons\OC Register.ico
c:\windows\system32\Icons\Office Depot SQ.ico
c:\windows\system32\Icons\Office Depot White.ico
c:\windows\system32\Icons\Oinkster.ico
c:\windows\system32\Icons\Omega Letter LG.ico
c:\windows\system32\Icons\Omega Letter SM.ico
c:\windows\system32\Icons\OmegaLetter LG.ico
c:\windows\system32\Icons\OmegaLetter SM.ico
c:\windows\system32\Icons\OprahWinfrey.ico
c:\windows\system32\Icons\Optical Media.ico
c:\windows\system32\Icons\Orange Globe LG.ico
c:\windows\system32\Icons\OSH Lrg.ico
c:\windows\system32\Icons\Outback Logo.ico
c:\windows\system32\Icons\Outlook Express LG.ico
c:\windows\system32\Icons\Outlook Express SM.ico
c:\windows\system32\Icons\Outlook Express2 LG.ico
c:\windows\system32\Icons\Outlook Express2 SM.ico
c:\windows\system32\Icons\Outpost.ico
c:\windows\system32\Icons\Overland.ico
c:\windows\system32\Icons\Padlock.ico
c:\windows\system32\Icons\PAISTE.ico
c:\windows\system32\Icons\PajamasMedia.ico
c:\windows\system32\Icons\Panasonic.ico
c:\windows\system32\Icons\Panda.ico
c:\windows\system32\Icons\Paper Airplane LG.ico
c:\windows\system32\Icons\PeekIntoYesterday.ico
c:\windows\system32\Icons\People's Choice.ico
c:\windows\system32\Icons\PeoplePC.ico
c:\windows\system32\Icons\Pep Boys.ico
c:\windows\system32\Icons\PepBoys.ico
c:\windows\system32\Icons\Perry Stone.ico
c:\windows\system32\Icons\Petco.ico
c:\windows\system32\Icons\PetSmart.ico
c:\windows\system32\Icons\Pharaoh.ico
c:\windows\system32\Icons\Photo.ico
c:\windows\system32\Icons\Picture.ico
c:\windows\system32\Icons\Pie Chart LG.ico
c:\windows\system32\Icons\Pie Chart SM.ico
c:\windows\system32\Icons\Pinterest SM.ico
c:\windows\system32\Icons\Pocket KillBox.ico
c:\windows\system32\Icons\Politico.ico
c:\windows\system32\Icons\Postage Stamp.ico
c:\windows\system32\Icons\Potters House.ico
c:\windows\system32\Icons\Power Snake.ico
c:\windows\system32\Icons\Powerline AOL.ico
c:\windows\system32\Icons\Powerline NEW SM.ico
c:\windows\system32\Icons\PowerLine.ico
c:\windows\system32\Icons\PrimeMail-Pill.ico
c:\windows\system32\Icons\PrimeMail.ico
c:\windows\system32\Icons\Program BOX w_Disc.ico
c:\windows\system32\Icons\Program BOX.ico
c:\windows\system32\Icons\Puritan's Pride.ico
c:\windows\system32\Icons\Purse.ico
c:\windows\system32\Icons\Quest LOGO.ico
c:\windows\system32\Icons\Quote LG.ico
c:\windows\system32\Icons\QVC.ico
c:\windows\system32\Icons\Rachael Ray.ico
c:\windows\system32\Icons\Radio Wizard.ico
c:\windows\system32\Icons\Ralphs.ico
c:\windows\system32\Icons\RCP LG.ico
c:\windows\system32\Icons\RCP SM.ico
c:\windows\system32\Icons\RealClearPolitics.ico
c:\windows\system32\Icons\Red Ball LG.ico
c:\windows\system32\Icons\Red Ball.ico
c:\windows\system32\Icons\Red X LG.ico
c:\windows\system32\Icons\Red X SM.ico
c:\windows\system32\Icons\Red XL.ico
c:\windows\system32\Icons\Rediscovering The Kingdom.ico
c:\windows\system32\Icons\Regedit.ico
c:\windows\system32\Icons\Replay AV.ico
c:\windows\system32\Icons\Replay Converter NEW.ico
c:\windows\system32\Icons\Replay Converter.ico
c:\windows\system32\Icons\Replay Media Catcher.ico
c:\windows\system32\Icons\Replay Media Splitter.ico
c:\windows\system32\Icons\Replay Music 3.ico
c:\windows\system32\Icons\Replay Music.ico
c:\windows\system32\Icons\Replay Screencast.ico
c:\windows\system32\Icons\Replay Sreencast Full.ico
c:\windows\system32\Icons\ReplayScreencast LG.ico
c:\windows\system32\Icons\Rescue CD 2.ico
c:\windows\system32\Icons\Rescue CD 3.ico
c:\windows\system32\Icons\Rescue CD.ico
c:\windows\system32\Icons\Retrospect.ico
c:\windows\system32\Icons\Reuters.ico
c:\windows\system32\Icons\Rice Cooker.ico
c:\windows\system32\Icons\RileyA-SM.ico
c:\windows\system32\Icons\RileyA.ico
c:\windows\system32\Icons\Router.ico
c:\windows\system32\Icons\Roxio 8.ico
c:\windows\system32\Icons\Roxio Blue LG.ico
c:\windows\system32\Icons\Roxio Blue SM.ico
c:\windows\system32\Icons\Roxio DMSD.ico
c:\windows\system32\Icons\Roxio DMSM.ico
c:\windows\system32\Icons\Roxio DVD.ico
c:\windows\system32\Icons\Roxio Folder.ico
c:\windows\system32\Icons\Roxio LG.ico
c:\windows\system32\Icons\Roxio SM.ico
c:\windows\system32\Icons\Roxio Video Wave Colored.ico
c:\windows\system32\Icons\Roxio Video Wave.ico
c:\windows\system32\Icons\Roxio Yellow LG.ico
c:\windows\system32\Icons\Roxio Yellow SM.ico
c:\windows\system32\Icons\Royal Scale.ico
c:\windows\system32\Icons\RWNH.ico
c:\windows\system32\Icons\Sam & Grace.ico
c:\windows\system32\Icons\Samsung.ico
c:\windows\system32\Icons\Sanctus.ico
c:\windows\system32\Icons\SBC Logo.ico
c:\windows\system32\Icons\Schwinn R23.ico
c:\windows\system32\Icons\Seagate LG.ico
c:\windows\system32\Icons\Seagate SM.ico
c:\windows\system32\Icons\Sears 2.ico
c:\windows\system32\Icons\Seattle Times.ico
c:\windows\system32\Icons\SF Bus Bench.ico
c:\windows\system32\Icons\Sharp Portable AC.ico
c:\windows\system32\Icons\Sharp Wall AC.ico
c:\windows\system32\Icons\Shockwave LG.ico
c:\windows\system32\Icons\Shockwave logo LG.ico
c:\windows\system32\Icons\Shockwave SM.ico
c:\windows\system32\Icons\Shopping Cart #3.ico
c:\windows\system32\Icons\Shopping Cart.ico
c:\windows\system32\Icons\Showtime LG.ico
c:\windows\system32\Icons\Sigalert.ico
c:\windows\system32\Icons\Silent Runners.ico
c:\windows\system32\Icons\Silverlight.ico
c:\windows\system32\Icons\Singapore Time.ico
c:\windows\system32\Icons\Smoke House LG.ico
c:\windows\system32\Icons\Smoke House.ico
c:\windows\system32\Icons\Soap Opera Digest.ico
c:\windows\system32\Icons\SONY 2700 Battery.ico
c:\windows\system32\Icons\SONY BLK LG.ico
c:\windows\system32\Icons\SONY Cyber-Shot LG.ico
c:\windows\system32\Icons\Sony Cybershot.ico
c:\windows\system32\Icons\SONY DVDirect LG.ico
c:\windows\system32\Icons\SONY LG.ico
c:\windows\system32\Icons\SONY Logo.ico
c:\windows\system32\Icons\SONY RND.ico
c:\windows\system32\Icons\SONY SM BLK.ico
c:\windows\system32\Icons\SONY SM.ico
c:\windows\system32\Icons\Sony Style SM.ico
c:\windows\system32\Icons\SONY Walkman-FC.ico
c:\windows\system32\Icons\SONY Walkman.ico
c:\windows\system32\Icons\Southwest.ico
c:\windows\system32\Icons\Sparrow-SM.ico
c:\windows\system32\Icons\Spray N Grow.ico
c:\windows\system32\Icons\SSA Logo.ico
c:\windows\system32\Icons\Staples Easy Button LG.ico
c:\windows\system32\Icons\Staples SM.ico
c:\windows\system32\Icons\Staples.ico
c:\windows\system32\Icons\StarzLG.ico
c:\windows\system32\Icons\State_Local Govt.ico
c:\windows\system32\Icons\Stevia.ico
c:\windows\system32\Icons\STOP.ico
c:\windows\system32\Icons\STRATFOR.ico
c:\windows\system32\Icons\Sun-Times.ico
c:\windows\system32\Icons\SUPERAntiSpyware.ico
c:\windows\system32\Icons\SuperAVConverter LG.ico
c:\windows\system32\Icons\SuperAVConverter NEW LG.ico
c:\windows\system32\Icons\Superior Court Logo.ico
c:\windows\system32\Icons\Susan Boyle.ico
c:\windows\system32\Icons\SwiftVets Logo.ico
c:\windows\system32\Icons\Swivel Sweeper.ico
c:\windows\system32\Icons\Tail Light.ico
c:\windows\system32\Icons\Target.ico
c:\windows\system32\Icons\Target_CLR.ico
c:\windows\system32\Icons\TBN.ico
c:\windows\system32\Icons\Telegraph.ico
c:\windows\system32\Icons\Temple Institute.ico
c:\windows\system32\Icons\Test Pattern.ico
c:\windows\system32\Icons\Theremometer 2.ico
c:\windows\system32\Icons\This Is It.ico
c:\windows\system32\Icons\THISIT.ico
c:\windows\system32\Icons\Thomas Nelson.ico
c:\windows\system32\Icons\Time.ico
c:\windows\system32\Icons\Times Square Church.ico
c:\windows\system32\Icons\Times Square Orange.ico
c:\windows\system32\Icons\TitanTV LG.ico
c:\windows\system32\Icons\Tomato.ico
c:\windows\system32\Icons\TommieZito.ico
c:\windows\system32\Icons\Tony Blair.ico
c:\windows\system32\Icons\Top Secret Recipes.ico
c:\windows\system32\Icons\Toshiba DVDR.ico
c:\windows\system32\Icons\TOTUS.ico
c:\windows\system32\Icons\Town Hall LG.ico
c:\windows\system32\Icons\Town Hall.ico
c:\windows\system32\Icons\Townhall LG.ico
c:\windows\system32\Icons\Townhall NEW 2.ico
c:\windows\system32\Icons\Townhall NEW.ico
c:\windows\system32\Icons\Townhall SM.ico
c:\windows\system32\Icons\Truth Laid Bear.ico
c:\windows\system32\Icons\TuneUp LG.ico
c:\windows\system32\Icons\TuneUP Link LG.ico
c:\windows\system32\Icons\TuneUP Link SM.ico
c:\windows\system32\Icons\TuneUp SM.ico
c:\windows\system32\Icons\TV Ears.ico
c:\windows\system32\Icons\TV.ico
c:\windows\system32\Icons\TVEars.ico
c:\windows\system32\Icons\Two Peas.ico
c:\windows\system32\Icons\Tyndale.ico
c:\windows\system32\Icons\Ulta LG.ico
c:\windows\system32\Icons\UN Logo LG.ico
c:\windows\system32\Icons\UPHClean.ico
c:\windows\system32\Icons\UPI New.ico
c:\windows\system32\Icons\UPI.ico
c:\windows\system32\Icons\UPS-SM.ico
c:\windows\system32\Icons\UPS CLR LG.ico
c:\windows\system32\Icons\UPS LG.ico
c:\windows\system32\Icons\UPS WH LG.ico
c:\windows\system32\Icons\US House.ico
c:\windows\system32\Icons\US News SM.ico
c:\windows\system32\Icons\USA Today LG.ico
c:\windows\system32\Icons\USA Today NEW.ico
c:\windows\system32\Icons\USA Today SM.ico
c:\windows\system32\Icons\USAA LG.ico
c:\windows\system32\Icons\USAToday.ico
c:\windows\system32\Icons\USPS.ico
c:\windows\system32\Icons\UStream LG.ico
c:\windows\system32\Icons\Vacuum.ico
c:\windows\system32\Icons\VeggieTales.ico
c:\windows\system32\Icons\VeggieTalesLG.ico
c:\windows\system32\Icons\VegiTales SM.ico
c:\windows\system32\Icons\Vert Folder.ico
c:\windows\system32\Icons\Video Camera LG.ico
c:\windows\system32\Icons\Video Camera SM.ico
c:\windows\system32\Icons\Vivo.ico
c:\windows\system32\Icons\Vodafone LG.ico
c:\windows\system32\Icons\Vodafone SM.ico
c:\windows\system32\Icons\VW Bug.ico
c:\windows\system32\Icons\VW Logo.ico
c:\windows\system32\Icons\Wall Builders.ico
c:\windows\system32\Icons\Walmart.ico
c:\windows\system32\Icons\Wash Times.ico
c:\windows\system32\Icons\Washington Examiner.ico
c:\windows\system32\Icons\Washington Post.ico
c:\windows\system32\Icons\WashTimes.ico
c:\windows\system32\Icons\Watercolor Rose.ico
c:\windows\system32\Icons\WB Logo.ico
c:\windows\system32\Icons\Weather Channel Logo.ico
c:\windows\system32\Icons\Weather Channel SM.ico
c:\windows\system32\Icons\Weather Channel SQ LG.ico
c:\windows\system32\Icons\Weather RADAR.ico
c:\windows\system32\Icons\Weather SAT.ico
c:\windows\system32\Icons\Weather Station LG.ico
c:\windows\system32\Icons\WEATHER.ico
c:\windows\system32\Icons\Weatherbug.ico
c:\windows\system32\Icons\WEB Design Forum LG CLEAN.ico
c:\windows\system32\Icons\WEB Design Forum SM.ico
c:\windows\system32\Icons\Web.ico
c:\windows\system32\Icons\Weber Grill.ico
c:\windows\system32\Icons\Webster.ico
c:\windows\system32\Icons\What Odor.ico
c:\windows\system32\Icons\Willow Tree.ico
c:\windows\system32\Icons\Wind Turbine.ico
c:\windows\system32\Icons\Windows Media LG.ico
c:\windows\system32\Icons\Windows Media SM.ico
c:\windows\system32\Icons\Windows Page.ico
c:\windows\system32\Icons\WinPcap.ico
c:\windows\system32\Icons\WinUpdatesList.ico
c:\windows\system32\Icons\WinZip.ico
c:\windows\system32\Icons\Wire GLOBE.ico
c:\windows\system32\Icons\WM AIF.ico
c:\windows\system32\Icons\WM ASF.ico
c:\windows\system32\Icons\WM ASX.ico
c:\windows\system32\Icons\WM AU.ico
c:\windows\system32\Icons\WM AVI.ico
c:\windows\system32\Icons\WM MP3.ico
c:\windows\system32\Icons\WM MPEG.ico
c:\windows\system32\Icons\WM MPG4.ico
c:\windows\system32\Icons\WM WAV.ico
c:\windows\system32\Icons\WM WMA.ico
c:\windows\system32\Icons\WM WMV.ico
c:\windows\system32\Icons\WMP 10 LG.ico
c:\windows\system32\Icons\WMP 10 SM.ico
c:\windows\system32\Icons\WMP 11.ico
c:\windows\system32\Icons\WMP Button.ico
c:\windows\system32\Icons\WMR New LG.ico
c:\windows\system32\Icons\WMR New SM.ico
c:\windows\system32\Icons\WMR Pro.ico
c:\windows\system32\Icons\WMR Reel LG.ico
c:\windows\system32\Icons\WMR Reel SM.ico
c:\windows\system32\Icons\WND Red.ico
c:\windows\system32\Icons\WND SM NEW.ico
c:\windows\system32\Icons\Wonderwash LG.ico
c:\windows\system32\Icons\Wood Shingles.ico
c:\windows\system32\Icons\WordPerfect.ico
c:\windows\system32\Icons\WorldChallenge.ico
c:\windows\system32\Icons\WorldNetDaily LRG.ico
c:\windows\system32\Icons\Write Pad.ico
c:\windows\system32\Icons\WSJ Logo.ico
c:\windows\system32\Icons\WSJournal.ico
c:\windows\system32\Icons\XBlock LG.ico
c:\windows\system32\Icons\XBlock SM.ico
c:\windows\system32\Icons\XBlock.ico
c:\windows\system32\Icons\XCleaner.ico
c:\windows\system32\Icons\XP White.ico
c:\windows\system32\Icons\YNet LOGO.ico
c:\windows\system32\Icons\yourDictionary.ico
c:\windows\system32\Icons\YouTube SM.ico
c:\windows\system32\Icons\YouTube.ico
c:\windows\system32\Icons\ZDNet.ico
c:\windows\system32\Icons\ZeroOdorPet.ico
c:\windows\system32\Icons\Zola Levitt SM.ico
c:\windows\system32\nsr13.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_$SYS$ARIES
-------\Legacy_CD_PROXY
.
.
((((((((((((((((((((((((( Files Created from 2012-04-11 to 2012-05-11 )))))))))))))))))))))))))))))))
.
.
2012-05-11 19:34 . 2012-05-11 19:34 -------- d-----w- C:\_OTL
2012-05-04 20:07 . 2012-05-04 20:06 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-23 22:07 . 2012-04-23 22:09 -------- d-----w- c:\windows\system32\drivers\NAV\1307000.009
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 22:55 . 2004-10-12 22:05 1880 ----a-w- c:\windows\AUTOLNCH.REG
2012-05-06 22:31 . 2012-03-29 17:35 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 22:31 . 2011-05-19 19:43 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 20:06 . 2007-05-29 04:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 20:06 . 2010-04-24 18:48 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-23 18:32 . 2009-01-10 06:55 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-23 18:32 . 2009-01-10 06:55 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2007-03-09 08:12 27648 --sha-w- c:\windows\SYSTEM32\AVSredirect.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"CTHelper"="CTHELPER.EXE" [2003-02-20 28672]
"AsioReg"="CTASIO.DLL" [2003-02-20 110592]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
.
c:\documents and settings\Ted Goldstone\Start Menu\Programs\Startup\
MClipboard.lnk - c:\unzipped\mclipbrd\MClipbrd\MClipboard.exe [2000-2-20 611328]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"<NO NAME>"= 014
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AIM"=c:\program files\AIM\aim.exe -cnetwait.odl
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe"
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RetroExpress"=c:\progra~1\RETROS~1\RETROS~1.1\RetroExpress.exe /h
"MaxtorOneTouch"=c:\program files\Maxtor\OneTouch\utils\Onetouch.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Adobe\\Photoshop CS\\Photoshop.exe"=
"c:\\Program Files\\Adobe\\Photoshop CS\\ImageReady.exe"=
"c:\\Program Files\\Homestead\\PhotoSite AlbumBuilder\\PhotoSite.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\Homestead\\Homestead SiteBuilder LPX\\SiteBuilderLPXLauncher.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\WMR11\\WMR11.exe"=
"c:\\Program Files\\Replay Screencast\\Replay-Screencast.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\LMI1A.tmp\\lmi_rescue.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 O1394B;OW 1394b Bus Filter Service;c:\windows\SYSTEM32\DRIVERS\o1394b.sys [3/10/2007 2:53 PM 10112]
R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\NAV\1307000.009\symds.sys [4/23/2012 3:07 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NAV\1307000.009\symefa.sys [4/23/2012 3:07 PM 905336]
R1 ATMhelpr;ATMhelpr;c:\windows\SYSTEM32\DRIVERS\ATMHELPR.SYS [6/24/2005 9:43 AM 4064]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx86.sys [5/8/2012 4:15 PM 821880]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\SYSTEM32\DRIVERS\NAV\1307000.009\ccsetx86.sys [4/23/2012 3:07 PM 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\NAV\1307000.009\ironx86.sys [4/23/2012 3:07 PM 149624]
R2 LxrSII1d;Secure II Driver;c:\windows\SYSTEM32\DRIVERS\LxrSII1d.sys [3/7/2008 7:25 PM 72672]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccsvchst.exe [4/23/2012 3:07 PM 138232]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [10/20/2009 11:19 AM 50704]
R3 appliandMP;appliandMP;c:\windows\SYSTEM32\DRIVERS\appliand.sys [6/16/2011 4:51 PM 28256]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/4/2012 12:32 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120510.001\IDSXpx86.sys [5/10/2012 4:31 PM 356792]
R3 NeroCd2k;NeroCd2k;c:\windows\SYSTEM32\DRIVERS\NeroCd2k.sys [6/17/2005 5:33 PM 15584]
S3 appliand;Applian Network Service;c:\windows\SYSTEM32\DRIVERS\appliand.sys [6/16/2011 4:51 PM 28256]
S3 Aslprcsora;Aslprcsora;c:\windows\SYSTEM32\COMPACT.EXE [8/29/2002 3:00 AM 17408]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - uphcleanhlp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\User_Feed_Synchronization-{FB9BC8B9-98D4-4581-B7E1-CF0DA27CE09B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.earthlink.net/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://webgames.d.tmsrv.com/c=d8f606e0db776caa6c8641fc715f1e42/aff=t_05kn1_wg/p/release/playfirst/wg_dairydash/dairydash/DairyDashWeb.1.0.0.12.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} - hxxp://71.136.8.221/xplugDL.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-HijackThis - c:\vundofix\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-11 13:33
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3240)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\LxrSII1s.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Maxtor\OneTouch\Utils\SyncServices.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2012-05-11 13:38:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-11 20:38
.
Pre-Run: 86,596,145,152 bytes free
Post-Run: 86,759,989,248 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 62F6659A36E8273EAF2453D6B261DD66

13:57:59.0968 1788 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
13:58:00.0562 1788 ============================================================
13:58:00.0562 1788 Current date / time: 2012/05/11 13:58:00.0562
13:58:00.0562 1788 SystemInfo:
13:58:00.0562 1788
13:58:00.0562 1788 OS Version: 5.1.2600 ServicePack: 2.0
13:58:00.0562 1788 Product type: Workstation
13:58:00.0562 1788 ComputerName: DESKTOP
13:58:00.0562 1788 UserName: Ted Goldstone
13:58:00.0562 1788 Windows directory: C:\WINDOWS
13:58:00.0562 1788 System windows directory: C:\WINDOWS
13:58:00.0562 1788 Processor architecture: Intel x86
13:58:00.0562 1788 Number of processors: 2
13:58:00.0562 1788 Page size: 0x1000
13:58:00.0562 1788 Boot type: Normal boot
13:58:00.0562 1788 ============================================================
13:58:01.0156 1788 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:58:01.0171 1788 Drive \Device\Harddisk1\DR1 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:58:01.0171 1788 ============================================================
13:58:01.0171 1788 \Device\Harddisk0\DR0:
13:58:01.0171 1788 MBR partitions:
13:58:01.0171 1788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x12300BB2
13:58:01.0171 1788 \Device\Harddisk1\DR1:
13:58:01.0171 1788 MBR partitions:
13:58:01.0171 1788 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EEAD02
13:58:01.0171 1788 ============================================================
13:58:01.0218 1788 C: <-> \Device\Harddisk0\DR0\Partition0
13:58:01.0421 1788 F: <-> \Device\Harddisk1\DR1\Partition0
13:58:01.0421 1788 ============================================================
13:58:01.0421 1788 Initialize success
13:58:01.0421 1788 ============================================================
13:58:12.0578 2444 ============================================================
13:58:12.0578 2444 Scan started
13:58:12.0578 2444 Mode: Manual;
13:58:12.0578 2444 ============================================================
13:58:13.0015 2444 Abiosdsk - ok
13:58:13.0046 2444 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
13:58:13.0046 2444 abp480n5 - ok
13:58:13.0093 2444 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:58:13.0093 2444 ACPI - ok
13:58:13.0109 2444 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:58:13.0125 2444 ACPIEC - ok
13:58:13.0218 2444 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
13:58:13.0218 2444 Adobe LM Service - ok
13:58:13.0234 2444 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
13:58:13.0250 2444 adpu160m - ok
13:58:13.0281 2444 ADSEXPB (d08916e4579f64af0844ca2c283573a6) C:\WINDOWS\system32\Drivers\adsexpb.sys
13:58:13.0281 2444 ADSEXPB - ok
13:58:13.0312 2444 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
13:58:13.0328 2444 aec - ok
13:58:13.0359 2444 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
13:58:13.0359 2444 AFD - ok
13:58:13.0390 2444 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\System32\DRIVERS\agp440.sys
13:58:13.0406 2444 agp440 - ok
13:58:13.0406 2444 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
13:58:13.0437 2444 agpCPQ - ok
13:58:13.0468 2444 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
13:58:13.0500 2444 Aha154x - ok
13:58:13.0500 2444 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
13:58:13.0500 2444 aic78u2 - ok
13:58:13.0546 2444 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
13:58:13.0546 2444 aic78xx - ok
13:58:13.0578 2444 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
13:58:13.0578 2444 Alerter - ok
13:58:13.0609 2444 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
13:58:13.0609 2444 ALG - ok
13:58:13.0640 2444 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
13:58:13.0640 2444 AliIde - ok
13:58:13.0640 2444 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys
13:58:13.0656 2444 alim1541 - ok
13:58:13.0671 2444 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys
13:58:13.0671 2444 amdagp - ok
13:58:13.0687 2444 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
13:58:13.0687 2444 amsint - ok
13:58:13.0703 2444 APLMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\WINDOWS\system32\Drivers\APLMp50.sys
13:58:13.0703 2444 APLMp50 - ok
13:58:13.0796 2444 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
13:58:13.0796 2444 Apple Mobile Device - ok
13:58:13.0843 2444 appliand (69370f2e2827ffba910d0bfa9e62e484) C:\WINDOWS\system32\DRIVERS\appliand.sys
13:58:13.0859 2444 appliand - ok
13:58:13.0859 2444 appliandMP (69370f2e2827ffba910d0bfa9e62e484) C:\WINDOWS\system32\DRIVERS\appliand.sys
13:58:13.0859 2444 appliandMP - ok
13:58:13.0859 2444 AppMgmt - ok
13:58:13.0906 2444 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:58:13.0906 2444 Arp1394 - ok
13:58:13.0953 2444 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
13:58:13.0968 2444 asc - ok
13:58:13.0968 2444 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
13:58:13.0968 2444 asc3350p - ok
13:58:14.0000 2444 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
13:58:14.0000 2444 asc3550 - ok
13:58:14.0015 2444 Aslprcsora (f47b111821e8557a5605ef83c549887b) C:\WINDOWS\system32\COMPACT.EXE
13:58:14.0031 2444 Aslprcsora - ok
13:58:14.0062 2444 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
13:58:14.0062 2444 ASPI32 - ok
13:58:14.0140 2444 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:58:14.0140 2444 aspnet_state - ok
13:58:14.0156 2444 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:58:14.0156 2444 AsyncMac - ok
13:58:14.0187 2444 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:58:14.0187 2444 atapi - ok
13:58:14.0187 2444 Atdisk - ok
13:58:14.0265 2444 Ati HotKey Poller (5ceda44447a28db469de28afc0950650) C:\WINDOWS\system32\Ati2evxx.exe
13:58:14.0281 2444 Ati HotKey Poller - ok
13:58:14.0343 2444 ATI Smart (737371583e0173f963d74435be3e96d2) C:\WINDOWS\SYSTEM32\ati2sgag.exe
13:58:14.0375 2444 ATI Smart - ok
13:58:14.0593 2444 ati2mtag (b63516824da0d8b9ad136e6e044a795f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:58:14.0671 2444 ati2mtag - ok
13:58:14.0843 2444 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:58:14.0843 2444 Atmarpc - ok
13:58:14.0875 2444 ATMhelpr (3ef1db7f168851914517d4ed36b57c04) C:\WINDOWS\system32\drivers\ATMhelpr.sys
13:58:14.0875 2444 ATMhelpr - ok
13:58:14.0906 2444 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
13:58:14.0906 2444 AudioSrv - ok
13:58:14.0937 2444 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:58:14.0937 2444 audstub - ok
13:58:14.0968 2444 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
13:58:14.0968 2444 b57w2k - ok
13:58:14.0984 2444 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:58:14.0984 2444 Beep - ok
13:58:15.0171 2444 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx86.sys
13:58:15.0218 2444 BHDrvx86 - ok
13:58:15.0281 2444 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
13:58:15.0296 2444 BITS - ok
13:58:15.0375 2444 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
13:58:15.0375 2444 Bonjour Service - ok
13:58:15.0406 2444 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
13:58:15.0406 2444 Browser - ok
13:58:15.0421 2444 catchme - ok
13:58:15.0484 2444 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
13:58:15.0484 2444 cbidf - ok
13:58:15.0500 2444 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:58:15.0500 2444 cbidf2k - ok
13:58:15.0531 2444 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:58:15.0531 2444 CCDECODE - ok
13:58:15.0593 2444 ccSet_NAV (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NAV\1307000.009\ccSetx86.sys
13:58:15.0593 2444 ccSet_NAV - ok
13:58:15.0625 2444 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
13:58:15.0625 2444 cd20xrnt - ok
13:58:15.0640 2444 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:58:15.0671 2444 Cdaudio - ok
13:58:15.0687 2444 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
13:58:15.0687 2444 Cdfs - ok
13:58:15.0703 2444 cdrbsvsd (48c76b30185a93df2875b7cd8244ecd9) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
13:58:15.0703 2444 cdrbsvsd - ok
13:58:15.0734 2444 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:58:15.0750 2444 Cdrom - ok
13:58:15.0781 2444 Cinemsup (f6a0f51706cb4b0d5b8718ff69f831ba) C:\WINDOWS\system32\drivers\Cinemsup.sys
13:58:15.0781 2444 Cinemsup - ok
13:58:15.0812 2444 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
13:58:15.0812 2444 CiSvc - ok
13:58:15.0828 2444 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
13:58:15.0828 2444 ClipSrv - ok
13:58:15.0906 2444 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:58:15.0906 2444 clr_optimization_v2.0.50727_32 - ok
13:58:15.0921 2444 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
13:58:15.0921 2444 CmdIde - ok
13:58:15.0937 2444 COMSysApp - ok
13:58:15.0953 2444 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
13:58:15.0953 2444 Cpqarray - ok
13:58:15.0984 2444 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\System32\CTsvcCDA.exe
13:58:15.0984 2444 Creative Service for CDROM Access - ok
13:58:16.0000 2444 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
13:58:16.0000 2444 CryptSvc - ok
13:58:16.0031 2444 ctac32k (4c638290979600ae2ae329d1608ad2ec) C:\WINDOWS\system32\drivers\ctac32k.sys
13:58:16.0031 2444 ctac32k - ok
13:58:16.0093 2444 ctaud2k (cf5662375781f741513c169cd4094100) C:\WINDOWS\system32\drivers\ctaud2k.sys
13:58:16.0109 2444 ctaud2k - ok
13:58:16.0156 2444 ctdvda2k (437f2b31ba8b6b264d38b4fe6682faec) C:\WINDOWS\system32\drivers\ctdvda2k.sys
13:58:16.0171 2444 ctdvda2k - ok
13:58:16.0203 2444 ctprxy2k (678849d1af0750f68dbdc185252d5926) C:\WINDOWS\system32\drivers\ctprxy2k.sys
13:58:16.0203 2444 ctprxy2k - ok
13:58:16.0218 2444 ctsfm2k (3a076ebfbbbd6879a78863944980da32) C:\WINDOWS\system32\drivers\ctsfm2k.sys
13:58:16.0218 2444 ctsfm2k - ok
13:58:16.0250 2444 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
13:58:16.0250 2444 dac2w2k - ok
13:58:16.0265 2444 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
13:58:16.0265 2444 dac960nt - ok
13:58:16.0328 2444 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
13:58:16.0343 2444 DcomLaunch - ok
13:58:16.0375 2444 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
13:58:16.0375 2444 Dhcp - ok
13:58:16.0406 2444 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
13:58:16.0406 2444 Disk - ok
13:58:16.0421 2444 dmadmin - ok
13:58:16.0484 2444 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
13:58:16.0515 2444 dmboot - ok
13:58:16.0531 2444 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
13:58:16.0546 2444 dmio - ok
13:58:16.0578 2444 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:58:16.0578 2444 dmload - ok
13:58:16.0609 2444 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
13:58:16.0625 2444 dmserver - ok
13:58:16.0640 2444 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
13:58:16.0656 2444 DMusic - ok
13:58:16.0671 2444 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll
13:58:16.0687 2444 Dnscache - ok
13:58:16.0718 2444 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
13:58:16.0718 2444 dpti2o - ok
13:58:16.0734 2444 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
13:58:16.0750 2444 drmkaud - ok
13:58:16.0765 2444 drvmcdb (7df2e645fbda7cde94fcabba7f0de4c2) C:\WINDOWS\system32\drivers\drvmcdb.sys
13:58:16.0765 2444 drvmcdb - ok
13:58:16.0937 2444 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:58:16.0937 2444 eeCtrl - ok
13:58:16.0968 2444 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
13:58:16.0968 2444 EL90XBC - ok
13:58:17.0015 2444 emupia (f7511cf63ef82f7227c03028a3abadb5) C:\WINDOWS\system32\drivers\emupia2k.sys
13:58:17.0015 2444 emupia - ok
13:58:17.0062 2444 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:58:17.0062 2444 EraserUtilRebootDrv - ok
13:58:17.0093 2444 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
13:58:17.0093 2444 ERSvc - ok
13:58:17.0125 2444 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
13:58:17.0140 2444 Eventlog - ok
13:58:17.0187 2444 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\System32\es.dll
13:58:17.0187 2444 EventSystem - ok
13:58:17.0218 2444 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
13:58:17.0218 2444 Fastfat - ok
13:58:17.0265 2444 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
13:58:17.0265 2444 FastUserSwitchingCompatibility - ok
13:58:17.0296 2444 Fax (fcbd571fa0ee8dc238944ae5fab74461) C:\WINDOWS\system32\fxssvc.exe
13:58:17.0296 2444 Fax - ok
13:58:17.0343 2444 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:58:17.0343 2444 Fdc - ok
13:58:17.0375 2444 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
13:58:17.0390 2444 Fips - ok
13:58:17.0406 2444 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:58:17.0421 2444 Flpydisk - ok
13:58:17.0453 2444 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
13:58:17.0453 2444 FltMgr - ok
13:58:17.0562 2444 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:58:17.0562 2444 FontCache3.0.0.0 - ok
13:58:17.0593 2444 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:58:17.0593 2444 Fs_Rec - ok
13:58:17.0625 2444 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:58:17.0625 2444 Ftdisk - ok
13:58:17.0640 2444 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:58:17.0656 2444 GEARAspiWDM - ok
13:58:17.0671 2444 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:58:17.0671 2444 Gpc - ok
13:58:17.0750 2444 ha10kx2k (f24dd43adc784177b28984043bc022ab) C:\WINDOWS\system32\drivers\ha10kx2k.sys
13:58:17.0781 2444 ha10kx2k - ok
13:58:17.0796 2444 hap16v2k (ff65c807ea641ff7310a61be4dec6479) C:\WINDOWS\system32\drivers\hap16v2k.sys
13:58:17.0812 2444 hap16v2k - ok
13:58:17.0875 2444 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:58:17.0875 2444 helpsvc - ok
13:58:17.0875 2444 HidServ - ok
13:58:17.0937 2444 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
13:58:17.0937 2444 HP Port Resolver - ok
13:58:17.0968 2444 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
13:58:17.0968 2444 HP Status Server - ok
13:58:17.0984 2444 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
13:58:17.0984 2444 hpn - ok
13:58:18.0015 2444 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:58:18.0015 2444 HPZid412 - ok
13:58:18.0046 2444 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:58:18.0046 2444 HPZipr12 - ok
13:58:18.0078 2444 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:58:18.0078 2444 HPZius12 - ok
13:58:18.0125 2444 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
13:58:18.0125 2444 HTTP - ok
13:58:18.0156 2444 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
13:58:18.0171 2444 HTTPFilter - ok
13:58:18.0203 2444 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:58:18.0203 2444 i2omgmt - ok
13:58:18.0250 2444 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys
13:58:18.0250 2444 i2omp - ok
13:58:18.0296 2444 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:58:18.0296 2444 i8042prt - ok
13:58:18.0312 2444 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
13:58:18.0312 2444 i81x - ok
13:58:18.0406 2444 IAANTMon (a38bf37fd0795382655f756dd4446fa0) C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
13:58:18.0406 2444 IAANTMon - ok
13:58:18.0406 2444 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
13:58:18.0406 2444 iAimFP0 - ok
13:58:18.0421 2444 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
13:58:18.0437 2444 iAimFP1 - ok
13:58:18.0437 2444 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
13:58:18.0437 2444 iAimFP2 - ok
13:58:18.0453 2444 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
13:58:18.0453 2444 iAimFP3 - ok
13:58:18.0468 2444 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
13:58:18.0468 2444 iAimFP4 - ok
13:58:18.0500 2444 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
13:58:18.0500 2444 iAimTV0 - ok
13:58:18.0515 2444 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
13:58:18.0515 2444 iAimTV1 - ok
13:58:18.0515 2444 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
13:58:18.0531 2444 iAimTV3 - ok
13:58:18.0531 2444 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
13:58:18.0546 2444 iAimTV4 - ok
13:58:18.0609 2444 iaStor (d7731536e183b4397402ca6f9e1d52f7) C:\WINDOWS\system32\drivers\iaStor.sys
13:58:18.0625 2444 iaStor - ok
13:58:18.0750 2444 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
13:58:18.0750 2444 IDriverT - ok
13:58:18.0890 2444 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:58:18.0921 2444 idsvc - ok
13:58:19.0093 2444 IDSxpx86 (c924bf6d42b3d9292268ff1998596bd1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120510.001\IDSxpx86.sys
13:58:19.0109 2444 IDSxpx86 - ok
13:58:19.0234 2444 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\drivers\Imapi.sys
13:58:19.0250 2444 Imapi - ok
13:58:19.0281 2444 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
13:58:19.0281 2444 ImapiService - ok
13:58:19.0312 2444 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
13:58:19.0312 2444 ini910u - ok
13:58:19.0421 2444 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
13:58:19.0453 2444 IntelC51 - ok
13:58:19.0531 2444 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
13:58:19.0562 2444 IntelC52 - ok
13:58:19.0578 2444 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
13:58:19.0578 2444 IntelC53 - ok
13:58:19.0593 2444 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\System32\DRIVERS\intelide.sys
13:58:19.0593 2444 IntelIde - ok
13:58:19.0625 2444 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:58:19.0640 2444 intelppm - ok
13:58:19.0656 2444 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
13:58:19.0656 2444 ip6fw - ok
13:58:19.0671 2444 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:58:19.0671 2444 IpFilterDriver - ok
13:58:19.0687 2444 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:58:19.0687 2444 IpInIp - ok
13:58:19.0734 2444 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:58:19.0734 2444 IpNat - ok
13:58:19.0828 2444 iPod Service (1e6f080d5edb4c3b4c4eb787a0848dcc) C:\Program Files\iPod\bin\iPodService.exe
13:58:19.0859 2444 iPod Service - ok
13:58:19.0890 2444 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:58:19.0890 2444 IPSec - ok
13:58:19.0906 2444 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:58:19.0906 2444 IRENUM - ok
13:58:19.0937 2444 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:58:19.0937 2444 isapnp - ok
13:58:20.0015 2444 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe
13:58:20.0031 2444 JavaQuickStarterService - ok
13:58:20.0062 2444 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:58:20.0062 2444 Kbdclass - ok
13:58:20.0093 2444 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
13:58:20.0109 2444 kmixer - ok
13:58:20.0125 2444 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
13:58:20.0125 2444 KSecDD - ok
13:58:20.0171 2444 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
13:58:20.0171 2444 lanmanserver - ok
13:58:20.0203 2444 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
13:58:20.0203 2444 lanmanworkstation - ok
13:58:20.0250 2444 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
13:58:20.0250 2444 LmHosts - ok
13:58:20.0265 2444 LxrSII1d (7c12f93c005021861a36c11df951891a) C:\WINDOWS\system32\Drivers\LxrSII1d.sys
13:58:20.0265 2444 LxrSII1d - ok
13:58:20.0281 2444 LxrSII1s - ok
13:58:20.0296 2444 MaxtorFrontPanel1 (dad2801f46631b625fb4fb37265fbe6e) C:\WINDOWS\system32\DRIVERS\mxofwfp.sys
13:58:20.0296 2444 MaxtorFrontPanel1 - ok
13:58:20.0328 2444 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
13:58:20.0343 2444 MCSTRM - ok
13:58:20.0359 2444 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
13:58:20.0359 2444 Messenger - ok
13:58:20.0390 2444 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:58:20.0390 2444 mnmdd - ok
13:58:20.0406 2444 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\System32\mnmsrvc.exe
13:58:20.0421 2444 mnmsrvc - ok
13:58:20.0437 2444 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
13:58:20.0453 2444 Modem - ok
13:58:20.0484 2444 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:58:20.0484 2444 MODEMCSA - ok
13:58:20.0500 2444 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
13:58:20.0500 2444 mohfilt - ok
13:58:20.0531 2444 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:58:20.0531 2444 Mouclass - ok
13:58:20.0546 2444 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
13:58:20.0546 2444 MountMgr - ok
13:58:20.0593 2444 MR97310_USB_DUAL_CAMERA (1aae79a4176a957bf2bb679812f04655) C:\WINDOWS\system32\DRIVERS\mr97310c.sys
13:58:20.0593 2444 MR97310_USB_DUAL_CAMERA - ok
13:58:20.0609 2444 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
13:58:20.0609 2444 mraid35x - ok
13:58:20.0656 2444 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:58:20.0671 2444 MRxDAV - ok
13:58:20.0718 2444 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:58:20.0734 2444 MRxSmb - ok
13:58:20.0843 2444 MSCSPTISRV (f1534aca143ca86cd57672953754fab0) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
13:58:20.0843 2444 MSCSPTISRV - ok
13:58:20.0875 2444 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\System32\msdtc.exe
13:58:20.0875 2444 MSDTC - ok
13:58:20.0921 2444 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
13:58:20.0921 2444 Msfs - ok
13:58:20.0921 2444 MSIServer - ok
13:58:20.0953 2444 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:58:20.0953 2444 MSKSSRV - ok
13:58:20.0968 2444 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:58:20.0968 2444 MSPCLOCK - ok
13:58:20.0984 2444 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
13:58:20.0984 2444 MSPQM - ok
13:58:21.0015 2444 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:58:21.0015 2444 mssmbios - ok
13:58:21.0031 2444 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
13:58:21.0046 2444 MSTEE - ok
13:58:21.0062 2444 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
13:58:21.0062 2444 Mup - ok
13:58:21.0093 2444 MXOPSWD (c29f284ff7ab4ed38ce419a9424e52a2) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
13:58:21.0093 2444 MXOPSWD - ok
13:58:21.0125 2444 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:58:21.0125 2444 NABTSFEC - ok
13:58:21.0203 2444 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
13:58:21.0203 2444 NAV - ok
13:58:21.0359 2444 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120510.033\NAVENG.SYS
13:58:21.0375 2444 NAVENG - ok
13:58:21.0500 2444 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120510.033\NAVEX15.SYS
13:58:21.0546 2444 NAVEX15 - ok
13:58:21.0718 2444 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
13:58:21.0718 2444 NDIS - ok
13:58:21.0750 2444 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:58:21.0750 2444 NdisIP - ok
13:58:21.0781 2444 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:58:21.0781 2444 NdisTapi - ok
13:58:21.0796 2444 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:58:21.0812 2444 Ndisuio - ok
13:58:21.0828 2444 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:58:21.0828 2444 NdisWan - ok
13:58:21.0843 2444 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
13:58:21.0843 2444 NDProxy - ok
13:58:22.0015 2444 Nero BackItUp Scheduler 3 (2aae889742376edc5c3203dfb74f28fd) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
13:58:22.0031 2444 Nero BackItUp Scheduler 3 - ok
13:58:22.0062 2444 NeroCd2k (3662b574a525e83a6d784002df0fce5b) C:\WINDOWS\system32\drivers\NeroCd2k.sys
13:58:22.0078 2444 NeroCd2k - ok
13:58:22.0109 2444 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:58:22.0109 2444 NetBIOS - ok
13:58:22.0156 2444 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:58:22.0156 2444 NetBT - ok
13:58:22.0203 2444 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
13:58:22.0203 2444 NetDDE - ok
13:58:22.0218 2444 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
13:58:22.0218 2444 NetDDEdsdm - ok
13:58:22.0250 2444 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:58:22.0250 2444 Netlogon - ok
13:58:22.0281 2444 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
13:58:22.0281 2444 Netman - ok
13:58:22.0390 2444 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:58:22.0390 2444 NetTcpPortSharing - ok
13:58:22.0437 2444 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:58:22.0437 2444 NIC1394 - ok
13:58:22.0484 2444 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
13:58:22.0484 2444 Nla - ok
13:58:22.0500 2444 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
13:58:22.0515 2444 nm - ok
13:58:22.0671 2444 NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
13:58:22.0687 2444 NMIndexingService - ok
13:58:22.0718 2444 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
13:58:22.0734 2444 NPF - ok
13:58:22.0734 2444 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
13:58:22.0750 2444 Npfs - ok
13:58:22.0812 2444 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
13:58:22.0843 2444 Ntfs - ok
13:58:22.0859 2444 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
13:58:22.0859 2444 NtLmSsp - ok
13:58:22.0921 2444 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
13:58:22.0953 2444 NtmsSvc - ok
13:58:23.0031 2444 NTService1 (c2c0ff5f58dc258b77a799e0f8b5925c) C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
13:58:23.0031 2444 NTService1 - ok
13:58:23.0062 2444 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:58:23.0062 2444 Null - ok
13:58:23.0218 2444 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:58:23.0296 2444 nv - ok
13:58:23.0453 2444 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:58:23.0453 2444 NwlnkFlt - ok
13:58:23.0484 2444 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:58:23.0484 2444 NwlnkFwd - ok
13:58:23.0515 2444 O1394B (8e41c7c9c171d07c1ecf108d5e2b1c07) C:\WINDOWS\system32\DRIVERS\o1394b.sys
13:58:23.0515 2444 O1394B - ok
13:58:23.0515 2444 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:58:23.0531 2444 ohci1394 - ok
13:58:23.0562 2444 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
13:58:23.0562 2444 omci - ok
13:58:23.0593 2444 ossrv (f0184fe6069be1541a3d18c02a73d161) C:\WINDOWS\system32\drivers\ctoss2k.sys
13:58:23.0593 2444 ossrv - ok
13:58:23.0625 2444 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
13:58:23.0625 2444 P3 - ok
13:58:23.0734 2444 PACSPTISVR (17bb6b38de8c2bda692ca1db0cea7325) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
13:58:23.0750 2444 PACSPTISVR - ok
13:58:23.0750 2444 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
13:58:23.0750 2444 Parport - ok
13:58:23.0781 2444 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
13:58:23.0781 2444 PartMgr - ok
13:58:23.0796 2444 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:58:23.0796 2444 ParVdm - ok
13:58:23.0828 2444 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
13:58:23.0828 2444 PCI - ok
13:58:23.0828 2444 PCIDump - ok
13:58:23.0859 2444 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:58:23.0859 2444 PCIIde - ok
13:58:23.0875 2444 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:58:23.0890 2444 Pcmcia - ok
13:58:23.0906 2444 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
13:58:23.0906 2444 perc2 - ok
13:58:23.0921 2444 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
13:58:23.0921 2444 perc2hib - ok
13:58:23.0968 2444 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\System32\drivers\PfModNT.sys
13:58:23.0968 2444 PfModNT - ok
13:58:24.0000 2444 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\WINDOWS\system32\IoctlSvc.exe
13:58:24.0000 2444 PLFlash DeviceIoControl Service - ok
13:58:24.0031 2444 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
13:58:24.0031 2444 PlugPlay - ok
13:58:24.0078 2444 Pml Driver HPZ12 (a38b3ce68e7f126190cde4aa3fdf050f) C:\WINDOWS\system32\HPZipm12.exe
13:58:24.0078 2444 Pml Driver HPZ12 - ok
13:58:24.0109 2444 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys
13:58:24.0109 2444 Point32 - ok
13:58:24.0140 2444 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:58:24.0140 2444 PolicyAgent - ok
13:58:24.0171 2444 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:58:24.0171 2444 PptpMiniport - ok
13:58:24.0187 2444 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
13:58:24.0187 2444 Processor - ok
13:58:24.0187 2444 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:58:24.0187 2444 ProtectedStorage - ok
13:58:24.0203 2444 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
13:58:24.0203 2444 PSched - ok
13:58:24.0218 2444 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:58:24.0234 2444 Ptilink - ok
13:58:24.0265 2444 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:58:24.0265 2444 PxHelp20 - ok
13:58:24.0281 2444 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
13:58:24.0296 2444 ql1080 - ok
13:58:24.0296 2444 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
13:58:24.0296 2444 Ql10wnt - ok
13:58:24.0312 2444 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
13:58:24.0328 2444 ql12160 - ok
13:58:24.0328 2444 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
13:58:24.0328 2444 ql1240 - ok
13:58:24.0359 2444 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
13:58:24.0359 2444 ql1280 - ok
13:58:24.0375 2444 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:58:24.0375 2444 RasAcd - ok
13:58:24.0421 2444 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
13:58:24.0421 2444 RasAuto - ok
13:58:24.0437 2444 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:58:24.0453 2444 Rasl2tp - ok
13:58:24.0484 2444 RasMan (d4bd2eeab07fef323f0a0ceecc954f51) C:\WINDOWS\System32\rasmans.dll
13:58:24.0500 2444 RasMan - ok
13:58:24.0515 2444 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:58:24.0515 2444 RasPppoe - ok
13:58:24.0531 2444 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:58:24.0531 2444 Raspti - ok
13:58:24.0562 2444 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:58:24.0578 2444 Rdbss - ok
13:58:24.0578 2444 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:58:24.0578 2444 RDPCDD - ok
13:58:24.0625 2444 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:58:24.0625 2444 rdpdr - ok
13:58:24.0671 2444 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
13:58:24.0671 2444 RDPWD - ok
13:58:24.0703 2444 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
13:58:24.0703 2444 RDSessMgr - ok
13:58:24.0718 2444 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:58:24.0718 2444 redbook - ok
13:58:24.0750 2444 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
13:58:24.0750 2444 RemoteAccess - ok
13:58:24.0828 2444 RetroExpLauncher (16f9aad9b85e7e25e0f5a03ee74e2a3d) C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
13:58:24.0828 2444 RetroExpLauncher - ok
13:58:24.0890 2444 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files\WinPcap\rpcapd.exe
13:58:24.0890 2444 rpcapd - ok
13:58:24.0906 2444 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\System32\locator.exe
13:58:24.0906 2444 RpcLocator - ok
13:58:24.0968 2444 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\System32\rpcss.dll
13:58:24.0984 2444 RpcSs - ok
13:58:25.0031 2444 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
13:58:25.0031 2444 RSVP - ok
13:58:25.0062 2444 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:58:25.0062 2444 SamSs - ok
13:58:25.0093 2444 sbp2port (3e2c3b180872be4120f246d85560b734) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
13:58:25.0093 2444 sbp2port - ok
13:58:25.0109 2444 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
13:58:25.0109 2444 SCardSvr - ok
13:58:25.0156 2444 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
13:58:25.0171 2444 Schedule - ok
13:58:25.0203 2444 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:58:25.0203 2444 Secdrv - ok
13:58:25.0218 2444 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
13:58:25.0218 2444 seclogon - ok
13:58:25.0234 2444 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
13:58:25.0234 2444 SENS - ok
13:58:25.0265 2444 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:58:25.0265 2444 serenum - ok
13:58:25.0312 2444 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
13:58:25.0312 2444 Serial - ok
13:58:25.0328 2444 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:58:25.0328 2444 Sfloppy - ok
13:58:25.0375 2444 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
13:58:25.0390 2444 SharedAccess - ok
13:58:25.0421 2444 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
13:58:25.0437 2444 ShellHWDetection - ok
13:58:25.0437 2444 Simbad - ok
13:58:25.0468 2444 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys
13:58:25.0484 2444 sisagp - ok
13:58:25.0484 2444 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:58:25.0484 2444 SLIP - ok
13:58:25.0531 2444 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
13:58:25.0531 2444 Sparrow - ok
13:58:25.0562 2444 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
13:58:25.0562 2444 splitter - ok
13:58:25.0593 2444 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
13:58:25.0593 2444 Spooler - ok
13:58:25.0718 2444 SPTISRV (3980b48dff300a7e4139f5c64da65f5c) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
13:58:25.0718 2444 SPTISRV - ok
13:58:25.0750 2444 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
13:58:25.0765 2444 sr - ok
13:58:25.0796 2444 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
13:58:25.0796 2444 srservice - ok
13:58:25.0890 2444 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\NAV\1307000.009\SRTSP.SYS
13:58:25.0921 2444 SRTSP - ok
13:58:25.0937 2444 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\NAV\1307000.009\SRTSPX.SYS
13:58:25.0937 2444 SRTSPX - ok
13:58:26.0000 2444 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
13:58:26.0015 2444 Srv - ok
13:58:26.0031 2444 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
13:58:26.0031 2444 SSDPSRV - ok
13:58:26.0140 2444 SSScsiSV (3dbade5b4aa47c245a69e99d72b8e73b) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
13:58:26.0140 2444 SSScsiSV - ok
13:58:26.0187 2444 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
13:58:26.0203 2444 stisvc - ok
13:58:26.0234 2444 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:58:26.0234 2444 streamip - ok
13:58:26.0265 2444 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:58:26.0265 2444 swenum - ok
13:58:26.0296 2444 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
13:58:26.0296 2444 swmidi - ok
13:58:26.0296 2444 SwPrv - ok
13:58:26.0406 2444 Symantec RemoteAssist (267c914667c94e5f47d342311c1c577f) C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
13:58:26.0421 2444 Symantec RemoteAssist - ok
13:58:26.0453 2444 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
13:58:26.0468 2444 symc810 - ok
13:58:26.0484 2444 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
13:58:26.0484 2444 symc8xx - ok
13:58:26.0578 2444 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NAV\1307000.009\SYMDS.SYS
13:58:26.0578 2444 SymDS - ok
13:58:26.0671 2444 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NAV\1307000.009\SYMEFA.SYS
13:58:26.0703 2444 SymEFA - ok
13:58:26.0750 2444 SymEvent (555fb450fe6908600310e990738b41d6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
13:58:26.0765 2444 SymEvent - ok
13:58:26.0796 2444 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NAV\1307000.009\Ironx86.SYS
13:58:26.0796 2444 SymIRON - ok
13:58:26.0859 2444 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NAV\1307000.009\SYMTDI.SYS
13:58:26.0875 2444 SYMTDI - ok
13:58:26.0906 2444 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
13:58:26.0906 2444 sym_hi - ok
13:58:26.0906 2444 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
13:58:26.0921 2444 sym_u3 - ok
13:58:26.0968 2444 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
13:58:26.0968 2444 sysaudio - ok
13:58:27.0000 2444 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
13:58:27.0000 2444 SysmonLog - ok
13:58:27.0046 2444 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
13:58:27.0062 2444 TapiSrv - ok
13:58:27.0125 2444 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:58:27.0140 2444 Tcpip - ok
13:58:27.0156 2444 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:58:27.0156 2444 TDPIPE - ok
13:58:27.0171 2444 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
13:58:27.0171 2444 TDTCP - ok
13:58:27.0203 2444 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:58:27.0203 2444 TermDD - ok
13:58:27.0250 2444 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
13:58:27.0265 2444 TermService - ok
13:58:27.0296 2444 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
13:58:27.0312 2444 Themes - ok
13:58:27.0343 2444 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
13:58:27.0343 2444 TosIde - ok
13:58:27.0375 2444 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
13:58:27.0375 2444 TrkWks - ok
13:58:27.0406 2444 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
13:58:27.0421 2444 Udfs - ok
13:58:27.0453 2444 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
13:58:27.0453 2444 ultra - ok
13:58:27.0500 2444 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
13:58:27.0515 2444 Update - ok
13:58:27.0593 2444 UPHClean (3f9a3232e5f942874488981f3242c989) C:\Program Files\UPHClean\uphclean.exe
13:58:27.0593 2444 UPHClean - ok
13:58:27.0640 2444 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
13:58:27.0656 2444 upnphost - ok
13:58:27.0671 2444 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
13:58:27.0687 2444 UPS - ok
13:58:27.0718 2444 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:58:27.0718 2444 usbccgp - ok
13:58:27.0750 2444 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:58:27.0750 2444 usbehci - ok
13:58:27.0781 2444 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:58:27.0781 2444 usbhub - ok
13:58:27.0812 2444 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:58:27.0812 2444 usbprint - ok
13:58:27.0843 2444 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:58:27.0843 2444 usbscan - ok
13:58:27.0875 2444 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:58:27.0875 2444 USBSTOR - ok
13:58:27.0875 2444 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:58:27.0890 2444 usbuhci - ok
13:58:27.0921 2444 UxTuneUp (0f197488055cf1304964881da0faae19) C:\WINDOWS\System32\uxtuneup.dll
13:58:27.0921 2444 UxTuneUp - ok
13:58:27.0921 2444 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
13:58:27.0937 2444 VgaSave - ok
13:58:27.0953 2444 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys
13:58:27.0953 2444 viaagp - ok
13:58:27.0968 2444 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
13:58:27.0984 2444 ViaIde - ok
13:58:28.0000 2444 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
13:58:28.0015 2444 VolSnap - ok
13:58:28.0062 2444 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
13:58:28.0078 2444 VSS - ok
13:58:28.0125 2444 w32time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
13:58:28.0125 2444 w32time - ok
13:58:28.0156 2444 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:58:28.0156 2444 Wanarp - ok
13:58:28.0171 2444 wanatw - ok
13:58:28.0187 2444 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
13:58:28.0203 2444 wdmaud - ok
13:58:28.0234 2444 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
13:58:28.0234 2444 WebClient - ok
13:58:28.0312 2444 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:58:28.0312 2444 winmgmt - ok
13:58:28.0359 2444 WMDM PMSP Service (5b6da8f4f5047d6df51e1c38fc57d4d9) C:\WINDOWS\System32\MsPMSPSv.exe
13:58:28.0359 2444 WMDM PMSP Service - ok
13:58:28.0406 2444 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
13:58:28.0406 2444 WmdmPmSN - ok
13:58:28.0437 2444 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
13:58:28.0437 2444 WmiApSrv - ok
13:58:28.0453 2444 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:58:28.0453 2444 WS2IFSL - ok
13:58:28.0500 2444 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
13:58:28.0500 2444 wscsvc - ok
13:58:28.0531 2444 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:58:28.0531 2444 WSTCODEC - ok
13:58:28.0546 2444 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
13:58:28.0562 2444 wuauserv - ok
13:58:28.0593 2444 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:58:28.0593 2444 WudfPf - ok
13:58:28.0640 2444 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:58:28.0640 2444 WudfSvc - ok
13:58:28.0703 2444 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
13:58:28.0718 2444 WZCSVC - ok
13:58:28.0750 2444 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
13:58:28.0750 2444 xmlprov - ok
13:58:28.0781 2444 MBR (0x1B8) (a03e065717cb65f3034ad33ad58b6bba) \Device\Harddisk0\DR0
13:58:28.0812 2444 \Device\Harddisk0\DR0 - ok
13:58:28.0828 2444 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
13:58:31.0906 2444 \Device\Harddisk1\DR1 - ok
13:58:31.0921 2444 Boot (0x1200) (ceaf3571148c34252841c27d678794c9) \Device\Harddisk0\DR0\Partition0
13:58:31.0921 2444 \Device\Harddisk0\DR0\Partition0 - ok
13:58:31.0921 2444 Boot (0x1200) (bf2b5465a440f2caadbd35f91802a22c) \Device\Harddisk1\DR1\Partition0
13:58:31.0921 2444 \Device\Harddisk1\DR1\Partition0 - ok
13:58:31.0937 2444 ============================================================
13:58:31.0937 2444 Scan finished
13:58:31.0937 2444 ============================================================
13:58:31.0953 2412 Detected object count: 0
13:58:31.0953 2412 Actual detected object count: 0
13:59:43.0406 0292 Deinitialize success

14:08:07.0093 2064 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
14:08:07.0593 2064 ============================================================
14:08:07.0593 2064 Current date / time: 2012/05/11 14:08:07.0593
14:08:07.0593 2064 SystemInfo:
14:08:07.0593 2064
14:08:07.0593 2064 OS Version: 5.1.2600 ServicePack: 2.0
14:08:07.0593 2064 Product type: Workstation
14:08:07.0593 2064 ComputerName: DESKTOP
14:08:07.0593 2064 UserName: Ted Goldstone
14:08:07.0593 2064 Windows directory: C:\WINDOWS
14:08:07.0593 2064 System windows directory: C:\WINDOWS
14:08:07.0593 2064 Processor architecture: Intel x86
14:08:07.0593 2064 Number of processors: 2
14:08:07.0593 2064 Page size: 0x1000
14:08:07.0593 2064 Boot type: Normal boot
14:08:07.0593 2064 ============================================================
14:08:08.0187 2064 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:08:08.0187 2064 Drive \Device\Harddisk1\DR1 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:08:08.0187 2064 ============================================================
14:08:08.0187 2064 \Device\Harddisk0\DR0:
14:08:08.0187 2064 MBR partitions:
14:08:08.0187 2064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x12300BB2
14:08:08.0187 2064 \Device\Harddisk1\DR1:
14:08:08.0187 2064 MBR partitions:
14:08:08.0187 2064 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EEAD02
14:08:08.0187 2064 ============================================================
14:08:08.0234 2064 C: <-> \Device\Harddisk0\DR0\Partition0
14:08:08.0453 2064 F: <-> \Device\Harddisk1\DR1\Partition0
14:08:08.0453 2064 ============================================================
14:08:08.0453 2064 Initialize success
14:08:08.0453 2064 ============================================================
14:08:19.0625 3380 ============================================================
14:08:19.0625 3380 Scan started
14:08:19.0625 3380 Mode: Manual; SigCheck; TDLFS;
14:08:19.0625 3380 ============================================================
14:08:23.0265 3380 Abiosdsk - ok
14:08:23.0296 3380 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
14:08:24.0312 3380 abp480n5 - ok
14:08:24.0359 3380 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:08:25.0015 3380 ACPI - ok
14:08:25.0046 3380 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:08:25.0546 3380 ACPIEC - ok
14:08:25.0640 3380 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
14:08:25.0656 3380 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
14:08:25.0656 3380 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
14:08:25.0687 3380 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
14:08:26.0171 3380 adpu160m - ok
14:08:26.0203 3380 ADSEXPB (d08916e4579f64af0844ca2c283573a6) C:\WINDOWS\system32\Drivers\adsexpb.sys
14:08:26.0250 3380 ADSEXPB - ok
14:08:26.0296 3380 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
14:08:26.0562 3380 aec - ok
14:08:26.0609 3380 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
14:08:26.0640 3380 AFD - ok
14:08:26.0671 3380 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\System32\DRIVERS\agp440.sys
14:08:27.0171 3380 agp440 - ok
14:08:27.0203 3380 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
14:08:27.0703 3380 agpCPQ - ok
14:08:27.0750 3380 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
14:08:28.0421 3380 Aha154x - ok
14:08:28.0500 3380 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
14:08:29.0234 3380 aic78u2 - ok
14:08:29.0250 3380 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
14:08:29.0750 3380 aic78xx - ok
14:08:29.0781 3380 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
14:08:30.0250 3380 Alerter - ok
14:08:30.0296 3380 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
14:08:30.0781 3380 ALG - ok
14:08:30.0812 3380 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
14:08:31.0312 3380 AliIde - ok
14:08:31.0359 3380 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys
14:08:31.0843 3380 alim1541 - ok
14:08:31.0859 3380 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys
14:08:32.0359 3380 amdagp - ok
14:08:32.0406 3380 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
14:08:32.0703 3380 amsint - ok
14:08:32.0750 3380 APLMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\WINDOWS\system32\Drivers\APLMp50.sys
14:08:32.0828 3380 APLMp50 - ok
14:08:32.0921 3380 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
14:08:32.0937 3380 Apple Mobile Device - ok
14:08:32.0968 3380 appliand (69370f2e2827ffba910d0bfa9e62e484) C:\WINDOWS\system32\DRIVERS\appliand.sys
14:08:32.0984 3380 appliand - ok
14:08:32.0984 3380 appliandMP (69370f2e2827ffba910d0bfa9e62e484) C:\WINDOWS\system32\DRIVERS\appliand.sys
14:08:33.0000 3380 appliandMP - ok
14:08:33.0000 3380 AppMgmt - ok
14:08:33.0031 3380 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:08:33.0531 3380 Arp1394 - ok
14:08:33.0562 3380 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
14:08:34.0046 3380 asc - ok
14:08:34.0093 3380 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
14:08:34.0390 3380 asc3350p - ok
14:08:34.0421 3380 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
14:08:34.0812 3380 asc3550 - ok
14:08:34.0843 3380 Aslprcsora (f47b111821e8557a5605ef83c549887b) C:\WINDOWS\system32\COMPACT.EXE
14:08:35.0312 3380 Aslprcsora - ok
14:08:35.0359 3380 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
14:08:35.0375 3380 ASPI32 ( UnsignedFile.Multi.Generic ) - warning
14:08:35.0375 3380 ASPI32 - detected UnsignedFile.Multi.Generic (1)
14:08:35.0437 3380 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:08:35.0453 3380 aspnet_state - ok
14:08:35.0484 3380 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:08:35.0953 3380 AsyncMac - ok
14:08:35.0984 3380 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:08:36.0468 3380 atapi - ok
14:08:36.0468 3380 Atdisk - ok
14:08:36.0531 3380 Ati HotKey Poller (5ceda44447a28db469de28afc0950650) C:\WINDOWS\system32\Ati2evxx.exe
14:08:36.0656 3380 Ati HotKey Poller - ok
14:08:36.0718 3380 ATI Smart (737371583e0173f963d74435be3e96d2) C:\WINDOWS\SYSTEM32\ati2sgag.exe
14:08:36.0796 3380 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
14:08:36.0796 3380 ATI Smart - detected UnsignedFile.Multi.Generic (1)
14:08:37.0015 3380 ati2mtag (b63516824da0d8b9ad136e6e044a795f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:08:37.0359 3380 ati2mtag - ok
14:08:37.0546 3380 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:08:38.0078 3380 Atmarpc - ok
14:08:38.0109 3380 ATMhelpr (3ef1db7f168851914517d4ed36b57c04) C:\WINDOWS\system32\drivers\ATMhelpr.sys
14:08:38.0125 3380 ATMhelpr ( UnsignedFile.Multi.Generic ) - warning
14:08:38.0125 3380 ATMhelpr - detected UnsignedFile.Multi.Generic (1)
14:08:38.0171 3380 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
14:08:38.0906 3380 AudioSrv - ok
14:08:38.0937 3380 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:08:39.0421 3380 audstub - ok
14:08:39.0468 3380 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
14:08:39.0531 3380 b57w2k - ok
14:08:39.0546 3380 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:08:40.0031 3380 Beep - ok
14:08:40.0218 3380 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx86.sys
14:08:40.0281 3380 BHDrvx86 - ok
14:08:40.0343 3380 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
14:08:40.0875 3380 BITS - ok
14:08:40.0953 3380 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
14:08:40.0984 3380 Bonjour Service - ok
14:08:41.0015 3380 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
14:08:41.0484 3380 Browser - ok
14:08:41.0484 3380 catchme - ok
14:08:41.0562 3380 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
14:08:42.0078 3380 cbidf - ok
14:08:42.0078 3380 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:08:42.0562 3380 cbidf2k - ok
14:08:42.0593 3380 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:08:43.0031 3380 CCDECODE - ok
14:08:43.0109 3380 ccSet_NAV (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NAV\1307000.009\ccSetx86.sys
14:08:43.0125 3380 ccSet_NAV - ok
14:08:43.0156 3380 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
14:08:43.0484 3380 cd20xrnt - ok
14:08:43.0500 3380 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:08:43.0906 3380 Cdaudio - ok
14:08:43.0937 3380 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
14:08:44.0437 3380 Cdfs - ok
14:08:44.0468 3380 cdrbsvsd (48c76b30185a93df2875b7cd8244ecd9) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
14:08:44.0484 3380 cdrbsvsd ( UnsignedFile.Multi.Generic ) - warning
14:08:44.0484 3380 cdrbsvsd - detected UnsignedFile.Multi.Generic (1)
14:08:44.0515 3380 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:08:44.0984 3380 Cdrom - ok
14:08:45.0031 3380 Cinemsup (f6a0f51706cb4b0d5b8718ff69f831ba) C:\WINDOWS\system32\drivers\Cinemsup.sys
14:08:45.0046 3380 Cinemsup ( UnsignedFile.Multi.Generic ) - warning
14:08:45.0046 3380 Cinemsup - detected UnsignedFile.Multi.Generic (1)
14:08:45.0078 3380 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
14:08:45.0578 3380 CiSvc - ok
14:08:45.0609 3380 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
14:08:46.0078 3380 ClipSrv - ok
14:08:46.0156 3380 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:08:46.0171 3380 clr_optimization_v2.0.50727_32 - ok
14:08:46.0187 3380 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
14:08:46.0671 3380 CmdIde - ok
14:08:46.0671 3380 COMSysApp - ok
14:08:46.0703 3380 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
14:08:47.0203 3380 Cpqarray - ok
14:08:47.0234 3380 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\System32\CTsvcCDA.exe
14:08:47.0250 3380 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
14:08:47.0250 3380 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
14:08:47.0281 3380 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
14:08:47.0765 3380 CryptSvc - ok
14:08:47.0812 3380 ctac32k (4c638290979600ae2ae329d1608ad2ec) C:\WINDOWS\system32\drivers\ctac32k.sys
14:08:47.0859 3380 ctac32k - ok
14:08:47.0906 3380 ctaud2k (cf5662375781f741513c169cd4094100) C:\WINDOWS\system32\drivers\ctaud2k.sys
14:08:47.0968 3380 ctaud2k - ok
14:08:48.0000 3380 ctdvda2k (437f2b31ba8b6b264d38b4fe6682faec) C:\WINDOWS\system32\drivers\ctdvda2k.sys
14:08:48.0031 3380 ctdvda2k - ok
14:08:48.0062 3380 ctprxy2k (678849d1af0750f68dbdc185252d5926) C:\WINDOWS\system32\drivers\ctprxy2k.sys
14:08:48.0078 3380 ctprxy2k - ok
14:08:48.0109 3380 ctsfm2k (3a076ebfbbbd6879a78863944980da32) C:\WINDOWS\system32\drivers\ctsfm2k.sys
14:08:48.0140 3380 ctsfm2k - ok
14:08:48.0187 3380 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
14:08:48.0687 3380 dac2w2k - ok
14:08:48.0718 3380 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
14:08:49.0296 3380 dac960nt - ok
14:08:49.0359 3380 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
14:08:49.0500 3380 DcomLaunch - ok
14:08:49.0531 3380 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
14:08:49.0765 3380 Dhcp - ok
14:08:49.0796 3380 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
14:08:50.0265 3380 Disk - ok
14:08:50.0265 3380 dmadmin - ok
14:08:50.0359 3380 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
14:08:50.0890 3380 dmboot - ok
14:08:50.0921 3380 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
14:08:51.0406 3380 dmio - ok
14:08:51.0421 3380 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:08:51.0921 3380 dmload - ok
14:08:51.0953 3380 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
14:08:52.0406 3380 dmserver - ok
14:08:52.0437 3380 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
14:08:52.0921 3380 DMusic - ok
14:08:52.0968 3380 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll
14:08:53.0015 3380 Dnscache - ok
14:08:53.0062 3380 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
14:08:53.0562 3380 dpti2o - ok
14:08:53.0578 3380 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
14:08:54.0031 3380 drmkaud - ok
14:08:54.0062 3380 drvmcdb (7df2e645fbda7cde94fcabba7f0de4c2) C:\WINDOWS\system32\drivers\drvmcdb.sys
14:08:54.0093 3380 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
14:08:54.0093 3380 drvmcdb - detected UnsignedFile.Multi.Generic (1)
14:08:54.0250 3380 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:08:54.0281 3380 eeCtrl - ok
14:08:54.0312 3380 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
14:08:54.0812 3380 EL90XBC - ok
14:08:54.0859 3380 emupia (f7511cf63ef82f7227c03028a3abadb5) C:\WINDOWS\system32\drivers\emupia2k.sys
14:08:54.0906 3380 emupia - ok
14:08:54.0937 3380 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:08:54.0953 3380 EraserUtilRebootDrv - ok
14:08:54.0984 3380 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
14:08:55.0437 3380 ERSvc - ok
14:08:55.0468 3380 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
14:08:55.0578 3380 Eventlog - ok
14:08:55.0625 3380 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\System32\es.dll
14:08:55.0656 3380 EventSystem - ok
14:08:55.0687 3380 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
14:08:56.0171 3380 Fastfat - ok
14:08:56.0218 3380 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
14:08:56.0265 3380 FastUserSwitchingCompatibility - ok
14:08:56.0312 3380 Fax (fcbd571fa0ee8dc238944ae5fab74461) C:\WINDOWS\system32\fxssvc.exe
14:08:56.0796 3380 Fax - ok
14:08:56.0828 3380 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:08:57.0312 3380 Fdc - ok
14:08:57.0343 3380 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
14:08:57.0796 3380 Fips - ok
14:08:57.0812 3380 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:08:58.0265 3380 Flpydisk - ok
14:08:58.0296 3380 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
14:08:58.0468 3380 FltMgr - ok
14:08:58.0593 3380 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:08:58.0609 3380 FontCache3.0.0.0 - ok
14:08:58.0625 3380 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:08:59.0093 3380 Fs_Rec - ok
14:08:59.0140 3380 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:08:59.0640 3380 Ftdisk - ok
14:08:59.0687 3380 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:08:59.0687 3380 GEARAspiWDM - ok
14:08:59.0718 3380 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:09:00.0187 3380 Gpc - ok
14:09:00.0265 3380 ha10kx2k (f24dd43adc784177b28984043bc022ab) C:\WINDOWS\system32\drivers\ha10kx2k.sys
14:09:00.0359 3380 ha10kx2k - ok
14:09:00.0390 3380 hap16v2k (ff65c807ea641ff7310a61be4dec6479) C:\WINDOWS\system32\drivers\hap16v2k.sys
14:09:00.0421 3380 hap16v2k - ok
14:09:00.0468 3380 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:09:00.0984 3380 helpsvc - ok
14:09:00.0984 3380 HidServ - ok
14:09:01.0062 3380 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
14:09:01.0468 3380 HP Port Resolver - ok
14:09:01.0515 3380 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
14:09:01.0921 3380 HP Status Server - ok
14:09:01.0953 3380 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
14:09:02.0390 3380 hpn - ok
14:09:02.0421 3380 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:09:02.0562 3380 HPZid412 - ok
14:09:02.0578 3380 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:09:02.0609 3380 HPZipr12 - ok
14:09:02.0609 3380 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:09:02.0656 3380 HPZius12 - ok
14:09:02.0703 3380 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
14:09:02.0765 3380 HTTP - ok
14:09:02.0796 3380 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
14:09:03.0281 3380 HTTPFilter - ok
14:09:03.0328 3380 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:09:03.0796 3380 i2omgmt - ok
14:09:03.0812 3380 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys
14:09:04.0296 3380 i2omp - ok
14:09:04.0328 3380 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:09:04.0781 3380 i8042prt - ok
14:09:04.0828 3380 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
14:09:05.0328 3380 i81x - ok
14:09:05.0390 3380 IAANTMon (a38bf37fd0795382655f756dd4446fa0) C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
14:09:05.0406 3380 IAANTMon ( UnsignedFile.Multi.Generic ) - warning
14:09:05.0406 3380 IAANTMon - detected UnsignedFile.Multi.Generic (1)
14:09:05.0437 3380 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
14:09:05.0906 3380 iAimFP0 - ok
14:09:05.0937 3380 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
14:09:06.0453 3380 iAimFP1 - ok
14:09:06.0468 3380 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
14:09:06.0968 3380 iAimFP2 - ok
14:09:07.0000 3380 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
14:09:07.0468 3380 iAimFP3 - ok
14:09:07.0500 3380 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
14:09:07.0968 3380 iAimFP4 - ok
14:09:08.0000 3380 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
14:09:08.0468 3380 iAimTV0 - ok
14:09:08.0500 3380 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
14:09:08.0984 3380 iAimTV1 - ok
14:09:09.0000 3380 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
14:09:09.0515 3380 iAimTV3 - ok
14:09:09.0546 3380 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
14:09:10.0046 3380 iAimTV4 - ok
14:09:10.0109 3380 iaStor (d7731536e183b4397402ca6f9e1d52f7) C:\WINDOWS\system32\drivers\iaStor.sys
14:09:10.0187 3380 iaStor - ok
14:09:10.0312 3380 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:09:10.0328 3380 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:09:10.0328 3380 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:09:10.0468 3380 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:09:10.0531 3380 idsvc - ok
14:09:10.0734 3380 IDSxpx86 (c924bf6d42b3d9292268ff1998596bd1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120510.001\IDSxpx86.sys
14:09:10.0765 3380 IDSxpx86 - ok
14:09:10.0906 3380 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\drivers\Imapi.sys
14:09:11.0421 3380 Imapi - ok
14:09:11.0453 3380 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
14:09:11.0937 3380 ImapiService - ok
14:09:11.0968 3380 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
14:09:12.0453 3380 ini910u - ok
14:09:12.0562 3380 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
14:09:12.0703 3380 IntelC51 - ok
14:09:12.0765 3380 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
14:09:12.0843 3380 IntelC52 - ok
14:09:12.0875 3380 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
14:09:12.0906 3380 IntelC53 - ok
14:09:12.0937 3380 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\System32\DRIVERS\intelide.sys
14:09:13.0453 3380 IntelIde - ok
14:09:13.0484 3380 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:09:13.0937 3380 intelppm - ok
14:09:13.0953 3380 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
14:09:14.0437 3380 ip6fw - ok
14:09:14.0468 3380 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:09:14.0953 3380 IpFilterDriver - ok
14:09:14.0968 3380 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:09:15.0437 3380 IpInIp - ok
14:09:15.0484 3380 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:09:15.0531 3380 IpNat - ok
14:09:15.0609 3380 iPod Service (1e6f080d5edb4c3b4c4eb787a0848dcc) C:\Program Files\iPod\bin\iPodService.exe
14:09:15.0640 3380 iPod Service - ok
14:09:15.0687 3380 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:09:16.0171 3380 IPSec - ok
14:09:16.0187 3380 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:09:16.0671 3380 IRENUM - ok
14:09:16.0718 3380 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:09:17.0187 3380 isapnp - ok
14:09:17.0281 3380 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe
14:09:17.0296 3380 JavaQuickStarterService - ok
14:09:17.0328 3380 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:09:17.0796 3380 Kbdclass - ok
14:09:17.0843 3380 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
14:09:18.0031 3380 kmixer - ok
14:09:18.0062 3380 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
14:09:18.0125 3380 KSecDD - ok
14:09:18.0156 3380 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
14:09:18.0234 3380 lanmanserver - ok
14:09:18.0265 3380 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
14:09:18.0312 3380 lanmanworkstation - ok
14:09:18.0343 3380 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
14:09:18.0859 3380 LmHosts - ok
14:09:18.0890 3380 LxrSII1d (7c12f93c005021861a36c11df951891a) C:\WINDOWS\system32\Drivers\LxrSII1d.sys
14:09:18.0921 3380 LxrSII1d ( UnsignedFile.Multi.Generic ) - warning
14:09:18.0921 3380 LxrSII1d - detected UnsignedFile.Multi.Generic (1)
14:09:18.0921 3380 LxrSII1s - ok
14:09:18.0968 3380 MaxtorFrontPanel1 (dad2801f46631b625fb4fb37265fbe6e) C:\WINDOWS\system32\DRIVERS\mxofwfp.sys
14:09:19.0000 3380 MaxtorFrontPanel1 - ok
14:09:19.0031 3380 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
14:09:19.0046 3380 MCSTRM ( UnsignedFile.Multi.Generic ) - warning
14:09:19.0046 3380 MCSTRM - detected UnsignedFile.Multi.Generic (1)
14:09:19.0093 3380 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
14:09:19.0593 3380 Messenger - ok
14:09:19.0625 3380 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:09:20.0109 3380 mnmdd - ok
14:09:20.0140 3380 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\System32\mnmsrvc.exe
14:09:20.0609 3380 mnmsrvc - ok
14:09:20.0640 3380 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
14:09:21.0109 3380 Modem - ok
14:09:21.0140 3380 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:09:21.0640 3380 MODEMCSA - ok
14:09:21.0687 3380 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
14:09:21.0703 3380 mohfilt - ok
14:09:21.0734 3380 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:09:22.0187 3380 Mouclass - ok
14:09:22.0218 3380 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
14:09:22.0718 3380 MountMgr - ok
14:09:22.0750 3380 MR97310_USB_DUAL_CAMERA (1aae79a4176a957bf2bb679812f04655) C:\WINDOWS\system32\DRIVERS\mr97310c.sys
14:09:22.0812 3380 MR97310_USB_DUAL_CAMERA - ok
14:09:22.0859 3380 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
14:09:23.0296 3380 mraid35x - ok
14:09:23.0343 3380 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:09:23.0406 3380 MRxDAV - ok
14:09:23.0453 3380 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:09:23.0546 3380 MRxSmb - ok
14:09:23.0656 3380 MSCSPTISRV (f1534aca143ca86cd57672953754fab0) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
14:09:23.0671 3380 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
14:09:23.0671 3380 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
14:09:23.0718 3380 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\System32\msdtc.exe
14:09:24.0218 3380 MSDTC - ok
14:09:24.0250 3380 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
14:09:24.0734 3380 Msfs - ok
14:09:24.0734 3380 MSIServer - ok
14:09:24.0781 3380 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:09:25.0250 3380 MSKSSRV - ok
14:09:25.0265 3380 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:09:25.0750 3380 MSPCLOCK - ok
14:09:25.0765 3380 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
14:09:26.0234 3380 MSPQM - ok
14:09:26.0265 3380 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:09:26.0734 3380 mssmbios - ok
14:09:26.0765 3380 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
14:09:27.0250 3380 MSTEE - ok
14:09:27.0296 3380 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
14:09:27.0765 3380 Mup - ok
14:09:27.0796 3380 MXOPSWD (c29f284ff7ab4ed38ce419a9424e52a2) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
14:09:27.0828 3380 MXOPSWD - ok
14:09:27.0859 3380 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:09:28.0328 3380 NABTSFEC - ok
14:09:28.0390 3380 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
14:09:28.0406 3380 NAV - ok
14:09:28.0578 3380 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120510.033\NAVENG.SYS
14:09:28.0593 3380 NAVENG - ok
14:09:28.0703 3380 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120510.033\NAVEX15.SYS
14:09:28.0859 3380 NAVEX15 - ok
14:09:29.0046 3380 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
14:09:29.0531 3380 NDIS - ok
14:09:29.0562 3380 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:09:30.0046 3380 NdisIP - ok
14:09:30.0078 3380 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:09:30.0562 3380 NdisTapi - ok
14:09:30.0609 3380 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:09:31.0062 3380 Ndisuio - ok
14:09:31.0078 3380 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:09:31.0546 3380 NdisWan - ok
14:09:31.0578 3380 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
14:09:32.0078 3380 NDProxy - ok
14:09:32.0234 3380 Nero BackItUp Scheduler 3 (2aae889742376edc5c3203dfb74f28fd) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
14:09:32.0312 3380 Nero BackItUp Scheduler 3 - ok
14:09:32.0390 3380 NeroCd2k (3662b574a525e83a6d784002df0fce5b) C:\WINDOWS\system32\drivers\NeroCd2k.sys
14:09:32.0406 3380 NeroCd2k ( UnsignedFile.Multi.Generic ) - warning
14:09:32.0406 3380 NeroCd2k - detected UnsignedFile.Multi.Generic (1)
14:09:32.0437 3380 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:09:32.0937 3380 NetBIOS - ok
14:09:32.0968 3380 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:09:33.0453 3380 NetBT - ok
14:09:33.0500 3380 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
14:09:34.0000 3380 NetDDE - ok
14:09:34.0015 3380 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
14:09:34.0468 3380 NetDDEdsdm - ok
14:09:34.0500 3380 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
14:09:34.0953 3380 Netlogon - ok
14:09:35.0000 3380 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
14:09:35.0109 3380 Netman - ok
14:09:35.0234 3380 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:09:35.0250 3380 NetTcpPortSharing - ok
14:09:35.0296 3380 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:09:35.0781 3380 NIC1394 - ok
14:09:35.0828 3380 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
14:09:36.0046 3380 Nla - ok
14:09:36.0062 3380 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
14:09:36.0546 3380 nm - ok
14:09:36.0687 3380 NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
14:09:36.0718 3380 NMIndexingService - ok
14:09:36.0765 3380 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
14:09:36.0765 3380 NPF - ok
14:09:36.0796 3380 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
14:09:37.0296 3380 Npfs - ok
14:09:37.0359 3380 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
14:09:37.0468 3380 Ntfs - ok
14:09:37.0500 3380 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
14:09:37.0953 3380 NtLmSsp - ok
14:09:38.0015 3380 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
14:09:38.0546 3380 NtmsSvc - ok
14:09:38.0609 3380 NTService1 (c2c0ff5f58dc258b77a799e0f8b5925c) C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
14:09:38.0625 3380 NTService1 ( UnsignedFile.Multi.Generic ) - warning
14:09:38.0625 3380 NTService1 - detected UnsignedFile.Multi.Generic (1)
14:09:38.0656 3380 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:09:39.0140 3380 Null - ok
14:09:39.0328 3380 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:09:39.0984 3380 nv - ok
14:09:40.0140 3380 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:09:40.0640 3380 NwlnkFlt - ok
14:09:40.0671 3380 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:09:41.0125 3380 NwlnkFwd - ok
14:09:41.0171 3380 O1394B (8e41c7c9c171d07c1ecf108d5e2b1c07) C:\WINDOWS\system32\DRIVERS\o1394b.sys
14:09:41.0203 3380 O1394B ( UnsignedFile.Multi.Generic ) - warning
14:09:41.0203 3380 O1394B - detected UnsignedFile.Multi.Generic (1)
14:09:41.0203 3380 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:09:41.0671 3380 ohci1394 - ok
14:09:41.0703 3380 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
14:09:41.0734 3380 omci ( UnsignedFile.Multi.Generic ) - warning
14:09:41.0734 3380 omci - detected UnsignedFile.Multi.Generic (1)
14:09:41.0781 3380 ossrv (f0184fe6069be1541a3d18c02a73d161) C:\WINDOWS\system32\drivers\ctoss2k.sys
14:09:41.0828 3380 ossrv - ok
14:09:41.0859 3380 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
14:09:42.0281 3380 P3 - ok
14:09:42.0390 3380 PACSPTISVR (17bb6b38de8c2bda692ca1db0cea7325) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
14:09:42.0421 3380 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
14:09:42.0421 3380 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
14:09:42.0437 3380 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
14:09:42.0937 3380 Parport - ok
14:09:42.0968 3380 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
14:09:43.0437 3380 PartMgr - ok
14:09:43.0453 3380 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:09:43.0921 3380 ParVdm - ok
14:09:43.0968 3380 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
14:09:44.0421 3380 PCI - ok
14:09:44.0421 3380 PCIDump - ok
14:09:44.0468 3380 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:09:44.0937 3380 PCIIde - ok
14:09:44.0968 3380 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:09:45.0437 3380 Pcmcia - ok
14:09:45.0468 3380 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
14:09:45.0968 3380 perc2 - ok
14:09:45.0984 3380 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
14:09:46.0468 3380 perc2hib - ok
14:09:46.0515 3380 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\System32\drivers\PfModNT.sys
14:09:46.0562 3380 PfModNT - ok
14:09:46.0593 3380 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\WINDOWS\system32\IoctlSvc.exe
14:09:46.0625 3380 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
14:09:46.0625 3380 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
14:09:46.0656 3380 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
14:09:46.0765 3380 PlugPlay - ok
14:09:46.0796 3380 Pml Driver HPZ12 (a38b3ce68e7f126190cde4aa3fdf050f) C:\WINDOWS\system32\HPZipm12.exe
14:09:47.0250 3380 Pml Driver HPZ12 - ok
14:09:47.0281 3380 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys
14:09:47.0296 3380 Point32 - ok
14:09:47.0328 3380 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
14:09:47.0781 3380 PolicyAgent - ok
14:09:47.0812 3380 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:09:48.0265 3380 PptpMiniport - ok
14:09:48.0296 3380 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
14:09:48.0765 3380 Processor - ok
14:09:48.0765 3380 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
14:09:49.0265 3380 ProtectedStorage - ok
14:09:49.0296 3380 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
14:09:49.0765 3380 PSched - ok
14:09:49.0812 3380 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:09:50.0281 3380 Ptilink - ok
14:09:50.0312 3380 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:09:50.0343 3380 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
14:09:50.0343 3380 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
14:09:50.0375 3380 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
14:09:50.0812 3380 ql1080 - ok
14:09:50.0843 3380 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
14:09:51.0312 3380 Ql10wnt - ok
14:09:51.0328 3380 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
14:09:51.0796 3380 ql12160 - ok
14:09:51.0828 3380 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
14:09:52.0281 3380 ql1240 - ok
14:09:52.0312 3380 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
14:09:52.0750 3380 ql1280 - ok
14:09:52.0765 3380 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:09:53.0234 3380 RasAcd - ok
14:09:53.0265 3380 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
14:09:53.0734 3380 RasAuto - ok
14:09:53.0765 3380 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:09:54.0250 3380 Rasl2tp - ok
14:09:54.0281 3380 RasMan (d4bd2eeab07fef323f0a0ceecc954f51) C:\WINDOWS\System32\rasmans.dll
14:09:54.0453 3380 RasMan - ok
14:09:54.0468 3380 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:09:54.0906 3380 RasPppoe - ok
14:09:54.0937 3380 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:09:55.0406 3380 Raspti - ok
14:09:55.0453 3380 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:09:55.0640 3380 Rdbss - ok
14:09:55.0656 3380 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:09:56.0140 3380 RDPCDD - ok
14:09:56.0187 3380 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:09:56.0671 3380 rdpdr - ok
14:09:56.0718 3380 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
14:09:56.0828 3380 RDPWD - ok
14:09:56.0859 3380 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
14:09:57.0343 3380 RDSessMgr - ok
14:09:57.0375 3380 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:09:57.0828 3380 redbook - ok
14:09:57.0843 3380 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
14:09:58.0281 3380 RemoteAccess - ok
14:09:58.0359 3380 RetroExpLauncher (16f9aad9b85e7e25e0f5a03ee74e2a3d) C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
14:09:58.0375 3380 RetroExpLauncher ( UnsignedFile.Multi.Generic ) - warning
14:09:58.0375 3380 RetroExpLauncher - detected UnsignedFile.Multi.Generic (1)
14:09:58.0437 3380 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files\WinPcap\rpcapd.exe
14:09:58.0453 3380 rpcapd - ok
14:09:58.0484 3380 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\System32\locator.exe
14:09:58.0984 3380 RpcLocator - ok
14:09:59.0046 3380 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\System32\rpcss.dll
14:09:59.0171 3380 RpcSs - ok
14:09:59.0218 3380 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
14:09:59.0687 3380 RSVP - ok
14:09:59.0703 3380 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
14:10:00.0171 3380 SamSs - ok
14:10:00.0203 3380 sbp2port (3e2c3b180872be4120f246d85560b734) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
14:10:00.0671 3380 sbp2port - ok
14:10:00.0703 3380 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
14:10:01.0187 3380 SCardSvr - ok
14:10:01.0234 3380 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
14:10:01.0703 3380 Schedule - ok
14:10:01.0734 3380 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:10:01.0765 3380 Secdrv - ok
14:10:01.0843 3380 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
14:10:02.0328 3380 seclogon - ok
14:10:02.0359 3380 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
14:10:02.0812 3380 SENS - ok
14:10:02.0843 3380 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:10:03.0343 3380 serenum - ok
14:10:03.0390 3380 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
14:10:03.0859 3380 Serial - ok
14:10:03.0890 3380 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:10:04.0375 3380 Sfloppy - ok
14:10:04.0421 3380 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
14:10:04.0906 3380 SharedAccess - ok
14:10:04.0953 3380 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
14:10:05.0000 3380 ShellHWDetection - ok
14:10:05.0000 3380 Simbad - ok
14:10:05.0046 3380 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys
14:10:05.0515 3380 sisagp - ok
14:10:05.0515 3380 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:10:05.0953 3380 SLIP - ok
14:10:06.0000 3380 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
14:10:06.0312 3380 Sparrow - ok
14:10:06.0343 3380 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
14:10:06.0531 3380 splitter - ok
14:10:06.0578 3380 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
14:10:06.0671 3380 Spooler - ok
14:10:06.0796 3380 SPTISRV (3980b48dff300a7e4139f5c64da65f5c) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
14:10:06.0812 3380 SPTISRV ( UnsignedFile.Multi.Generic ) - warning
14:10:06.0812 3380 SPTISRV - detected UnsignedFile.Multi.Generic (1)
14:10:06.0843 3380 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
14:10:07.0343 3380 sr - ok
14:10:07.0390 3380 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
14:10:07.0875 3380 srservice - ok
14:10:07.0968 3380 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\NAV\1307000.009\SRTSP.SYS
14:10:08.0015 3380 SRTSP - ok
14:10:08.0031 3380 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\NAV\1307000.009\SRTSPX.SYS
14:10:08.0046 3380 SRTSPX - ok
14:10:08.0093 3380 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
14:10:08.0187 3380 Srv - ok
14:10:08.0218 3380 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
14:10:08.0765 3380 SSDPSRV - ok
14:10:08.0875 3380 SSScsiSV (3dbade5b4aa47c245a69e99d72b8e73b) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
14:10:08.0890 3380 SSScsiSV ( UnsignedFile.Multi.Generic ) - warning
14:10:08.0890 3380 SSScsiSV - detected UnsignedFile.Multi.Generic (1)
14:10:08.0937 3380 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
14:10:09.0031 3380 stisvc - ok
14:10:09.0062 3380 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:10:09.0562 3380 streamip - ok
14:10:09.0578 3380 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:10:10.0046 3380 swenum - ok
14:10:10.0093 3380 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
14:10:10.0546 3380 swmidi - ok
14:10:10.0546 3380 SwPrv - ok
14:10:10.0656 3380 Symantec RemoteAssist (267c914667c94e5f47d342311c1c577f) C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
14:10:10.0703 3380 Symantec RemoteAssist - ok
14:10:10.0734 3380 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
14:10:11.0218 3380 symc810 - ok
14:10:11.0250 3380 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
14:10:11.0718 3380 symc8xx - ok
14:10:11.0812 3380 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NAV\1307000.009\SYMDS.SYS
14:10:11.0843 3380 SymDS - ok
14:10:11.0937 3380 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NAV\1307000.009\SYMEFA.SYS
14:10:11.0984 3380 SymEFA - ok
14:10:12.0031 3380 SymEvent (555fb450fe6908600310e990738b41d6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
14:10:12.0046 3380 SymEvent - ok
14:10:12.0078 3380 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NAV\1307000.009\Ironx86.SYS
14:10:12.0093 3380 SymIRON - ok
14:10:12.0140 3380 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NAV\1307000.009\SYMTDI.SYS
14:10:12.0203 3380 SYMTDI - ok
14:10:12.0250 3380 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
14:10:12.0734 3380 sym_hi - ok
14:10:12.0781 3380 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
14:10:13.0265 3380 sym_u3 - ok
14:10:13.0296 3380 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
14:10:13.0781 3380 sysaudio - ok
14:10:13.0812 3380 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
14:10:14.0296 3380 SysmonLog - ok
14:10:14.0343 3380 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
14:10:14.0468 3380 TapiSrv - ok
14:10:14.0515 3380 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:10:14.0734 3380 Tcpip - ok
14:10:14.0781 3380 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:10:15.0203 3380 TDPIPE - ok
14:10:15.0250 3380 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
14:10:15.0687 3380 TDTCP - ok
14:10:15.0718 3380 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:10:16.0187 3380 TermDD - ok
14:10:16.0250 3380 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
14:10:16.0750 3380 TermService - ok
14:10:16.0796 3380 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
14:10:16.0812 3380 Themes - ok
14:10:16.0859 3380 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
14:10:17.0312 3380 TosIde - ok
14:10:17.0359 3380 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
14:10:17.0828 3380 TrkWks - ok
14:10:17.0875 3380 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
14:10:18.0343 3380 Udfs - ok
14:10:18.0375 3380 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
14:10:18.0671 3380 ultra - ok
14:10:18.0734 3380 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
14:10:18.0812 3380 Update - ok
14:10:18.0890 3380 UPHClean (3f9a3232e5f942874488981f3242c989) C:\Program Files\UPHClean\uphclean.exe
14:10:18.0890 3380 UPHClean ( UnsignedFile.Multi.Generic ) - warning
14:10:18.0890 3380 UPHClean - detected UnsignedFile.Multi.Generic (1)
14:10:18.0937 3380 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
14:10:18.0984 3380 upnphost - ok
14:10:19.0031 3380 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
14:10:19.0515 3380 UPS - ok
14:10:19.0546 3380 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:10:20.0046 3380 usbccgp - ok
14:10:20.0093 3380 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:10:20.0640 3380 usbehci - ok
14:10:20.0671 3380 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:10:21.0171 3380 usbhub - ok
14:10:21.0218 3380 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:10:21.0718 3380 usbprint - ok
14:10:21.0750 3380 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:10:22.0218 3380 usbscan - ok
14:10:22.0250 3380 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:10:22.0718 3380 USBSTOR - ok
14:10:22.0750 3380 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:10:23.0203 3380 usbuhci - ok
14:10:23.0234 3380 UxTuneUp (0f197488055cf1304964881da0faae19) C:\WINDOWS\System32\uxtuneup.dll
14:10:23.0250 3380 UxTuneUp - ok
14:10:23.0265 3380 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
14:10:23.0734 3380 VgaSave - ok
14:10:23.0781 3380 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys
14:10:24.0250 3380 viaagp - ok
14:10:24.0296 3380 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
14:10:24.0781 3380 ViaIde - ok
14:10:24.0796 3380 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
14:10:25.0296 3380 VolSnap - ok
14:10:25.0343 3380 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
14:10:25.0812 3380 VSS - ok
14:10:25.0859 3380 w32time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
14:10:26.0328 3380 w32time - ok
14:10:26.0359 3380 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:10:26.0828 3380 Wanarp - ok
14:10:26.0828 3380 wanatw - ok
14:10:26.0859 3380 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
14:10:27.0046 3380 wdmaud - ok
14:10:27.0093 3380 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
14:10:27.0296 3380 WebClient - ok
14:10:27.0359 3380 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:10:27.0812 3380 winmgmt - ok
14:10:27.0859 3380 WMDM PMSP Service (5b6da8f4f5047d6df51e1c38fc57d4d9) C:\WINDOWS\System32\MsPMSPSv.exe
14:10:27.0875 3380 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - warning
14:10:27.0875 3380 WMDM PMSP Service - detected UnsignedFile.Multi.Generic (1)
14:10:27.0906 3380 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:10:27.0968 3380 WmdmPmSN - ok
14:10:28.0015 3380 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
14:10:28.0484 3380 WmiApSrv - ok
14:10:28.0500 3380 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:10:28.0968 3380 WS2IFSL - ok
14:10:29.0000 3380 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
14:10:29.0468 3380 wscsvc - ok
14:10:29.0500 3380 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:10:29.0953 3380 WSTCODEC - ok
14:10:30.0000 3380 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
14:10:30.0453 3380 wuauserv - ok
14:10:30.0484 3380 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:10:30.0531 3380 WudfPf - ok
14:10:30.0562 3380 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:10:30.0593 3380 WudfSvc - ok
14:10:30.0656 3380 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
14:10:31.0203 3380 WZCSVC - ok
14:10:31.0234 3380 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
14:10:31.0671 3380 xmlprov - ok
14:10:31.0718 3380 MBR (0x1B8) (a03e065717cb65f3034ad33ad58b6bba) \Device\Harddisk0\DR0
14:10:31.0812 3380 \Device\Harddisk0\DR0 - ok
14:10:31.0828 3380 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
14:10:34.0687 3380 \Device\Harddisk1\DR1 - ok
14:10:34.0703 3380 Boot (0x1200) (ceaf3571148c34252841c27d678794c9) \Device\Harddisk0\DR0\Partition0
14:10:34.0718 3380 \Device\Harddisk0\DR0\Partition0 - ok
14:10:34.0718 3380 Boot (0x1200) (bf2b5465a440f2caadbd35f91802a22c) \Device\Harddisk1\DR1\Partition0
14:10:34.0718 3380 \Device\Harddisk1\DR1\Partition0 - ok
14:10:34.0718 3380 ============================================================
14:10:34.0718 3380 Scan finished
14:10:34.0718 3380 ============================================================
14:10:34.0828 1668 Detected object count: 25
14:10:34.0828 1668 Actual detected object count: 25
14:12:41.0656 1668 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0656 1668 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0656 1668 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0656 1668 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0656 1668 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0656 1668 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0656 1668 ATMhelpr ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0656 1668 ATMhelpr ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0656 1668 cdrbsvsd ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0656 1668 cdrbsvsd ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0656 1668 Cinemsup ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0656 1668 Cinemsup ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0656 1668 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0656 1668 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0671 1668 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0671 1668 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0671 1668 IAANTMon ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0671 1668 IAANTMon ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0671 1668 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0671 1668 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0671 1668 LxrSII1d ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0671 1668 LxrSII1d ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0671 1668 MCSTRM ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0671 1668 MCSTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0671 1668 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0671 1668 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0687 1668 NeroCd2k ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0687 1668 NeroCd2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0687 1668 NTService1 ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0687 1668 NTService1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0687 1668 O1394B ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0687 1668 O1394B ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0687 1668 omci ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0687 1668 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0687 1668 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0687 1668 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0687 1668 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0687 1668 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0703 1668 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0703 1668 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0703 1668 RetroExpLauncher ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0703 1668 RetroExpLauncher ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0703 1668 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0703 1668 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0703 1668 SSScsiSV ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0703 1668 SSScsiSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0703 1668 UPHClean ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0703 1668 UPHClean ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:41.0703 1668 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:41.0703 1668 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:07.0875 0816 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-11 14:23:20
-----------------------------
14:23:20.437 OS Version: Windows 5.1.2600 Service Pack 2
14:23:20.453 Number of processors: 2 586 0x304
14:23:20.453 ComputerName: DESKTOP UserName:
14:23:21.671 Initialize success
14:26:46.890 AVAST engine defs: 12051101
14:28:04.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:28:04.250 Disk 0 Vendor: ST316002 8.05 Size: 152627MB BusType: 3
14:28:04.250 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
14:28:04.265 Disk 1 Vendor: ST330062 3.AA Size: 286168MB BusType: 3
14:28:04.281 Disk 0 MBR read successfully
14:28:04.281 Disk 0 MBR scan
14:28:04.328 Disk 0 unknown MBR code
14:28:04.343 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 47 MB offset 63
14:28:04.359 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 148993 MB offset 96390
14:28:04.390 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3584 MB offset 305235000
14:28:04.390 Disk 0 scanning sectors +312576705
14:28:04.437 Disk 0 scanning C:\WINDOWS\system32\drivers
14:28:17.421 Service scanning
14:28:35.609 Modules scanning
14:28:51.828 AVAST engine scan C:\WINDOWS
14:29:16.171 AVAST engine scan C:\WINDOWS\system32
14:32:24.390 AVAST engine scan C:\WINDOWS\system32\drivers
14:32:51.968 AVAST engine scan C:\Documents and Settings\Ted Goldstone
14:47:27.703 AVAST engine scan C:\Documents and Settings\All Users
14:53:18.968 File: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\TryMedia\cookingdash\en-US\cookingdash.exe **HIDDEN**
14:53:20.203 File: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\TryMedia\cookingdash\en-US\ZylomAdapter.dll **HIDDEN**
14:53:20.953 File: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\TryMedia\cookingdash\en-US\ZylomHost.exe **HIDDEN**
14:53:21.796 File: C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DIFxAPI.dll **HIDDEN**
14:53:22.171 File: C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DifXInstall32.exe **HIDDEN**
14:53:23.343 File: C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\x86\GEARAspi.dll **HIDDEN**
14:53:23.718 File: C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\x86\GEARAspiWDM.sys **HIDDEN**
14:53:47.703 File: C:\Documents and Settings\All Users\DRM\Cache\Indiv01.key **HIDDEN**
14:53:49.750 File: C:\Documents and Settings\All Users\DRM\IndivBox.key **HIDDEN**
14:57:33.281 File: C:\Documents and Settings\All Users\Symantec Temporary Files\NAV071420.exe **HIDDEN**
14:57:33.281 Scan finished successfully
14:58:02.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ted Goldstone\Desktop\MBR.dat"
14:58:02.484 The log file has been saved successfully to "C:\Documents and Settings\Ted Goldstone\Desktop\aswMBR log 5-11-12.txt"

[The Fix button was NOT enabled]


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.11.08

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Ted Goldstone :: DESKTOP [administrator]

Protection: Enabled

5/11/2012 3:35:18 PM
mbam-log-2012-05-11 (15-35-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232358
Time elapsed: 1 hour(s), 22 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\AppID\activex.DLL (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Vino's Event Viewer v01c run on Windows XP in English
Report run at 11/05/2012 5:13:55 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/05/2012 5:10:11 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Aslprcsora service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 11/05/2012 5:10:11 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The ADS DVD Xpress B service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 11/05/2012 5:10:00 PM
Type: error Category: 44
Event: 45062 Source: ati2mtag
CRT invalid display type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 98.44 0 K 16 K
procexp.exe 1460 1.56 25,704 K 30,472 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
wscntfy.exe 2540 724 K 2,600 K Windows Security Center Notification App Microsoft Corporation (Verified) Microsoft Windows Publisher
wmiprvse.exe 3164 1,952 K 5,092 K WMI Microsoft Corporation (Verified) Microsoft Windows Component Publisher
winlogon.exe 1132 6,752 K 3,724 K Windows NT Logon Application Microsoft Corporation (Verified) Microsoft Windows Publisher
uphclean.exe 812 612 K 1,448 K User Profile Hive Cleanup Service Microsoft Corporation (Unable to verify) Microsoft Corporation
System 4 0 K 236 K
SyncServices.exe 464 2,108 K 2,920 K SyncServices (Unable to verify)
svchost.exe 1508 2,056 K 4,660 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1392 3,264 K 5,124 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1644 15,768 K 24,500 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1852 1,612 K 4,008 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1588 1,436 K 3,872 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 764 2,600 K 4,320 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 188 4,316 K 6,504 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows XP Publisher
smss.exe 1048 224 K 460 K Windows NT Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
services.exe 1176 2,284 K 4,476 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Component Publisher
retrorun.exe 552 1,576 K 4,464 K Retrospect Express HD EMC Dantz (Unable to verify) EMC Dantz
NBService.exe 364 2,412 K 5,876 K Nero BackItUp Nero AG (Verified) Nero AG
MsPMSPSv.exe 916 584 K 1,720 K WMDM PMSP Service Microsoft Corporation (Unable to verify) Microsoft Corporation
mDNSResponder.exe 1700 1,288 K 3,660 K Bonjour Service Apple Inc. (Verified) Apple Inc.
MClipboard.exe 3672 1,116 K 4,096 K (Unable to verify)
mbamservice.exe 268 5,476 K 7,120 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
LxrSII1s.exe 2032 228 K 900 K
lsass.exe 1188 4,004 K 1,100 K LSA Shell (Export Version) Microsoft Corporation (Verified) Microsoft Windows Publisher
jqs.exe 1940 2,136 K 1,644 K Java™ Quick Starter Service Sun Microsystems, Inc. (Verified) Sun Microsystems, Inc.
ipoint.exe 3444 16,896 K 22,972 K IPoint.exe Microsoft Corporation (Verified) Microsoft Corporation
IoctlSvc.exe 488 576 K 1,816 K PLFlash DeviceIoControl Service Prolific Technology Inc. (Unable to verify) Prolific Technology Inc.
iexplore.exe 3344 6,896 K 2,612 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 3568 57,144 K 62,356 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
IAANTmon.exe 1848 468 K 1,416 K Intel Application Accelerator RAID Monitor Intel Corporation (Unable to verify) Intel Corporation
IAAnotif.exe 2668 816 K 2,504 K IAA Event Monitor User Notification Tool Intel Corporation (Unable to verify) Intel Corporation
HPZipm12.exe 524 864 K 2,272 K PML Driver HP (Verified) Microsoft Windows Hardware Compatibility Publisher
hpqtra08.exe 3596 3,576 K 7,292 K HP Digital Imaging Monitor Hewlett-Packard Development Company, L.P. (Unable to verify) Hewlett-Packard Development Company, L.P.
hpqste08.exe 3724 8,192 K 13,904 K HP CUE Status Hewlett-Packard Development Company, L.P. (Unable to verify) Hewlett-Packard Development Company, L.P.
explorer.exe 1336 58,660 K 66,700 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows Component Publisher
CTSysVol.exe 2676 3,024 K 5,272 K CTSysVol.exe Creative Technology Ltd (Unable to verify) Creative Technology Ltd
CTSVCCDA.EXE 1732 584 K 1,620 K Creative Service for CDROM Access Creative Technology Ltd (Unable to verify) Creative Technology Ltd
CTHELPER.EXE 2704 3,524 K 5,876 K CtHelper MFC Application Creative Technology Ltd (Unable to verify) Creative Technology Ltd
ctfmon.exe 3560 1,020 K 3,944 K CTF Loader Microsoft Corporation (Verified) Microsoft Windows Publisher
CTDVDDET.exe 2692 780 K 2,936 K CTDVDDET Creative Technology Ltd (Unable to verify) Creative Technology Ltd
csrss.exe 1100 1,884 K 4,588 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
ccsvchst.exe 332 30,712 K 10,736 K Symantec Service Framework Symantec Corporation (Verified) Symantec Corporation
ccsvchst.exe 1800 13,064 K 10,320 K Symantec Service Framework Symantec Corporation (Verified) Symantec Corporation
ati2evxx.exe 1372 2,152 K 3,772 K ATI External Event Utility EXE Module ATI Technologies Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
ati2evxx.exe 1820 2,388 K 4,476 K ATI External Event Utility EXE Module ATI Technologies Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
AppleMobileDeviceService.exe 1620 1,924 K 2,748 K Apple Mobile Device Service Apple Inc. (Verified) Apple Inc.
alg.exe 2572 1,276 K 3,632 K Application Layer Gateway Service Microsoft Corporation (Verified) Microsoft Windows Publisher


I was unable to complete Speccy - midway thru it bombs to a Blue Screen.

I'll await your input. THANKS
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,798 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

AtJob::

DirLook::
C:\Program Files\Common
%user%\library

Driver::
Aslprcsora

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

I would uninstall Speccy if it won't work.

Try speedfan instead.

http://www.almico.com/sfdownload.php

If your PC is new enough to have temperature sensors it should tell you what temp your CPU is running. If it doesn't work then it's pretty old and I think you should assume your PC needs cleaning. Every old PC I've seen has been clogged with dust. If this is a desktop, open it up and use a soft brush and a vacuum cleaner to clear the dust from the vents and the heatsink. Turn it on and verify that the fan starts quickly. (It may stop right away but it should always start at boot.) Laptops are a bit trickier. I'd start with just sucking the dust from the vents. Don't leave the suction on too long as you may over rev the fan. A hot CPU is a slow CPU.

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.


How is it running now?

Ron
  • 0

#5
elijahmobile

elijahmobile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
ComboFix doesn't like my Icon Folder. I've used it for years. Also, I put it back and it passed muster with all the other scans.

Here is the logfile.

ComboFix 12-05-11.03 - Ted Goldstone 05/11/2012 18:52:03.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.415 [GMT -7:00]
Running from: c:\documents and settings\Ted Goldstone\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ted Goldstone\Desktop\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\microsoft\media index\wmplibrary_v_0_12.lrd
c:\windows\dasetup.log
c:\windows\iun6002.exe
c:\windows\system32\Icons
c:\windows\system32\Icons\16 bit Fix.ico
c:\windows\system32\Icons\23min in [bleep].ico
c:\windows\system32\Icons\2wire SM.ico
c:\windows\system32\Icons\3 People Box.ico
c:\windows\system32\Icons\A BMP.ico
c:\windows\system32\Icons\A GIF.ico
c:\windows\system32\Icons\A JPEG.ico
c:\windows\system32\Icons\A PDF.ico
c:\windows\system32\Icons\A PNG.ico
c:\windows\system32\Icons\A TIFF.ico
c:\windows\system32\Icons\ABC 7 Circle Logo.ico
c:\windows\system32\Icons\ABC LG.ico
c:\windows\system32\Icons\ABC Logo.ico
c:\windows\system32\Icons\ABC News.ico
c:\windows\system32\Icons\ABetterInternet.ico
c:\windows\system32\Icons\Ad-Aware 2007.ico
c:\windows\system32\Icons\Adobe Acrobat NEW LG.ico
c:\windows\system32\Icons\Adobe Acrobat NEW SM.ico
c:\windows\system32\Icons\Adobe Acrobat SM.ico
c:\windows\system32\Icons\Adobe BMP Icon.ico
c:\windows\system32\Icons\ADOBE CLN.ico
c:\windows\system32\Icons\Adobe CS.ico
c:\windows\system32\Icons\ADOBE Logo.ico
c:\windows\system32\Icons\AIM LG.ico
c:\windows\system32\Icons\Air1.ico
c:\windows\system32\Icons\Alex.ico
c:\windows\system32\Icons\AlmondMacaroons.ico
c:\windows\system32\Icons\Almost there.ico
c:\windows\system32\Icons\Amazon LG.ico
c:\windows\system32\Icons\America's Cup.ico
c:\windows\system32\Icons\American Thinker.ico
c:\windows\system32\Icons\AMPfontviewer LG.ico
c:\windows\system32\Icons\AMPsoft.ico
c:\windows\system32\Icons\Annapolis Summit 07.ico
c:\windows\system32\Icons\Answers-BC #2.ico
c:\windows\system32\Icons\Answers-BC.ico
c:\windows\system32\Icons\AP.ico
c:\windows\system32\Icons\Applian Clear.ico
c:\windows\system32\Icons\Applian LG.ico
c:\windows\system32\Icons\Applian NEW SM.ico
c:\windows\system32\Icons\Applian NEW.ico
c:\windows\system32\Icons\Applian SM.ico
c:\windows\system32\Icons\AskOxford SM.ico
c:\windows\system32\Icons\AT&T.ico
c:\windows\system32\Icons\ATI Radeon.ico
c:\windows\system32\Icons\ATI.ico
c:\windows\system32\Icons\Atribune.ico
c:\windows\system32\Icons\Attache Case LG.ico
c:\windows\system32\Icons\Attache Case SM.ico
c:\windows\system32\Icons\AudioA.ico
c:\windows\system32\Icons\Autry Museum.ico
c:\windows\system32\Icons\AVG 3D.ico
c:\windows\system32\Icons\AVG SM.ico
c:\windows\system32\Icons\AVG.ico
c:\windows\system32\Icons\B of A.ico
c:\windows\system32\Icons\Baby's Name World.ico
c:\windows\system32\Icons\Baby Blue BBQ.ico
c:\windows\system32\Icons\BackMagic.ico
c:\windows\system32\Icons\Baja Fresh.ico
c:\windows\system32\Icons\BandWidth LG.ico
c:\windows\system32\Icons\BandWidth SM.ico
c:\windows\system32\Icons\BandWidth.ico
c:\windows\system32\Icons\Bank of NY LG.ico
c:\windows\system32\Icons\Barnes & Noble.ico
c:\windows\system32\Icons\Bayless Conley.ico
c:\windows\system32\Icons\BBC- America.ico
c:\windows\system32\Icons\BBReports LG.ico
c:\windows\system32\Icons\Bec.ico
c:\windows\system32\Icons\Bed B& B Logo.ico
c:\windows\system32\Icons\Bed Bath & Beyond.ico
c:\windows\system32\Icons\Belarc.ico
c:\windows\system32\Icons\Ben Stein.ico
c:\windows\system32\Icons\Benny Hinn DKGold.ico
c:\windows\system32\Icons\Benny Hinn Pic LG.ico
c:\windows\system32\Icons\Benny Hinn Purple.ico
c:\windows\system32\Icons\Benny Hinn.ico
c:\windows\system32\Icons\Best Buy Clear.ico
c:\windows\system32\Icons\Best Buy CLR.ico
c:\windows\system32\Icons\Best Buy.ico
c:\windows\system32\Icons\BestBuy PoolSupply.ico
c:\windows\system32\Icons\Beta.ico
c:\windows\system32\Icons\Beverly Hills Sign.ico
c:\windows\system32\Icons\Bible Code LG.ico
c:\windows\system32\Icons\Bible Code SM.ico
c:\windows\system32\Icons\Bible Codes.ico
c:\windows\system32\Icons\Bible Gateway.ico
c:\windows\system32\Icons\Bible.ico
c:\windows\system32\Icons\Bill Cloud Pic LG.ico
c:\windows\system32\Icons\Bill Cloud.ico
c:\windows\system32\Icons\Biography.ico
c:\windows\system32\Icons\Black Angus.ico
c:\windows\system32\Icons\Blaze.ico
c:\windows\system32\Icons\Bliss.ico
c:\windows\system32\Icons\Blockbuster.ico
c:\windows\system32\Icons\Blogger.ico
c:\windows\system32\Icons\Blue Block.ico
c:\windows\system32\Icons\Blue i.ico
c:\windows\system32\Icons\Blue Left Arrow.ico
c:\windows\system32\Icons\Blue Marble.ico
c:\windows\system32\Icons\Blue Monitor.ico
c:\windows\system32\Icons\Boombox.ico
c:\windows\system32\Icons\Boston Globe.ico
c:\windows\system32\Icons\Box of Books.ico
c:\windows\system32\Icons\Boxed WMP.ico
c:\windows\system32\Icons\BrainyQuote.ico
c:\windows\system32\Icons\BREATHEcast LG.ico
c:\windows\system32\Icons\Briefcase LG.ico
c:\windows\system32\Icons\Briefcase SM.ico
c:\windows\system32\Icons\Brother.ico
c:\windows\system32\Icons\Burbank Leader.ico
c:\windows\system32\Icons\Burbank.ico
c:\windows\system32\Icons\Burger King.ico
c:\windows\system32\Icons\Butterball LG.ico
c:\windows\system32\Icons\BVOV.ico
c:\windows\system32\Icons\C-Span.ico
c:\windows\system32\Icons\CA DMV Round.ico
c:\windows\system32\Icons\CA DMV.ico
c:\windows\system32\Icons\CA State Seal SM.ico
c:\windows\system32\Icons\Camera Battery.ico
c:\windows\system32\Icons\Canning Pantry.ico
c:\windows\system32\Icons\Carly Simon.ico
c:\windows\system32\Icons\Carol's Car.ico
c:\windows\system32\Icons\Carrizo Plain.ico
c:\windows\system32\Icons\Caution Sign.ico
c:\windows\system32\Icons\CBN Fire LG.ico
c:\windows\system32\Icons\CBN Fire.ico
c:\windows\system32\Icons\CBN LG.ico
c:\windows\system32\Icons\CBS BLack SM.ico
c:\windows\system32\Icons\CBS Logo Blue.ico
c:\windows\system32\Icons\CBS2 Logo.ico
c:\windows\system32\Icons\CCM.ico
c:\windows\system32\Icons\CD Blue Arrow.ico
c:\windows\system32\Icons\CD Colored Label.ico
c:\windows\system32\Icons\CD Gold.ico
c:\windows\system32\Icons\CD Logs.ico
c:\windows\system32\Icons\CD Media.ico
c:\windows\system32\Icons\CD_audio_SONY.ico
c:\windows\system32\Icons\CEM Online.ico
c:\windows\system32\Icons\Centon.ico
c:\windows\system32\Icons\Charter Logo-SM.ico
c:\windows\system32\Icons\Charter Logo.ico
c:\windows\system32\Icons\Charter.ico
c:\windows\system32\Icons\Check Sheet SM.ico
c:\windows\system32\Icons\Cherryland.ico
c:\windows\system32\Icons\Chinese Food.ico
c:\windows\system32\Icons\Christian Ebner.ico
c:\windows\system32\Icons\Christian WorldView LG.ico
c:\windows\system32\Icons\Christian WorldView SM.ico
c:\windows\system32\Icons\Circuit City LG.ico
c:\windows\system32\Icons\Circuit City Logo.ico
c:\windows\system32\Icons\Citi LG.ico
c:\windows\system32\Icons\Citi.ico
c:\windows\system32\Icons\CNN Logo.ico
c:\windows\system32\Icons\Coca Cola.ico
c:\windows\system32\Icons\Cockroach.ico
c:\windows\system32\Icons\CodeFinder Chart LG.ico
c:\windows\system32\Icons\CodeFinder Chart SM.ico
c:\windows\system32\Icons\CodeFinder.ico
c:\windows\system32\Icons\Coleman Graphite.ico
c:\windows\system32\Icons\Commentary.ico
c:\windows\system32\Icons\CompUSA LG.ico
c:\windows\system32\Icons\Computer Associates.ico
c:\windows\system32\Icons\Conair Hair Dryer.ico
c:\windows\system32\Icons\ConfirmThem Gavel.ico
c:\windows\system32\Icons\Cookie.ico
c:\windows\system32\Icons\Cooking Dash.ico
c:\windows\system32\Icons\Corinth Chronicles LG.ico
c:\windows\system32\Icons\Costco NEW SM.ico
c:\windows\system32\Icons\Costco v LG.ico
c:\windows\system32\Icons\Covenant EVF.ico
c:\windows\system32\Icons\Creation Evidence Museum.ico
c:\windows\system32\Icons\Creative White.ico
c:\windows\system32\Icons\Creative.ico
c:\windows\system32\Icons\Crosswalk LG.ico
c:\windows\system32\Icons\Crosswalk.ico
c:\windows\system32\Icons\Crysler Logo.ico
c:\windows\system32\Icons\Crystal Lewis.ico
c:\windows\system32\Icons\CSE Logo.ico
c:\windows\system32\Icons\Cuisinart Toaster.ico
c:\windows\system32\Icons\Cupcake Pin.ico
c:\windows\system32\Icons\Curb #.ico
c:\windows\system32\Icons\Curcuit City Logo.ico
c:\windows\system32\Icons\Current.ico
c:\windows\system32\Icons\Cuticle Nipper.ico
c:\windows\system32\Icons\CWShredder.ico
c:\windows\system32\Icons\Daily Caller.ico
c:\windows\system32\Icons\Daily News.ico
c:\windows\system32\Icons\Daily Standard.ico
c:\windows\system32\Icons\Dave Loggins.ico
c:\windows\system32\Icons\DavidWilkerson.ico
c:\windows\system32\Icons\Day 7 LG.ico
c:\windows\system32\Icons\DEBKAfile.ico
c:\windows\system32\Icons\DELL Gray.ico
c:\windows\system32\Icons\Dell Logo SM.ico
c:\windows\system32\Icons\DELL Page Clr LG.ico
c:\windows\system32\Icons\DELL Smooth LG.ico
c:\windows\system32\Icons\DELL Smooth SM.ico
c:\windows\system32\Icons\DELL Support LG.ico
c:\windows\system32\Icons\Dell Support.ico
c:\windows\system32\Icons\Democrat Seal.ico
c:\windows\system32\Icons\DHL MED.ico
c:\windows\system32\Icons\Diana Olson.ico
c:\windows\system32\Icons\Diane 7-21-05.ico
c:\windows\system32\Icons\digidesign.ico
c:\windows\system32\Icons\Direct TV.ico
c:\windows\system32\Icons\DIRECTV Wave.ico
c:\windows\system32\Icons\DiscoverThe Network.ico
c:\windows\system32\Icons\Discovery.ico
c:\windows\system32\Icons\Disney Shortcut.ico
c:\windows\system32\Icons\DivX.ico
c:\windows\system32\Icons\DIY Logo.ico
c:\windows\system32\Icons\DNA.ico
c:\windows\system32\Icons\Doctor.ico
c:\windows\system32\Icons\Dogfights LG.ico
c:\windows\system32\Icons\Dr Dobson.ico
c:\windows\system32\Icons\Dr Kennedy.ico
c:\windows\system32\Icons\Dr NObama.ico
c:\windows\system32\Icons\Dr TCP.ico
c:\windows\system32\Icons\Dreyer's SlowChurned.ico
c:\windows\system32\Icons\DVD Media.ico
c:\windows\system32\Icons\DVD.ico
c:\windows\system32\Icons\Eagle Mountian IC.ico
c:\windows\system32\Icons\Earth from Above.ico
c:\windows\system32\Icons\Earth&Moon Viewer.ico
c:\windows\system32\Icons\Earthlink e.ico
c:\windows\system32\Icons\Easy GIF B&W SM.ico
c:\windows\system32\Icons\Easy GIF Animator.ico
c:\windows\system32\Icons\Easy GIF B&W LG.ico
c:\windows\system32\Icons\Eddie Long.ico
c:\windows\system32\Icons\eDeal.ico
c:\windows\system32\Icons\Elder Geek.ico
c:\windows\system32\Icons\Elijah List Logo.ico
c:\windows\system32\Icons\Elliot.ico
c:\windows\system32\Icons\EMC 8 LG.ico
c:\windows\system32\Icons\Emerald Nuts.ico
c:\windows\system32\Icons\EMI.ico
c:\windows\system32\Icons\Encyclopediacom.ico
c:\windows\system32\Icons\Envelope.ico
c:\windows\system32\Icons\EPL.ico
c:\windows\system32\Icons\Estroven PM.ico
c:\windows\system32\Icons\Eureka Sanitaire LG.ico
c:\windows\system32\Icons\Eureka Sanitaire.ico
c:\windows\system32\Icons\Eurozone Logo.ico
c:\windows\system32\Icons\ewido-LG.ico
c:\windows\system32\Icons\ewido SM.ico
c:\windows\system32\Icons\ewido.ico
c:\windows\system32\Icons\F-8 Crusader.ico
c:\windows\system32\Icons\F-Secure LG.ico
c:\windows\system32\Icons\F-Secure.ico
c:\windows\system32\Icons\Facebook LG.ico
c:\windows\system32\Icons\FacebookLG.ico
c:\windows\system32\Icons\Fairburn.ico
c:\windows\system32\Icons\Family Christian LG.ico
c:\windows\system32\Icons\Fasting.ico
c:\windows\system32\Icons\FedEx MED LG.ico
c:\windows\system32\Icons\Feist Directory.ico
c:\windows\system32\Icons\FilePaper.ico
c:\windows\system32\Icons\Film.ico
c:\windows\system32\Icons\Financial Times.ico
c:\windows\system32\Icons\FIRE Folder.ico
c:\windows\system32\Icons\Flash Button.ico
c:\windows\system32\Icons\Flash LG.ico
c:\windows\system32\Icons\Flash logo LG.ico
c:\windows\system32\Icons\FLV File NEW.ico
c:\windows\system32\Icons\FLV File Type.ico
c:\windows\system32\Icons\FLV File.ico
c:\windows\system32\Icons\FLV Player NEW.ico
c:\windows\system32\Icons\FLV Player.ico
c:\windows\system32\Icons\FON SM.ico
c:\windows\system32\Icons\Food Facts.ico
c:\windows\system32\Icons\FOOD Network.ico
c:\windows\system32\Icons\FoodSection.ico
c:\windows\system32\Icons\Forefront-SM.ico
c:\windows\system32\Icons\FOX News.ico
c:\windows\system32\Icons\FoxNews.ico
c:\windows\system32\Icons\Freecorder.ico
c:\windows\system32\Icons\Frigidaire Frig.ico
c:\windows\system32\Icons\FrontPage Mag SM.ico
c:\windows\system32\Icons\FrontPageMag LG.ico
c:\windows\system32\Icons\FrontPageMag2 SM.ico
c:\windows\system32\Icons\Fruit.ico
c:\windows\system32\Icons\Fry's SM.ico
c:\windows\system32\Icons\Fry's.ico
c:\windows\system32\Icons\Fuse TV.ico
c:\windows\system32\Icons\Gardening.ico
c:\windows\system32\Icons\Gear LG.ico
c:\windows\system32\Icons\GeeksToGo-LG.ico
c:\windows\system32\Icons\GeeksToGo-SM.ico
c:\windows\system32\Icons\GeeksToGo.ico
c:\windows\system32\Icons\GifWorks SM.ico
c:\windows\system32\Icons\Glenn Beck CG.ico
c:\windows\system32\Icons\Glenn Beck GB.ico
c:\windows\system32\Icons\Glenn Beck LOGO.ico
c:\windows\system32\Icons\Glenn Beck.ico
c:\windows\system32\Icons\Glick.ico
c:\windows\system32\Icons\Global Lights.ico
c:\windows\system32\Icons\Globe Grid SM.ico
c:\windows\system32\Icons\Globe NetMeeting.ico
c:\windows\system32\Icons\Globe.ico
c:\windows\system32\Icons\GMail.ico
c:\windows\system32\Icons\GOD TV.ico
c:\windows\system32\Icons\GoldenWeb LG.ico
c:\windows\system32\Icons\GoldenWeb SM.ico
c:\windows\system32\Icons\Google LG.ico
c:\windows\system32\Icons\Google NEW SM.ico
c:\windows\system32\Icons\Google.ico
c:\windows\system32\Icons\Googstapo.ico
c:\windows\system32\Icons\GOP.ico
c:\windows\system32\Icons\Gospel Music Channel.ico
c:\windows\system32\Icons\Green Plus.ico
c:\windows\system32\Icons\Grid Globe SM.ico
c:\windows\system32\Icons\Grid Globe.ico
c:\windows\system32\Icons\Griddler.ico
c:\windows\system32\Icons\Grosh.ico
c:\windows\system32\Icons\GSN Logo SM.ico
c:\windows\system32\Icons\GSN LogoLG.ico
c:\windows\system32\Icons\Guy Fieri.ico
c:\windows\system32\Icons\Hal Lindsey 2.ico
c:\windows\system32\Icons\Hal Lindsey 3.ico
c:\windows\system32\Icons\Hal Lindsey HL SM.ico
c:\windows\system32\Icons\Hal Lindsey.ico
c:\windows\system32\Icons\HalLindseyOracle.ico
c:\windows\system32\Icons\Hallmark LG.ico
c:\windows\system32\Icons\Halos Clear SM.ico
c:\windows\system32\Icons\Halos Clear.ico
c:\windows\system32\Icons\Happy Face SM.ico
c:\windows\system32\Icons\Hardware Accel OFF.ico
c:\windows\system32\Icons\HD LOGO.ico
c:\windows\system32\Icons\HE is here LG.ico
c:\windows\system32\Icons\Help.ico
c:\windows\system32\Icons\Henry's.ico
c:\windows\system32\Icons\High School Musical.ico
c:\windows\system32\Icons\HijackThis.ico
c:\windows\system32\Icons\History CH.ico
c:\windows\system32\Icons\HOLD.ico
c:\windows\system32\Icons\Hollywood Video SM.ico
c:\windows\system32\Icons\Holy Spirit Flame.ico
c:\windows\system32\Icons\Home Depot.ico
c:\windows\system32\Icons\Homestead.ico
c:\windows\system32\Icons\Hoster LG.ico
c:\windows\system32\Icons\Hoster.ico
c:\windows\system32\Icons\HOSTS OFF.ico
c:\windows\system32\Icons\Hot Air LG.ico
c:\windows\system32\Icons\Hot Air NEW SM.ico
c:\windows\system32\Icons\Hot Air SM.ico
c:\windows\system32\Icons\HotWater Dispenser.ico
c:\windows\system32\Icons\HP Logo LG.ico
c:\windows\system32\Icons\HP Orange.ico
c:\windows\system32\Icons\HP.ico
c:\windows\system32\Icons\HubbleSite LG.ico
c:\windows\system32\Icons\Hugh Hewitt.ico
c:\windows\system32\Icons\icon sushi.ico
c:\windows\system32\Icons\IE Page.ico
c:\windows\system32\Icons\IE.ico
c:\windows\system32\Icons\IECookie Viewer.ico
c:\windows\system32\Icons\IExplorer.ico
c:\windows\system32\Icons\IKEA LG.ico
c:\windows\system32\Icons\IKEA.ico
c:\windows\system32\Icons\IMDb LG.ico
c:\windows\system32\Icons\IMDb.ico
c:\windows\system32\Icons\IMDbLG.ico
c:\windows\system32\Icons\Indoctrinate U.ico
c:\windows\system32\Icons\Inpop.ico
c:\windows\system32\Icons\Intel.ico
c:\windows\system32\Icons\Intellicast SM.ico
c:\windows\system32\Icons\IntellicastRadar.ico
c:\windows\system32\Icons\IntelliMouse.ico
c:\windows\system32\Icons\Investor's Business Daily.ico
c:\windows\system32\Icons\IOGear LG.ico
c:\windows\system32\Icons\IRS Logo.ico
c:\windows\system32\Icons\Israel Flag.ico
c:\windows\system32\Icons\Israel Map.ico
c:\windows\system32\Icons\Jan Crouch.ico
c:\windows\system32\Icons\JapanFlag.ico
c:\windows\system32\Icons\JapanNavy Flag B.ico
c:\windows\system32\Icons\JapanNavy Furled.ico
c:\windows\system32\Icons\Java LG.ico
c:\windows\system32\Icons\Java SM.ico
c:\windows\system32\Icons\JavaScript.ico
c:\windows\system32\Icons\JC-TV.ico
c:\windows\system32\Icons\Jentzen Franklin.ico
c:\windows\system32\Icons\Jersualem Newswire.ico
c:\windows\system32\Icons\Jerusalem Post.ico
c:\windows\system32\Icons\Jesus Camp.ico
c:\windows\system32\Icons\Jill & Lee LG.ico
c:\windows\system32\Icons\Join Arnold.ico
c:\windows\system32\Icons\Jose Ole LG.ico
c:\windows\system32\Icons\Joseph Prince.ico
c:\windows\system32\Icons\JunkYard Blog.ico
c:\windows\system32\Icons\JunkYardBlog.ico
c:\windows\system32\Icons\JYB SM.ico
c:\windows\system32\Icons\Kenneth Copeland 2.ico
c:\windows\system32\Icons\Kenneth Copeland.ico
c:\windows\system32\Icons\Keys.ico
c:\windows\system32\Icons\Kim Clement Prophecy.ico
c:\windows\system32\Icons\Kim Clement.ico
c:\windows\system32\Icons\KimClement Prophecy.ico
c:\windows\system32\Icons\Kitchen Aid Blender.ico
c:\windows\system32\Icons\KitchenAid.ico
c:\windows\system32\Icons\Kitten.ico
c:\windows\system32\Icons\Kmart LG.ico
c:\windows\system32\Icons\Kmart SM.ico
c:\windows\system32\Icons\KMR.ico
c:\windows\system32\Icons\KozyShack LG.ico
c:\windows\system32\Icons\KreepyKrauly.ico
c:\windows\system32\Icons\LA County Seal.ico
c:\windows\system32\Icons\LA Times.ico
c:\windows\system32\Icons\Label Creator Colored.ico
c:\windows\system32\Icons\Label Creator.ico
c:\windows\system32\Icons\LadyBug.ico
c:\windows\system32\Icons\LAFD Logo.ico
c:\windows\system32\Icons\LATimes LG.ico
c:\windows\system32\Icons\Laura Bush.ico
c:\windows\system32\Icons\Lauren's PAGE.ico
c:\windows\system32\Icons\Lavasoft.ico
c:\windows\system32\Icons\Lemon.ico
c:\windows\system32\Icons\Leslie's Poolmart.ico
c:\windows\system32\Icons\Liberty Medical LG.ico
c:\windows\system32\Icons\Lighting Globe.ico
c:\windows\system32\Icons\Linen N Things.ico
c:\windows\system32\Icons\Litehouse.ico
c:\windows\system32\Icons\Live Doppler 7000+.ico
c:\windows\system32\Icons\Live Search.ico
c:\windows\system32\Icons\Lockman Foundation.ico
c:\windows\system32\Icons\Lomanco.ico
c:\windows\system32\Icons\Love's Abiding Joy.ico
c:\windows\system32\Icons\Love's Long Journey.ico
c:\windows\system32\Icons\Lowe's Lrg.ico
c:\windows\system32\Icons\Lowe's.ico
c:\windows\system32\Icons\Macromedia CLR LG.ico
c:\windows\system32\Icons\Macromedia SM.ico
c:\windows\system32\Icons\Magic of Ordinary Days LG.ico
c:\windows\system32\Icons\Malibu Light.ico
c:\windows\system32\Icons\MAMBOS.ico
c:\windows\system32\Icons\Mark Steyn.ico
c:\windows\system32\Icons\Marzetti.ico
c:\windows\system32\Icons\Maxtor SM.ico
c:\windows\system32\Icons\Maxtor Utilities.ico
c:\windows\system32\Icons\Maxtor.ico
c:\windows\system32\Icons\McAfee SM.ico
c:\windows\system32\Icons\MClipboard.ico
c:\windows\system32\Icons\MD.ico
c:\windows\system32\Icons\Medco Pill CLR.ico
c:\windows\system32\Icons\Medco Pill.ico
c:\windows\system32\Icons\Meuller.ico
c:\windows\system32\Icons\Michael Barone.ico
c:\windows\system32\Icons\Michaels LOGO.ico
c:\windows\system32\Icons\MightyFax.ico
c:\windows\system32\Icons\Military.ico
c:\windows\system32\Icons\Minute Fudge.ico
c:\windows\system32\Icons\Modem.ico
c:\windows\system32\Icons\Moen.ico
c:\windows\system32\Icons\Moonrays LOGO.ico
c:\windows\system32\Icons\Moonrays.ico
c:\windows\system32\Icons\Moore Life Ministries.ico
c:\windows\system32\Icons\Motorola LG.ico
c:\windows\system32\Icons\Motorola SM.ico
c:\windows\system32\Icons\Mountain High.ico
c:\windows\system32\Icons\MovieTickets.ico
c:\windows\system32\Icons\mp3.ico
c:\windows\system32\Icons\Mrs Grass.ico
c:\windows\system32\Icons\MS Beta Puck.ico
c:\windows\system32\Icons\MS Green Button LG.ico
c:\windows\system32\Icons\MS Mouse.ico
c:\windows\system32\Icons\MS Office 3D.ico
c:\windows\system32\Icons\MS Office Logo NEW.ico
c:\windows\system32\Icons\MS Puck.ico
c:\windows\system32\Icons\MS Streets & Trips LG.ico
c:\windows\system32\Icons\MS Update Button.ico
c:\windows\system32\Icons\MS Update Logo LG.ico
c:\windows\system32\Icons\MS Update Logo SM.ico
c:\windows\system32\Icons\MS Update.ico
c:\windows\system32\Icons\MS Win CLR.ico
c:\windows\system32\Icons\MS Windows SM.ico
c:\windows\system32\Icons\MS Windows.ico
c:\windows\system32\Icons\MS Word LG.ico
c:\windows\system32\Icons\MS Word SM.ico
c:\windows\system32\Icons\MS Works.ico
c:\windows\system32\Icons\MSN Butterfly LG.ico
c:\windows\system32\Icons\MSN Butterfly SM.ico
c:\windows\system32\Icons\MSNBC Logo.ico
c:\windows\system32\Icons\MTI Shorcut.ico
c:\windows\system32\Icons\MuVo V100.ico
c:\windows\system32\Icons\MVP HOSTS.ico
c:\windows\system32\Icons\myPCtuneup LG.ico
c:\windows\system32\Icons\MySpace Video.ico
c:\windows\system32\Icons\MySuperSoft LG.ico
c:\windows\system32\Icons\MySuperSoft NEW LG.ico
c:\windows\system32\Icons\MySuperSoft NEW SM.ico
c:\windows\system32\Icons\MySuperSoft SM.ico
c:\windows\system32\Icons\Name Origin.ico
c:\windows\system32\Icons\Nativity Story.ico
c:\windows\system32\Icons\NAV 2007.ico
c:\windows\system32\Icons\NAV LG.ico
c:\windows\system32\Icons\NAV New LG.ico
c:\windows\system32\Icons\Navy Photos.ico
c:\windows\system32\Icons\NAVY SM.ico
c:\windows\system32\Icons\NBC Logo CLEAN.ico
c:\windows\system32\Icons\NBC Logo.ico
c:\windows\system32\Icons\NBC Olympics.ico
c:\windows\system32\Icons\Nero Box LG.ico
c:\windows\system32\Icons\Nero NEW.ico
c:\windows\system32\Icons\Nero SM.ico
c:\windows\system32\Icons\Nero StartSmart.ico
c:\windows\system32\Icons\Nero2 LG.ico
c:\windows\system32\Icons\Netflix LOGO.ico
c:\windows\system32\Icons\New Madrid.ico
c:\windows\system32\Icons\New Yorker LG.ico
c:\windows\system32\Icons\Nikkei-A.ico
c:\windows\system32\Icons\Nikkei-B.ico
c:\windows\system32\Icons\NirSoft SM.ico
c:\windows\system32\Icons\NIST.ico
c:\windows\system32\Icons\NO Sign LG.ico
c:\windows\system32\Icons\NO Sign SM.ico
c:\windows\system32\Icons\NOAA.ico
c:\windows\system32\Icons\Noah's Ark LG.ico
c:\windows\system32\Icons\Northern Alliance.ico
c:\windows\system32\Icons\Norton Atom.ico
c:\windows\system32\Icons\Norton NIS.ico
c:\windows\system32\Icons\NortonCircle.ico
c:\windows\system32\Icons\NortonGlobe.ico
c:\windows\system32\Icons\NortonNIS.ico
c:\windows\system32\Icons\Notebook.ico
c:\windows\system32\Icons\NRO.ico
c:\windows\system32\Icons\NY Sun.ico
c:\windows\system32\Icons\NY Times.ico
c:\windows\system32\Icons\NYP LG.ico
c:\windows\system32\Icons\NYPLibrary.ico
c:\windows\system32\Icons\NYSE.ico
c:\windows\system32\Icons\ObamaSeal.ico
c:\windows\system32\Icons\OC Register.ico
c:\windows\system32\Icons\Office Depot SQ.ico
c:\windows\system32\Icons\Office Depot White.ico
c:\windows\system32\Icons\Oinkster.ico
c:\windows\system32\Icons\Omega Letter LG.ico
c:\windows\system32\Icons\Omega Letter SM.ico
c:\windows\system32\Icons\OmegaLetter LG.ico
c:\windows\system32\Icons\OmegaLetter SM.ico
c:\windows\system32\Icons\OprahWinfrey.ico
c:\windows\system32\Icons\Optical Media.ico
c:\windows\system32\Icons\Orange Globe LG.ico
c:\windows\system32\Icons\OSH Lrg.ico
c:\windows\system32\Icons\Outback Logo.ico
c:\windows\system32\Icons\Outlook Express LG.ico
c:\windows\system32\Icons\Outlook Express SM.ico
c:\windows\system32\Icons\Outlook Express2 LG.ico
c:\windows\system32\Icons\Outlook Express2 SM.ico
c:\windows\system32\Icons\Outpost.ico
c:\windows\system32\Icons\Overland.ico
c:\windows\system32\Icons\Padlock.ico
c:\windows\system32\Icons\PAISTE.ico
c:\windows\system32\Icons\PajamasMedia.ico
c:\windows\system32\Icons\Panasonic.ico
c:\windows\system32\Icons\Panda.ico
c:\windows\system32\Icons\Paper Airplane LG.ico
c:\windows\system32\Icons\PeekIntoYesterday.ico
c:\windows\system32\Icons\People's Choice.ico
c:\windows\system32\Icons\PeoplePC.ico
c:\windows\system32\Icons\Pep Boys.ico
c:\windows\system32\Icons\PepBoys.ico
c:\windows\system32\Icons\Perry Stone.ico
c:\windows\system32\Icons\Petco.ico
c:\windows\system32\Icons\PetSmart.ico
c:\windows\system32\Icons\Pharaoh.ico
c:\windows\system32\Icons\Photo.ico
c:\windows\system32\Icons\Picture.ico
c:\windows\system32\Icons\Pie Chart LG.ico
c:\windows\system32\Icons\Pie Chart SM.ico
c:\windows\system32\Icons\Pocket KillBox.ico
c:\windows\system32\Icons\Politico.ico
c:\windows\system32\Icons\Postage Stamp.ico
c:\windows\system32\Icons\Potters House.ico
c:\windows\system32\Icons\Power Snake.ico
c:\windows\system32\Icons\Powerline AOL.ico
c:\windows\system32\Icons\Powerline NEW SM.ico
c:\windows\system32\Icons\PowerLine.ico
c:\windows\system32\Icons\PrimeMail-Pill.ico
c:\windows\system32\Icons\PrimeMail.ico
c:\windows\system32\Icons\Program BOX w_Disc.ico
c:\windows\system32\Icons\Program BOX.ico
c:\windows\system32\Icons\Puritan's Pride.ico
c:\windows\system32\Icons\Purse.ico
c:\windows\system32\Icons\Quest LOGO.ico
c:\windows\system32\Icons\Quote LG.ico
c:\windows\system32\Icons\QVC.ico
c:\windows\system32\Icons\Rachael Ray.ico
c:\windows\system32\Icons\Radio Wizard.ico
c:\windows\system32\Icons\Ralphs.ico
c:\windows\system32\Icons\RCP LG.ico
c:\windows\system32\Icons\RCP SM.ico
c:\windows\system32\Icons\RealClearPolitics.ico
c:\windows\system32\Icons\Red X LG.ico
c:\windows\system32\Icons\Red X SM.ico
c:\windows\system32\Icons\Red XL.ico
c:\windows\system32\Icons\Rediscovering The Kingdom.ico
c:\windows\system32\Icons\Regedit.ico
c:\windows\system32\Icons\Replay AV.ico
c:\windows\system32\Icons\Replay Converter NEW.ico
c:\windows\system32\Icons\Replay Converter.ico
c:\windows\system32\Icons\Replay Media Catcher.ico
c:\windows\system32\Icons\Replay Media Splitter.ico
c:\windows\system32\Icons\Replay Music 3.ico
c:\windows\system32\Icons\Replay Music.ico
c:\windows\system32\Icons\Replay Screencast.ico
c:\windows\system32\Icons\Replay Sreencast Full.ico
c:\windows\system32\Icons\ReplayScreencast LG.ico
c:\windows\system32\Icons\Rescue CD 2.ico
c:\windows\system32\Icons\Rescue CD 3.ico
c:\windows\system32\Icons\Rescue CD.ico
c:\windows\system32\Icons\Retrospect.ico
c:\windows\system32\Icons\Reuters.ico
c:\windows\system32\Icons\Rice Cooker.ico
c:\windows\system32\Icons\RileyA-SM.ico
c:\windows\system32\Icons\RileyA.ico
c:\windows\system32\Icons\Router.ico
c:\windows\system32\Icons\Roxio 8.ico
c:\windows\system32\Icons\Roxio Blue LG.ico
c:\windows\system32\Icons\Roxio Blue SM.ico
c:\windows\system32\Icons\Roxio DMSD.ico
c:\windows\system32\Icons\Roxio DMSM.ico
c:\windows\system32\Icons\Roxio DVD.ico
c:\windows\system32\Icons\Roxio Folder.ico
c:\windows\system32\Icons\Roxio LG.ico
c:\windows\system32\Icons\Roxio SM.ico
c:\windows\system32\Icons\Roxio Video Wave Colored.ico
c:\windows\system32\Icons\Roxio Video Wave.ico
c:\windows\system32\Icons\Roxio Yellow LG.ico
c:\windows\system32\Icons\Roxio Yellow SM.ico
c:\windows\system32\Icons\Royal Scale.ico
c:\windows\system32\Icons\RWNH.ico
c:\windows\system32\Icons\Sam & Grace.ico
c:\windows\system32\Icons\Samsung.ico
c:\windows\system32\Icons\Sanctus.ico
c:\windows\system32\Icons\SBC Logo.ico
c:\windows\system32\Icons\Schwinn R23.ico
c:\windows\system32\Icons\Seagate LG.ico
c:\windows\system32\Icons\Seagate SM.ico
c:\windows\system32\Icons\Sears 2.ico
c:\windows\system32\Icons\Seattle Times.ico
c:\windows\system32\Icons\SF Bus Bench.ico
c:\windows\system32\Icons\Sharp Portable AC.ico
c:\windows\system32\Icons\Sharp Wall AC.ico
c:\windows\system32\Icons\Shockwave LG.ico
c:\windows\system32\Icons\Shockwave logo LG.ico
c:\windows\system32\Icons\Shockwave SM.ico
c:\windows\system32\Icons\Shopping Cart #3.ico
c:\windows\system32\Icons\Shopping Cart.ico
c:\windows\system32\Icons\Showtime LG.ico
c:\windows\system32\Icons\Sigalert.ico
c:\windows\system32\Icons\Silent Runners.ico
c:\windows\system32\Icons\Silverlight.ico
c:\windows\system32\Icons\Singapore Time.ico
c:\windows\system32\Icons\Smoke House LG.ico
c:\windows\system32\Icons\Smoke House.ico
c:\windows\system32\Icons\Soap Opera Digest.ico
c:\windows\system32\Icons\SONY 2700 Battery.ico
c:\windows\system32\Icons\SONY BLK LG.ico
c:\windows\system32\Icons\SONY Cyber-Shot LG.ico
c:\windows\system32\Icons\Sony Cybershot.ico
c:\windows\system32\Icons\SONY DVDirect LG.ico
c:\windows\system32\Icons\SONY LG.ico
c:\windows\system32\Icons\SONY Logo.ico
c:\windows\system32\Icons\SONY RND.ico
c:\windows\system32\Icons\SONY SM BLK.ico
c:\windows\system32\Icons\SONY SM.ico
c:\windows\system32\Icons\Sony Style SM.ico
c:\windows\system32\Icons\SONY Walkman-FC.ico
c:\windows\system32\Icons\SONY Walkman.ico
c:\windows\system32\Icons\Southwest.ico
c:\windows\system32\Icons\Sparrow-SM.ico
c:\windows\system32\Icons\Spray N Grow.ico
c:\windows\system32\Icons\SSA Logo.ico
c:\windows\system32\Icons\Staples Easy Button LG.ico
c:\windows\system32\Icons\Staples SM.ico
c:\windows\system32\Icons\Staples.ico
c:\windows\system32\Icons\StarzLG.ico
c:\windows\system32\Icons\State_Local Govt.ico
c:\windows\system32\Icons\Stevia.ico
c:\windows\system32\Icons\STOP.ico
c:\windows\system32\Icons\STRATFOR.ico
c:\windows\system32\Icons\Sun-Times.ico
c:\windows\system32\Icons\SUPERAntiSpyware.ico
c:\windows\system32\Icons\SuperAVConverter LG.ico
c:\windows\system32\Icons\SuperAVConverter NEW LG.ico
c:\windows\system32\Icons\Superior Court Logo.ico
c:\windows\system32\Icons\Susan Boyle.ico
c:\windows\system32\Icons\SwiftVets Logo.ico
c:\windows\system32\Icons\Swivel Sweeper.ico
c:\windows\system32\Icons\Tail Light.ico
c:\windows\system32\Icons\Target.ico
c:\windows\system32\Icons\Target_CLR.ico
c:\windows\system32\Icons\TBN.ico
c:\windows\system32\Icons\Telegraph.ico
c:\windows\system32\Icons\Temple Institute.ico
c:\windows\system32\Icons\Test Pattern.ico
c:\windows\system32\Icons\Theremometer 2.ico
c:\windows\system32\Icons\This Is It.ico
c:\windows\system32\Icons\THISIT.ico
c:\windows\system32\Icons\Thomas Nelson.ico
c:\windows\system32\Icons\Time.ico
c:\windows\system32\Icons\Times Square Church.ico
c:\windows\system32\Icons\Times Square Orange.ico
c:\windows\system32\Icons\TitanTV LG.ico
c:\windows\system32\Icons\Tomato.ico
c:\windows\system32\Icons\TommieZito.ico
c:\windows\system32\Icons\Tony Blair.ico
c:\windows\system32\Icons\Top Secret Recipes.ico
c:\windows\system32\Icons\Toshiba DVDR.ico
c:\windows\system32\Icons\TOTUS.ico
c:\windows\system32\Icons\Town Hall LG.ico
c:\windows\system32\Icons\Town Hall.ico
c:\windows\system32\Icons\Townhall LG.ico
c:\windows\system32\Icons\Townhall NEW 2.ico
c:\windows\system32\Icons\Townhall NEW.ico
c:\windows\system32\Icons\Townhall SM.ico
c:\windows\system32\Icons\Truth Laid Bear.ico
c:\windows\system32\Icons\TuneUp LG.ico
c:\windows\system32\Icons\TuneUP Link LG.ico
c:\windows\system32\Icons\TuneUP Link SM.ico
c:\windows\system32\Icons\TuneUp SM.ico
c:\windows\system32\Icons\TV Ears.ico
c:\windows\system32\Icons\TV.ico
c:\windows\system32\Icons\TVEars.ico
c:\windows\system32\Icons\Two Peas.ico
c:\windows\system32\Icons\Ulta LG.ico
c:\windows\system32\Icons\UN Logo LG.ico
c:\windows\system32\Icons\UPHClean.ico
c:\windows\system32\Icons\UPI New.ico
c:\windows\system32\Icons\UPI.ico
c:\windows\system32\Icons\UPS-SM.ico
c:\windows\system32\Icons\UPS CLR LG.ico
c:\windows\system32\Icons\UPS LG.ico
c:\windows\system32\Icons\UPS WH LG.ico
c:\windows\system32\Icons\US House.ico
c:\windows\system32\Icons\US News SM.ico
c:\windows\system32\Icons\USA Today LG.ico
c:\windows\system32\Icons\USA Today NEW.ico
c:\windows\system32\Icons\USAA LG.ico
c:\windows\system32\Icons\USAToday.ico
c:\windows\system32\Icons\USPS.ico
c:\windows\system32\Icons\UStream LG.ico
c:\windows\system32\Icons\Vacuum.ico
c:\windows\system32\Icons\VeggieTales.ico
c:\windows\system32\Icons\VeggieTalesLG.ico
c:\windows\system32\Icons\VegiTales SM.ico
c:\windows\system32\Icons\Vert Folder.ico
c:\windows\system32\Icons\Video Camera LG.ico
c:\windows\system32\Icons\Video Camera SM.ico
c:\windows\system32\Icons\Vivo.ico
c:\windows\system32\Icons\Vodafone LG.ico
c:\windows\system32\Icons\Vodafone SM.ico
c:\windows\system32\Icons\VW Bug.ico
c:\windows\system32\Icons\VW Logo.ico
c:\windows\system32\Icons\Wall Builders.ico
c:\windows\system32\Icons\Walmart.ico
c:\windows\system32\Icons\Wash Times.ico
c:\windows\system32\Icons\Washington Examiner.ico
c:\windows\system32\Icons\Washington Post.ico
c:\windows\system32\Icons\WashTimes.ico
c:\windows\system32\Icons\Watercolor Rose.ico
c:\windows\system32\Icons\WB Logo.ico
c:\windows\system32\Icons\Weather Channel Logo.ico
c:\windows\system32\Icons\Weather Channel SM.ico
c:\windows\system32\Icons\Weather Channel SQ LG.ico
c:\windows\system32\Icons\Weather RADAR.ico
c:\windows\system32\Icons\Weather SAT.ico
c:\windows\system32\Icons\Weather Station LG.ico
c:\windows\system32\Icons\WEATHER.ico
c:\windows\system32\Icons\Weatherbug.ico
c:\windows\system32\Icons\WEB Design Forum LG CLEAN.ico
c:\windows\system32\Icons\WEB Design Forum SM.ico
c:\windows\system32\Icons\Web.ico
c:\windows\system32\Icons\Weber Grill.ico
c:\windows\system32\Icons\Webster.ico
c:\windows\system32\Icons\What Odor.ico
c:\windows\system32\Icons\Willow Tree.ico
c:\windows\system32\Icons\Wind Turbine.ico
c:\windows\system32\Icons\Windows Media LG.ico
c:\windows\system32\Icons\Windows Media SM.ico
c:\windows\system32\Icons\Windows Page.ico
c:\windows\system32\Icons\WinPcap.ico
c:\windows\system32\Icons\WinUpdatesList.ico
c:\windows\system32\Icons\WinZip.ico
c:\windows\system32\Icons\Wire GLOBE.ico
c:\windows\system32\Icons\WM AIF.ico
c:\windows\system32\Icons\WM ASF.ico
c:\windows\system32\Icons\WM ASX.ico
c:\windows\system32\Icons\WM AU.ico
c:\windows\system32\Icons\WM AVI.ico
c:\windows\system32\Icons\WM MP3.ico
c:\windows\system32\Icons\WM MPEG.ico
c:\windows\system32\Icons\WM MPG4.ico
c:\windows\system32\Icons\WM WAV.ico
c:\windows\system32\Icons\WM WMA.ico
c:\windows\system32\Icons\WM WMV.ico
c:\windows\system32\Icons\WMP 10 LG.ico
c:\windows\system32\Icons\WMP 10 SM.ico
c:\windows\system32\Icons\WMP 11.ico
c:\windows\system32\Icons\WMP Button.ico
c:\windows\system32\Icons\WMR New LG.ico
c:\windows\system32\Icons\WMR New SM.ico
c:\windows\system32\Icons\WMR Pro.ico
c:\windows\system32\Icons\WMR Reel LG.ico
c:\windows\system32\Icons\WMR Reel SM.ico
c:\windows\system32\Icons\WND Red.ico
c:\windows\system32\Icons\WND SM NEW.ico
c:\windows\system32\Icons\Wonderwash LG.ico
c:\windows\system32\Icons\Wood Shingles.ico
c:\windows\system32\Icons\WordPerfect.ico
c:\windows\system32\Icons\WorldChallenge.ico
c:\windows\system32\Icons\WorldNetDaily LRG.ico
c:\windows\system32\Icons\Write Pad.ico
c:\windows\system32\Icons\WSJ Logo.ico
c:\windows\system32\Icons\WSJournal.ico
c:\windows\system32\Icons\XBlock LG.ico
c:\windows\system32\Icons\XBlock SM.ico
c:\windows\system32\Icons\XBlock.ico
c:\windows\system32\Icons\XCleaner.ico
c:\windows\system32\Icons\XP White.ico
c:\windows\system32\Icons\YNet LOGO.ico
c:\windows\system32\Icons\yourDictionary.ico
c:\windows\system32\Icons\YouTube SM.ico
c:\windows\system32\Icons\YouTube.ico
c:\windows\system32\Icons\ZDNet.ico
c:\windows\system32\Icons\ZeroOdorPet.ico
c:\windows\system32\Icons\Zola Levitt SM.ico
c:\windows\system32\ie.ico
c:\windows\system32\open.ico
c:\windows\system32\win.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASLPRCSORA
-------\Service_Aslprcsora
.
.
((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-12 00:38 . 2012-05-12 00:38 -------- d-----w- c:\program files\Speccy
2012-05-11 22:34 . 2012-05-11 22:34 -------- d-----w- c:\documents and settings\Ted Goldstone\Application Data\Malwarebytes
2012-05-11 22:33 . 2012-05-11 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-11 22:33 . 2012-05-11 22:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-11 22:33 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-11 19:34 . 2012-05-11 19:34 -------- d-----w- C:\_OTL
2012-05-04 20:07 . 2012-05-04 20:06 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-23 22:07 . 2012-04-23 22:09 -------- d-----w- c:\windows\system32\drivers\NAV\1307000.009
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 22:55 . 2004-10-12 22:05 1880 ----a-w- c:\windows\AUTOLNCH.REG
2012-05-06 22:31 . 2012-03-29 17:35 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 22:31 . 2011-05-19 19:43 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 20:06 . 2007-05-29 04:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 20:06 . 2010-04-24 18:48 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-23 18:32 . 2009-01-10 06:55 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-23 18:32 . 2009-01-10 06:55 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2007-03-09 08:12 27648 --sha-w- c:\windows\SYSTEM32\AVSredirect.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( [email protected]_20.33.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-12 02:33 . 2012-05-12 02:33 16384 c:\windows\Temp\Perflib_Perfdata_130.dat
+ 2012-05-11 22:18 . 2012-05-11 22:18 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-12-14 20:08 . 2011-12-14 20:08 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-06-04 16:45 . 2012-02-15 19:33 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-04 16:45 . 2012-05-11 22:17 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2009-08-07 02:23 . 2009-08-07 02:23 274288 c:\windows\SoftwareDistribution\SelfUpdate\Registered\mucltui.dll
+ 2012-04-29 04:43 . 2012-04-29 04:43 8459264 c:\windows\Installer\cfe7e.msp
+ 2012-04-05 05:38 . 2012-04-05 05:38 3620864 c:\windows\Installer\cfe75.msp
+ 2012-04-05 05:38 . 2012-04-05 05:38 2831360 c:\windows\Installer\cfe6c.msp
+ 2011-08-17 16:49 . 2011-08-17 16:49 4683624 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12CNV.DLL
+ 2011-07-07 09:58 . 2011-07-07 09:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OGL.DLL
+ 2005-11-10 19:18 . 2012-05-11 22:18 55656824 c:\windows\SYSTEM32\MRT.exe
+ 2012-05-11 22:16 . 2012-05-11 22:16 20343808 c:\windows\Installer\cfe64.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"CTHelper"="CTHELPER.EXE" [2003-02-20 28672]
"AsioReg"="CTASIO.DLL" [2003-02-20 110592]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\documents and settings\Ted Goldstone\Start Menu\Programs\Startup\
MClipboard.lnk - c:\unzipped\mclipbrd\MClipbrd\MClipboard.exe [2000-2-20 611328]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"<NO NAME>"= 014
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AIM"=c:\program files\AIM\aim.exe -cnetwait.odl
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe"
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RetroExpress"=c:\progra~1\RETROS~1\RETROS~1.1\RetroExpress.exe /h
"MaxtorOneTouch"=c:\program files\Maxtor\OneTouch\utils\Onetouch.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Adobe\\Photoshop CS\\Photoshop.exe"=
"c:\\Program Files\\Adobe\\Photoshop CS\\ImageReady.exe"=
"c:\\Program Files\\Homestead\\PhotoSite AlbumBuilder\\PhotoSite.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\Homestead\\Homestead SiteBuilder LPX\\SiteBuilderLPXLauncher.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\WMR11\\WMR11.exe"=
"c:\\Program Files\\Replay Screencast\\Replay-Screencast.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\LMI1A.tmp\\lmi_rescue.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 O1394B;OW 1394b Bus Filter Service;c:\windows\SYSTEM32\DRIVERS\o1394b.sys [3/10/2007 2:53 PM 10112]
R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\NAV\1307000.009\symds.sys [4/23/2012 3:07 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NAV\1307000.009\symefa.sys [4/23/2012 3:07 PM 905336]
R1 ATMhelpr;ATMhelpr;c:\windows\SYSTEM32\DRIVERS\ATMHELPR.SYS [6/24/2005 9:43 AM 4064]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx86.sys [5/8/2012 4:15 PM 821880]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\SYSTEM32\DRIVERS\NAV\1307000.009\ccsetx86.sys [4/23/2012 3:07 PM 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\NAV\1307000.009\ironx86.sys [4/23/2012 3:07 PM 149624]
R2 LxrSII1d;Secure II Driver;c:\windows\SYSTEM32\DRIVERS\LxrSII1d.sys [3/7/2008 7:25 PM 72672]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/11/2012 3:33 PM 654408]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccsvchst.exe [4/23/2012 3:07 PM 138232]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [10/20/2009 11:19 AM 50704]
R3 appliandMP;appliandMP;c:\windows\SYSTEM32\DRIVERS\appliand.sys [6/16/2011 4:51 PM 28256]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/4/2012 12:32 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120510.001\IDSXpx86.sys [5/10/2012 4:31 PM 356792]
R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [5/11/2012 3:33 PM 22344]
R3 NeroCd2k;NeroCd2k;c:\windows\SYSTEM32\DRIVERS\NeroCd2k.sys [6/17/2005 5:33 PM 15584]
S3 appliand;Applian Network Service;c:\windows\SYSTEM32\DRIVERS\appliand.sys [6/16/2011 4:51 PM 28256]
S3 cpuz135;cpuz135;\??\c:\docume~1\TEDGOL~1\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\TEDGOL~1\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?]
S3 speccy;speccy;\??\c:\docume~1\TEDGOL~1\LOCALS~1\Temp\d78be1a9-a00e-460d-b1f4-11bd4eb1f128 --> c:\docume~1\TEDGOL~1\LOCALS~1\Temp\d78be1a9-a00e-460d-b1f4-11bd4eb1f128 [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\User_Feed_Synchronization-{FB9BC8B9-98D4-4581-B7E1-CF0DA27CE09B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.earthlink.net/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://webgames.d.tmsrv.com/c=d8f606e0db776caa6c8641fc715f1e42/aff=t_05kn1_wg/p/release/playfirst/wg_dairydash/dairydash/DairyDashWeb.1.0.0.12.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} - hxxp://71.136.8.221/xplugDL.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Freecorder_1.0 - c:\windows\iun6002.exe
AddRemove-Replay_AV_807 - c:\windows\iun6002.exe
AddRemove-Replay_Converter_1 - c:\windows\iun6002.exe
AddRemove-Replay_Media_Splitter_1.2 - c:\windows\iun6002.exe
AddRemove-Replay_Screencast_1.0 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-11 19:33
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\speccy]
"ImagePath"="\??\c:\docume~1\TEDGOL~1\LOCALS~1\Temp\d78be1a9-a00e-460d-b1f4-11bd4eb1f128"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1136)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2496)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\LxrSII1s.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Maxtor\OneTouch\Utils\SyncServices.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2012-05-11 19:39:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-12 02:39
.
Pre-Run: 86,430,277,632 bytes free
Post-Run: 86,484,885,504 bytes free
.
- - End Of File - - 062A6BA3C9CF1C790639D74A71573FE6

It's running much much better now. The HUGE delays are gone. The computer IS old and I have opened it up and cleaned it in the past. I will do it again as soon as I can.

Thank you so much.

Edited by elijahmobile, 11 May 2012 - 09:09 PM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,798 posts
  • MVP
OK. Sorry about your ICON folder.

I think it's clean now so we can clean up.

You would get a significant performance boost by replacing Norton with the free Avast or MSSE. They both seem to work as well and don't cost anything. I use Avast on all of my PCs.

We need to clean up System Restore.

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

You probably do not have the latest Java (Java™ 6 Update 29 or 7 update 1). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#7
elijahmobile

elijahmobile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Ron

Things really are back to normal and I want to thank you for the quick and professional response.

I took your advice and uninstalled and set aside my current NAV program and replaced it with Avast FREE. Interesting thing happened. After the first reboot, it (Avast) caught and quarantined the Cooking Dash game program .exe file, claiming it was trying to launch (on its own!). I think that program had come up in one of the scans you had me run. So, don't know if it was actually a problem, but I don't like the circumstances, so I cleared it from the computer.

Also wanted to let you know that OTL seems to slick the HOSTS file down to the essentially empty version - top header only. It did it the first time and I reloaded the current MVP Hosts file. Happened to check it again after running the OTL cleanup - same thing - replaced it again. My only reason for mentioning it is to suggest you add it to your cleanup listings for people who might not think to check.

Point of interest: OTL also seems to clear my Restore Points WITHOUT telling it - both times I ran it (Initial run and cleanup - I DIDN'T run it with the script commands you suggested). I had already cleared the Restore Points the night before (by turning System Restore monitoring OFF, then ON again) and had added another Restore Point after startup the next morning. After running OTL cleanup, those Restore Points were gone and just a new System Checkpoint was there from the OTL cleanup time frame (only other possible culprit would be ComboFix - intial run + uninstall run - didn't check it close enough to really know exactly - also suppose ComboFix could have been the source of the HOSTS file change mentioned above as well).

THANK YOU again.

Ted
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,798 posts
  • MVP
No idea what Cooking Dash is. Sometimes an A-V program will have a false positive. If in doubt you can always submit a file to www.virustotal.com and see what the other A-V companies think about it.

Avast has a neat feature that I really like called boot-time scan. It runs before Windows so has a better chance of catching things. Does take a while to run but you might let it run overnight sometime:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?


I tell OTL to cleanup the Hosts file with:

:Commands
[RESETHOSTS]

When you have a big hosts file it's easy to hide stuff there. I'm not a big fan of the MVP hosts list anyway. On Vista and Win 7 it really slows things down. Not so bad on XP but Avast is pretty good about warning you when you hit a bad site so I don't really see the need for it but I suppose I could add something in the XP goodbye text to replace it if you really like it.

OTL is really only supposed to clear restore points when we tell it to with:

:Commands
[CLEARALLRESTOREPOINTS]

If it is doing it at other times then Old Timer needs to know. I've posted your concern in our private forum that Old Timer monitors.

Sometimes malware will clear the System Recovery files or turn it off. In your case you did have an error:

Error - 5/10/2012 2:10:43 PM | Computer Name = DESKTOP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000009A'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.


which might have contributed to the problem.
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,798 posts
  • MVP
I talked to OldTimer about the system restore clearing. He says it's not OTL's doing. Something else going on.
  • 0

#10
elijahmobile

elijahmobile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Could have been the running of ComboFix - it was run in the same time frame (both times) as OTL when the Restore Points were cleared. I didn't catch it quick enough to know exactly when it occurred.

[I also now realize that the last time the Restore Points were cleared it appeared as though System Restore was turned off, then on again. Turned off, all Restore Points are cleared. When it is turned back on it makes a System Checkpoint and sets the default monitoring on for both my hard drives. After doing it myself previous to this, it looked identical and I manually turned monitoring off on my second storage drive. Following all this discussion, I double checked the settings and found the monitoring on again for both drives.]

Anyhow, have had no problem since - therefore foul play seems unlikely.

Edited by elijahmobile, 19 May 2012 - 03:16 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP