Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My 2nd computer, caught the same bug on the same day [Solved]


  • This topic is locked This topic is locked

#16
DragonFromWales

DragonFromWales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Thanks. here's the MiniToolBox results:

MiniToolBox by Farbar Version: 14-01-2012
Ran by Administrator (administrator) on 30-05-2012 at 08:43:10
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Dell Wireless 1510 Wireless-N WLAN Mini-Card = Wireless Network Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=172.20.14.111 mask=255.255.255.0
set address name="Local Area Connection" gateway=172.20.14.1 gwmetric=
set dns name="Local Area Connection" source=static addr=none register=PRIMARY
set wins name="Local Area Connection" source=static addr=none

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Cynwydlp

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : intranet.dcc



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-23-AE-20-B8-09



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Dell Wireless 1510 Wireless-N WLAN Mini-Card

Physical Address. . . . . . . . . : 00-24-2B-97-6F-0A

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.4

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : 30 May 2012 08:39:58

Lease Expires . . . . . . . . . . : 31 May 2012 08:39:58

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.34.174, 173.194.34.165, 173.194.34.169, 173.194.34.163
173.194.34.166, 173.194.34.161, 173.194.34.167, 173.194.34.162, 173.194.34.160
173.194.34.164, 173.194.34.168



Pinging google.com [173.194.34.65] with 32 bytes of data:



Reply from 173.194.34.65: bytes=32 time=44ms TTL=54

Reply from 173.194.34.65: bytes=32 time=47ms TTL=54



Ping statistics for 173.194.34.65:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 44ms, Maximum = 47ms, Average = 45ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=155ms TTL=46

Reply from 98.139.183.24: bytes=32 time=224ms TTL=46



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 155ms, Maximum = 224ms, Average = 189ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 23 ae 20 b8 09 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x3 ...00 24 2b 97 6f 0a ...... Dell Wireless 1510 Wireless-N WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.4 192.168.1.4 20
192.168.1.0 255.255.255.0 192.168.1.4 192.168.1.4 25
192.168.1.4 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.4 192.168.1.4 25
224.0.0.0 240.0.0.0 192.168.1.4 192.168.1.4 25
255.255.255.255 255.255.255.255 192.168.1.4 2 1
255.255.255.255 255.255.255.255 192.168.1.4 192.168.1.4 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/30/2012 08:42:48 AM) (Source: F-Secure Anti-Virus) (User: )
Description: 1 2012-05-30 08:42:47+01:00 CYNWYDLP CYNWYDLP\Administrator F-Secure Anti-Virus
Malicious code found in Master Boot Record of disk MBR (0x80).
Infection: Trojan:Boot/Mebroot.B

Error: (05/28/2012 05:45:18 AM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (05/28/2012 05:45:18 AM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (05/27/2012 07:57:52 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (05/27/2012 07:57:52 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (05/27/2012 05:05:39 AM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (05/27/2012 05:05:39 AM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (05/26/2012 08:53:35 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (05/26/2012 08:53:35 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (05/26/2012 08:50:01 PM) (Source: F-Secure Anti-Virus) (User: )
Description: 1 2012-05-26 20:50:00+01:00 CYNWYDLP CYNWYDLP\Administrator F-Secure Anti-Virus
Malicious code found in Master Boot Record of disk MBR (0x80).
Infection: Trojan:Boot/Mebroot.B


System errors:
=============
Error: (05/30/2012 08:41:50 AM) (Source: Service Control Manager) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (05/30/2012 08:41:45 AM) (Source: Service Control Manager) (User: )
Description: The Security Microsoft service terminated with the following error:
%%126

Error: (05/30/2012 08:41:12 AM) (Source: Service Control Manager) (User: )
Description: The ZoneAlarm Toolbar ISWKL service failed to start due to the following error:
%%2

Error: (05/30/2012 08:39:58 AM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1058" attempting to start the service gusvc with arguments ""
in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error: (05/28/2012 09:32:16 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/28/2012 09:44:34 AM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (05/28/2012 08:37:59 AM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (05/28/2012 07:08:04 AM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (05/28/2012 06:47:09 AM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (05/28/2012 06:44:58 AM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================
Error: (05/30/2012 08:42:48 AM) (Source: F-Secure Anti-Virus)(User: )
Description: 1 2012-05-30 08:42:47+01:00 CYNWYDLP CYNWYDLP\Administrator F-Secure Anti-Virus
Malicious code found in Master Boot Record of disk MBR (0x80).
Infection: Trojan:Boot/Mebroot.B

Error: (05/28/2012 05:45:18 AM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl

Error: (05/28/2012 05:45:18 AM) (Source: LoadPerf)(User: )
Description: Performance

Error: (05/27/2012 07:57:52 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl

Error: (05/27/2012 07:57:52 PM) (Source: LoadPerf)(User: )
Description: Performance

Error: (05/27/2012 05:05:39 AM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl

Error: (05/27/2012 05:05:39 AM) (Source: LoadPerf)(User: )
Description: Performance

Error: (05/26/2012 08:53:35 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl

Error: (05/26/2012 08:53:35 PM) (Source: LoadPerf)(User: )
Description: Performance

Error: (05/26/2012 08:50:01 PM) (Source: F-Secure Anti-Virus)(User: )
Description: 1 2012-05-26 20:50:00+01:00 CYNWYDLP CYNWYDLP\Administrator F-Secure Anti-Virus
Malicious code found in Master Boot Record of disk MBR (0x80).
Infection: Trojan:Boot/Mebroot.B


=========================== Installed Programs ============================

Adobe Acrobat 5.0 (Version: 5.0)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
All Day Battery Life Configuration (Version: 1.1.0)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
AuthenTec Fingerprint System (Version: 8.1.0.78)
BioAPI Framework (Version: 1.0.1)
biolsp patch (Version: 01.00.02.0005)
Bonjour (Version: 3.0.0.10)
Broadcom Management Programs (Version: 11.66.01)
Broadcom TPM Driver Installer (Version: 8.04.04)
Browser Address Error Redirector (Version: 1.00.0000)
Canon MF Toolbox 4.9.1.1.mf02 (Version: 2.1.0)
Canon MF3200 Series
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HDA D330 MDC V.92 Modem (Version: 7.74.00)
Dell Control Point (Version: 1.2.4)
Dell ControlPoint Connection Manager (Version: 1.0.4)
Dell ControlPoint Security Manager (Version: 1.2.4)
Dell ControlPoint System Manager (Version: 9.1.23)
Dell Embassy Trust Suite by Wave Systems (Version: 03.00.01.003)
Dell Security Device Driver Pack (Version: 1.00.23)
Dell Touchpad (Version: 7.2.101.209)
Dell Wireless WLAN Card Utility (Version: 4.170.77.13)
Digital Line Detect (Version: 1.21)
Document Manager Lite (Version: 06.07.00.104)
EasyBits GO
EMBASSY Security Center (Version: 03.07.00.074)
EMBASSY Security Setup (Version: 03.07.00.057)
EPSON Printer Software
ESC Home Page Plugin (Version: 03.02.00.028)
ESET Online Scanner v3
F-Secure PSC Prerequisites (Version: 1.0.5)
Gemalto (Version: 01.00.00.0010)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
IEPWriterV3
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet Explorer (Enable DEP)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 31 (Version: 6.0.310)
Kudlian Suite
Lernout & Hauspie TruVoice American English TTS Engine
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office XP Media Content (Version: 10.0.2619.0)
Microsoft Silverlight (Version: 5.0.61118.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.8.0)
Modem Diagnostic Tool (Version: 1.0.24.0)
Mouse Suite for Laptop Computers (Version: 2.50.024)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
NetWaiting (Version: 2.5.53)
NTRU TCG Software Stack (Version: 2.1.27)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
PowerDVD (Version: 8.1)
Preboot Manager (Version: 2.4.0.244)
Private Information Manager (Version: 06.02.00.053)
QuickTime (Version: 7.71.80.42)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator BDAV Plugin (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator DE (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Drag-to-Disc (Version: 9.1)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Secure Update (Version: 05.05.00.015)
Security Wizards (Version: 01.05.00.039)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.8 (Version: 5.8.158)
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
TalkTalk Assist & Go (Version: 4.0.28)
TalkTalk Security
Trusted Drive Manager (Version: 2.4.0.276)
tsp patch (Version: 01.00.00.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB972636) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951618-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
UPEK TouchChip Fingerprint Reader (Version: 1.0.0)
Wave Infrastructure Installer (Version: 06.00.34.0000)
Wave Support Software (Version: 05.08.00.052)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) (Version: 01/07/2008 1.0.1.5)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows Presentation Foundation (Version: 3.0.6920.0)
XML Paper Specification Shared Components Pack 1.0

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 66%
Total physical RAM: 979.1 MB
Available physical RAM: 325.57 MB
Total Pagefile: 2352.74 MB
Available Pagefile: 1762.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.19 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:111.68 GB) (Free:96.76 GB) NTFS
2 Drive d: (EPSON) (CDROM) (Total:0.24 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\CYNWYDLP

Administrator Guest HelpAssistant
ICTSupport SAVUpdate SUPPORT_388945a0
User

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
  • 0

Advertisements


#17
DragonFromWales

DragonFromWales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Can I also mention that I can now run the normal Windows; secondly, I still have a Trojan:Boot Mebroot.b comming up. Thanks for all your help.
  • 0

#18
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Warning!!
You have an information stealing trojan installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following.

  • All passwords should be changed to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.



Step 1.

Run the MebRoot/HelpAssistant Scan




We need to check the data for a couple of services that appear to be renamed and could be causing part of your problems.


Step 2.

Create and Run a Batch File

Please copy everything in the code box below into notepad. To do this highlight all text, then right click and click Copy.

@Echo Off
CLS
reg query "HKEY_LOCAL_MACHINE_\SYSTEM\CurrentControlSet\Services\xcpip" >> %UserProfile%\desktop\xcpip.txt
reg query "HKEY_LOCAL_MACHINE_\SYSTEM\CurrentControlSet\Services\xpsec" >> %UserProfile%\desktop\xpsec.txt
exit


  • Next, open Notepad in the Start Menu or in the Start Search box type notepad.exe and press the ENTER key. A notepad window will open.
  • Right click in the notepad window and click Paste, or put the cursor inside the notepad window and press the Ctrl-V keys to paste the text into notepad.
  • On the File menu, click Save
  • On the Save AS window that comes up, do the following:

  • On the left side, click the Desktop Icon. This will put "Desktop" in the Save In: box at the top.
  • At the bottom in the File Name: box type look.bat
  • In the Save as type: box, click the down arrow and click All Files(*.*)
  • Click Save


This will put a new file on the Desktop named look.bat

Close all open windows and any open Browsers.

Click the look.bat file on the desktop. A command window will open briefly, then close. This is quite normal.
There will be two files created on the desktop, xcpip.txt and xpsec.txt. Please post the contents of the two files in your next reply.


Step 3.

Download farbar service scanner to your desktop and then run it.

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply


Step 4.


Please post:

HAMeb check log
xcpip.txt
xpsec.txt
FSS.txt

  • 0

#19
DragonFromWales

DragonFromWales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
C:\Documents and Settings\Administrator\My Documents\Downloads\HAMeb_check.exe
30/05/2012 at 13:48:49.93

Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x856BEA28]<<
kernel: MBR read successfully
user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services


~~ EOF ~~
  • 0

#20
DragonFromWales

DragonFromWales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Farbar Service Scanner Version: 27-05-2012
Ran by Administrator (administrator) on 30-05-2012 at 16:39:29
Running from "C:\Documents and Settings\Administrator\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****
  • 0

#21
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Step 1.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • Get the report by selecting Reports

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 2.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    pchsvc.dll
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    C:\windows\*. /RP /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt
  • Post the log


Step 3.

Please post:

TDSSKiller log
OTL.txt

  • 0

#22
DragonFromWales

DragonFromWales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
07:35:08.0687 1796 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
07:35:09.0515 1796 ============================================================
07:35:09.0515 1796 Current date / time: 2012/05/31 07:35:09.0515
07:35:09.0515 1796 SystemInfo:
07:35:09.0515 1796
07:35:09.0515 1796 OS Version: 5.1.2600 ServicePack: 3.0
07:35:09.0515 1796 Product type: Workstation
07:35:09.0515 1796 ComputerName: CYNWYDLP
07:35:09.0515 1796 UserName: Administrator
07:35:09.0515 1796 Windows directory: C:\WINDOWS
07:35:09.0515 1796 System windows directory: C:\WINDOWS
07:35:09.0515 1796 Processor architecture: Intel x86
07:35:09.0515 1796 Number of processors: 1
07:35:09.0515 1796 Page size: 0x1000
07:35:09.0515 1796 Boot type: Normal boot
07:35:09.0515 1796 ============================================================
07:35:10.0093 1796 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:35:10.0093 1796 ============================================================
07:35:10.0093 1796 \Device\Harddisk0\DR0:
07:35:10.0093 1796 MBR partitions:
07:35:10.0093 1796 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x36E8E, BlocksNum 0xDF5C933
07:35:10.0093 1796 ============================================================
07:35:10.0187 1796 C: <-> \Device\Harddisk0\DR0\Partition0
07:35:10.0187 1796 ============================================================
07:35:10.0187 1796 Initialize success
07:35:10.0187 1796 ============================================================
07:35:54.0046 2520 ============================================================
07:35:54.0046 2520 Scan started
07:35:54.0046 2520 Mode: Manual; SigCheck; TDLFS;
07:35:54.0046 2520 ============================================================
07:35:55.0531 2520 Abiosdsk - ok
07:35:55.0562 2520 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
07:35:57.0328 2520 abp480n5 - ok
07:35:57.0359 2520 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:35:58.0453 2520 ACPI - ok
07:35:58.0468 2520 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
07:35:58.0765 2520 ACPIEC - ok
07:35:58.0859 2520 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:35:59.0281 2520 AdobeFlashPlayerUpdateSvc - ok
07:35:59.0312 2520 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:35:59.0703 2520 adpu160m - ok
07:35:59.0734 2520 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:36:00.0078 2520 aec - ok
07:36:00.0125 2520 AESTAud (fde8ed2c9280afb8975894aa78eef59f) C:\WINDOWS\system32\drivers\AESTAud.sys
07:36:00.0453 2520 AESTAud - ok
07:36:00.0484 2520 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
07:36:00.0953 2520 AFD - ok
07:36:01.0000 2520 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
07:36:01.0296 2520 agp440 - ok
07:36:01.0312 2520 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
07:36:01.0671 2520 agpCPQ - ok
07:36:01.0687 2520 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
07:36:01.0953 2520 Aha154x - ok
07:36:01.0953 2520 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:36:02.0250 2520 aic78u2 - ok
07:36:02.0265 2520 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:36:02.0453 2520 aic78xx - ok
07:36:02.0484 2520 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
07:36:02.0984 2520 Alerter - ok
07:36:03.0015 2520 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
07:36:03.0421 2520 ALG - ok
07:36:03.0453 2520 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
07:36:03.0640 2520 AliIde - ok
07:36:03.0656 2520 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
07:36:03.0906 2520 alim1541 - ok
07:36:03.0921 2520 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
07:36:04.0140 2520 amdagp - ok
07:36:04.0171 2520 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
07:36:04.0562 2520 amsint - ok
07:36:04.0609 2520 ApfiltrService (1de27858a431a5749e0f3df54ba935b9) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
07:36:04.0890 2520 ApfiltrService - ok
07:36:05.0000 2520 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:36:05.0421 2520 Apple Mobile Device - ok
07:36:05.0484 2520 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
07:36:05.0671 2520 AppMgmt - ok
07:36:05.0687 2520 aqflyh9w.sys - ok
07:36:05.0718 2520 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
07:36:06.0015 2520 Arp1394 - ok
07:36:06.0046 2520 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
07:36:06.0390 2520 asc - ok
07:36:06.0406 2520 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
07:36:06.0625 2520 asc3350p - ok
07:36:06.0640 2520 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
07:36:06.0843 2520 asc3550 - ok
07:36:06.0859 2520 asiavaona - ok
07:36:06.0953 2520 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:36:07.0218 2520 aspnet_state - ok
07:36:07.0218 2520 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:36:07.0484 2520 AsyncMac - ok
07:36:07.0531 2520 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:36:07.0875 2520 atapi - ok
07:36:07.0890 2520 Atdisk - ok
07:36:07.0890 2520 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:36:08.0109 2520 Atmarpc - ok
07:36:08.0265 2520 ATService (e8f76bae163650c6dc7e3abeb951a102) C:\Program Files\Fingerprint Sensor\AtService.exe
07:36:08.0640 2520 ATService - ok
07:36:08.0765 2520 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
07:36:09.0046 2520 AudioSrv - ok
07:36:09.0093 2520 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:36:09.0265 2520 audstub - ok
07:36:09.0328 2520 b57w2k (58911390115465bf6d8048f21f48655a) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
07:36:09.0468 2520 b57w2k - ok
07:36:09.0531 2520 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\MgmtAgent\BASFND.sys
07:36:09.0625 2520 BASFND ( UnsignedFile.Multi.Generic ) - warning
07:36:09.0625 2520 BASFND - detected UnsignedFile.Multi.Generic (1)
07:36:09.0734 2520 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
07:36:10.0046 2520 BCM43XX - ok
07:36:10.0062 2520 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:36:10.0250 2520 Beep - ok
07:36:10.0312 2520 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
07:36:10.0640 2520 BITS - ok
07:36:10.0671 2520 Blfp (9b53d428de0a2566a03499d7aa48dec4) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
07:36:10.0875 2520 Blfp - ok
07:36:10.0968 2520 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
07:36:11.0296 2520 Bonjour Service - ok
07:36:11.0343 2520 BrcmMgmtAgent (b45bb1781f0db38bdf52dd9277e53e4a) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
07:36:11.0406 2520 BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - warning
07:36:11.0406 2520 BrcmMgmtAgent - detected UnsignedFile.Multi.Generic (1)
07:36:11.0437 2520 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
07:36:11.0765 2520 Browser - ok
07:36:11.0843 2520 buttonsvc32 (4749020c47aa0f13f256d8f694751812) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
07:36:12.0046 2520 buttonsvc32 - ok
07:36:12.0093 2520 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
07:36:12.0234 2520 cbidf - ok
07:36:12.0250 2520 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:36:12.0359 2520 cbidf2k - ok
07:36:12.0375 2520 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:36:12.0562 2520 CCDECODE - ok
07:36:12.0578 2520 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
07:36:12.0687 2520 cd20xrnt - ok
07:36:12.0718 2520 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:36:12.0968 2520 Cdaudio - ok
07:36:13.0031 2520 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:36:13.0265 2520 Cdfs - ok
07:36:13.0296 2520 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:36:13.0468 2520 Cdrom - ok
07:36:13.0468 2520 Changer - ok
07:36:13.0515 2520 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
07:36:13.0750 2520 CiSvc - ok
07:36:13.0781 2520 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
07:36:13.0984 2520 ClipSrv - ok
07:36:14.0078 2520 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:36:14.0250 2520 clr_optimization_v2.0.50727_32 - ok
07:36:14.0265 2520 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
07:36:14.0453 2520 CmBatt - ok
07:36:14.0484 2520 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
07:36:14.0671 2520 CmdIde - ok
07:36:14.0703 2520 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
07:36:14.0843 2520 Compbatt - ok
07:36:14.0859 2520 COMSysApp - ok
07:36:14.0875 2520 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
07:36:15.0187 2520 Cpqarray - ok
07:36:15.0250 2520 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
07:36:15.0500 2520 CryptSvc - ok
07:36:15.0515 2520 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
07:36:15.0781 2520 dac2w2k - ok
07:36:15.0796 2520 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
07:36:15.0921 2520 dac960nt - ok
07:36:15.0984 2520 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
07:36:16.0156 2520 DcomLaunch - ok
07:36:16.0296 2520 dcpsysmgrsvc (4585a5a02186ee2b51254e70b304366d) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
07:36:16.0421 2520 dcpsysmgrsvc - ok
07:36:16.0468 2520 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
07:36:16.0703 2520 Dhcp - ok
07:36:16.0734 2520 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:36:16.0937 2520 Disk - ok
07:36:16.0968 2520 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
07:36:17.0046 2520 DLABMFSM - ok
07:36:17.0078 2520 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
07:36:17.0109 2520 DLABOIOM - ok
07:36:17.0140 2520 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
07:36:17.0203 2520 DLACDBHM - ok
07:36:17.0234 2520 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
07:36:17.0265 2520 DLADResM - ok
07:36:17.0281 2520 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
07:36:17.0375 2520 DLAIFS_M - ok
07:36:17.0390 2520 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
07:36:17.0468 2520 DLAOPIOM - ok
07:36:17.0468 2520 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
07:36:17.0515 2520 DLAPoolM - ok
07:36:17.0531 2520 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
07:36:17.0578 2520 DLARTL_M - ok
07:36:17.0593 2520 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
07:36:17.0671 2520 DLAUDFAM - ok
07:36:17.0687 2520 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
07:36:17.0718 2520 DLAUDF_M - ok
07:36:17.0734 2520 dmadmin - ok
07:36:17.0812 2520 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:36:18.0046 2520 dmboot - ok
07:36:18.0093 2520 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:36:18.0296 2520 dmio - ok
07:36:18.0312 2520 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:36:18.0453 2520 dmload - ok
07:36:18.0484 2520 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
07:36:18.0750 2520 dmserver - ok
07:36:18.0781 2520 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:36:19.0046 2520 DMusic - ok
07:36:19.0078 2520 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
07:36:19.0234 2520 Dnscache - ok
07:36:19.0265 2520 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
07:36:19.0421 2520 Dot3svc - ok
07:36:19.0468 2520 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:36:19.0578 2520 dpti2o - ok
07:36:19.0593 2520 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:36:19.0718 2520 drmkaud - ok
07:36:19.0765 2520 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
07:36:19.0921 2520 DRVMCDB - ok
07:36:19.0937 2520 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
07:36:20.0015 2520 DRVNDDM - ok
07:36:20.0046 2520 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
07:36:20.0234 2520 EapHost - ok
07:36:20.0265 2520 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
07:36:20.0453 2520 ERSvc - ok
07:36:20.0484 2520 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
07:36:20.0593 2520 Eventlog - ok
07:36:20.0640 2520 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
07:36:20.0718 2520 EventSystem - ok
07:36:20.0875 2520 F-Secure Gatekeeper (66422dc3faa1de433371816056d28270) C:\Program Files\TalkTalk\Security\Anti-Virus\minifilter\fsgk.sys
07:36:20.0984 2520 F-Secure Gatekeeper - ok
07:36:21.0031 2520 F-Secure Gatekeeper Handler Starter (a9be66e05254b20df82e0f7cddeca7dd) C:\Program Files\TalkTalk\Security\Anti-Virus\fsgk32st.exe
07:36:21.0203 2520 F-Secure Gatekeeper Handler Starter - ok
07:36:21.0265 2520 F-Secure HIPS (f5aca65237c7511d5803cdc5e7003d75) C:\Program Files\TalkTalk\Security\HIPS\drivers\fshs.sys
07:36:21.0343 2520 F-Secure HIPS - ok
07:36:21.0390 2520 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:36:21.0609 2520 Fastfat - ok
07:36:21.0640 2520 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:36:21.0781 2520 FastUserSwitchingCompatibility - ok
07:36:21.0828 2520 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
07:36:22.0078 2520 Fax - ok
07:36:22.0109 2520 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
07:36:22.0250 2520 Fdc - ok
07:36:22.0281 2520 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:36:22.0453 2520 Fips - ok
07:36:22.0468 2520 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
07:36:22.0640 2520 Flpydisk - ok
07:36:22.0656 2520 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
07:36:22.0843 2520 FltMgr - ok
07:36:22.0968 2520 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:36:23.0156 2520 FontCache3.0.0.0 - ok
07:36:23.0187 2520 fsbts (1d2de58a837e6909f98ca35103d10739) C:\WINDOWS\system32\Drivers\fsbts.sys
07:36:23.0250 2520 fsbts - ok
07:36:23.0296 2520 FSDFWD (8e0bf7478cc3baed48282adbc97adafb) C:\Program Files\TalkTalk\Security\FWES\Program\fsdfwd.exe
07:36:23.0468 2520 FSDFWD - ok
07:36:23.0500 2520 FSFW (aca3910a53a057b8c3a6ebf4ef788c7c) C:\WINDOWS\system32\drivers\fsdfw.sys
07:36:23.0546 2520 FSFW - ok
07:36:23.0640 2520 FSMA (392e85687a902239c01baddf212b1a36) C:\Program Files\TalkTalk\Security\Common\FSMA32.EXE
07:36:23.0781 2520 FSMA - ok
07:36:23.0843 2520 FSORSPClient (42aef6a385354aca65fc210ce7ce4d7c) C:\Program Files\TalkTalk\Security\ORSP Client\fsorsp.exe
07:36:23.0921 2520 FSORSPClient - ok
07:36:23.0937 2520 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:36:24.0125 2520 Fs_Rec - ok
07:36:24.0171 2520 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:36:24.0359 2520 Ftdisk - ok
07:36:24.0390 2520 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:36:24.0562 2520 Gpc - ok
07:36:24.0625 2520 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
07:36:24.0968 2520 gupdate - ok
07:36:24.0984 2520 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
07:36:25.0031 2520 gupdatem - ok
07:36:25.0078 2520 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:36:25.0281 2520 gusvc - ok
07:36:25.0328 2520 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:36:25.0484 2520 HDAudBus - ok
07:36:25.0531 2520 helpsvc - ok
07:36:25.0578 2520 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
07:36:25.0750 2520 HidServ - ok
07:36:25.0765 2520 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:36:25.0906 2520 hidusb - ok
07:36:25.0953 2520 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
07:36:26.0140 2520 hkmsvc - ok
07:36:26.0156 2520 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
07:36:26.0296 2520 hpn - ok
07:36:26.0375 2520 HSFHWAZL (7290fb97535c317a237d4c73149c7e2c) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
07:36:26.0515 2520 HSFHWAZL - ok
07:36:26.0609 2520 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
07:36:26.0750 2520 HSF_DPV - ok
07:36:26.0781 2520 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:36:26.0859 2520 HTTP - ok
07:36:26.0906 2520 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
07:36:27.0062 2520 HTTPFilter - ok
07:36:27.0093 2520 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
07:36:27.0312 2520 i2omgmt - ok
07:36:27.0328 2520 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
07:36:27.0468 2520 i2omp - ok
07:36:27.0500 2520 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:36:27.0687 2520 i8042prt - ok
07:36:27.0812 2520 IAANTMON (f148c2e931bfc20397edc0a7b4f8e22b) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
07:36:27.0937 2520 IAANTMON - ok
07:36:28.0500 2520 ialm (4f3139829f1ac202ff0d29c2fd6c15b6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
07:36:28.0921 2520 ialm - ok
07:36:29.0078 2520 iaStor (692830b048aacd7e0d6ededf098acc01) C:\WINDOWS\system32\drivers\iaStor.sys
07:36:29.0156 2520 iaStor - ok
07:36:29.0312 2520 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:36:29.0562 2520 idsvc - ok
07:36:29.0593 2520 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:36:29.0796 2520 Imapi - ok
07:36:29.0843 2520 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
07:36:30.0171 2520 ImapiService - ok
07:36:30.0218 2520 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
07:36:30.0406 2520 ini910u - ok
07:36:30.0437 2520 IntcHdmiAddService (64c301d73db18ebdc8680ca82d82af2d) C:\WINDOWS\system32\drivers\IntcHdmi.sys
07:36:30.0515 2520 IntcHdmiAddService - ok
07:36:30.0515 2520 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
07:36:30.0671 2520 IntelIde - ok
07:36:30.0718 2520 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:36:30.0890 2520 intelppm - ok
07:36:30.0890 2520 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
07:36:31.0031 2520 Ip6Fw - ok
07:36:31.0046 2520 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:36:31.0234 2520 IpFilterDriver - ok
07:36:31.0250 2520 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:36:31.0421 2520 IpInIp - ok
07:36:31.0437 2520 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:36:31.0593 2520 IpNat - ok
07:36:31.0609 2520 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:36:31.0765 2520 IPSec - ok
07:36:31.0781 2520 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:36:31.0843 2520 IRENUM - ok
07:36:31.0875 2520 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:36:31.0984 2520 isapnp - ok
07:36:32.0046 2520 ISWKL - ok
07:36:32.0156 2520 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
07:36:32.0281 2520 JavaQuickStarterService - ok
07:36:32.0328 2520 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:36:32.0453 2520 Kbdclass - ok
07:36:32.0468 2520 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:36:32.0578 2520 kbdhid - ok
07:36:32.0609 2520 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:36:32.0828 2520 kmixer - ok
07:36:32.0875 2520 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:36:33.0000 2520 KSecDD - ok
07:36:33.0046 2520 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
07:36:33.0187 2520 LanmanServer - ok
07:36:33.0234 2520 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
07:36:33.0359 2520 lanmanworkstation - ok
07:36:33.0375 2520 lbrtfdc - ok
07:36:33.0406 2520 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
07:36:33.0578 2520 LmHosts - ok
07:36:33.0656 2520 MatSvc (ddf15a42e27e8efe27b18fd403151a86) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
07:36:33.0875 2520 MatSvc - ok
07:36:33.0984 2520 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
07:36:34.0125 2520 MDM - ok
07:36:34.0156 2520 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
07:36:34.0265 2520 mdmxsdk - ok
07:36:34.0296 2520 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
07:36:34.0468 2520 Messenger - ok
07:36:34.0531 2520 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:36:34.0750 2520 mnmdd - ok
07:36:34.0796 2520 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
07:36:35.0015 2520 mnmsrvc - ok
07:36:35.0062 2520 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:36:35.0203 2520 Modem - ok
07:36:35.0265 2520 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:36:35.0375 2520 Mouclass - ok
07:36:35.0390 2520 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:36:35.0562 2520 mouhid - ok
07:36:35.0578 2520 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:36:35.0750 2520 MountMgr - ok
07:36:35.0796 2520 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:36:35.0906 2520 MozillaMaintenance - ok
07:36:35.0937 2520 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
07:36:36.0078 2520 mraid35x - ok
07:36:36.0109 2520 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:36:36.0312 2520 MRxDAV - ok
07:36:36.0375 2520 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:36:36.0734 2520 MRxSmb - ok
07:36:36.0765 2520 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
07:36:36.0968 2520 MSDTC - ok
07:36:36.0984 2520 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:36:37.0140 2520 Msfs - ok
07:36:37.0156 2520 MSIServer - ok
07:36:37.0203 2520 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:36:37.0375 2520 MSKSSRV - ok
07:36:37.0390 2520 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:36:37.0500 2520 MSPCLOCK - ok
07:36:37.0515 2520 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:36:37.0671 2520 MSPQM - ok
07:36:37.0687 2520 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:36:37.0828 2520 mssmbios - ok
07:36:37.0859 2520 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
07:36:38.0046 2520 MSTEE - ok
07:36:38.0062 2520 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
07:36:38.0156 2520 Mup - ok
07:36:38.0187 2520 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
07:36:38.0312 2520 NABTSFEC - ok
07:36:38.0375 2520 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
07:36:38.0531 2520 napagent - ok
07:36:38.0578 2520 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:36:38.0750 2520 NDIS - ok
07:36:38.0750 2520 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
07:36:38.0875 2520 NdisIP - ok
07:36:38.0906 2520 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:36:39.0000 2520 NdisTapi - ok
07:36:39.0015 2520 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:36:39.0156 2520 Ndisuio - ok
07:36:39.0171 2520 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:36:39.0375 2520 NdisWan - ok
07:36:39.0390 2520 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
07:36:39.0468 2520 NDProxy - ok
07:36:39.0484 2520 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:36:39.0609 2520 NetBIOS - ok
07:36:39.0640 2520 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:36:39.0828 2520 NetBT - ok
07:36:39.0875 2520 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
07:36:40.0171 2520 NetDDE - ok
07:36:40.0187 2520 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
07:36:40.0312 2520 NetDDEdsdm - ok
07:36:40.0343 2520 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:36:40.0500 2520 Netlogon - ok
07:36:40.0531 2520 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
07:36:40.0718 2520 Netman - ok
07:36:40.0828 2520 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:36:40.0859 2520 NetTcpPortSharing - ok
07:36:40.0890 2520 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
07:36:41.0031 2520 NIC1394 - ok
07:36:41.0078 2520 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
07:36:41.0203 2520 Nla - ok
07:36:41.0234 2520 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:36:41.0406 2520 Npfs - ok
07:36:41.0484 2520 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:36:41.0671 2520 Ntfs - ok
07:36:41.0703 2520 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:36:41.0812 2520 NtLmSsp - ok
07:36:41.0859 2520 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
07:36:42.0046 2520 NtmsSvc - ok
07:36:42.0078 2520 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:36:42.0281 2520 Null - ok
07:36:42.0296 2520 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:36:42.0468 2520 NwlnkFlt - ok
07:36:42.0468 2520 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:36:42.0671 2520 NwlnkFwd - ok
07:36:42.0703 2520 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
07:36:42.0812 2520 ohci1394 - ok
07:36:42.0875 2520 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:36:42.0968 2520 ose - ok
07:36:42.0984 2520 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
07:36:43.0140 2520 Parport - ok
07:36:43.0140 2520 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:36:43.0312 2520 PartMgr - ok
07:36:43.0312 2520 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:36:43.0484 2520 ParVdm - ok
07:36:43.0500 2520 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
07:36:43.0578 2520 PBADRV - ok
07:36:43.0609 2520 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:36:43.0718 2520 PCI - ok
07:36:43.0734 2520 PCIDump - ok
07:36:43.0734 2520 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:36:43.0843 2520 PCIIde - ok
07:36:43.0859 2520 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
07:36:44.0000 2520 Pcmcia - ok
07:36:44.0000 2520 PDCOMP - ok
07:36:44.0015 2520 PDFRAME - ok
07:36:44.0015 2520 PDRELI - ok
07:36:44.0031 2520 PDRFRAME - ok
07:36:44.0031 2520 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
07:36:44.0140 2520 perc2 - ok
07:36:44.0156 2520 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
07:36:44.0265 2520 perc2hib - ok
07:36:44.0328 2520 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
07:36:44.0390 2520 PlugPlay - ok
07:36:44.0406 2520 pmxmouse (fab495f1defeb596c44b9752a25e2a60) C:\WINDOWS\system32\DRIVERS\pmxmouse.sys
07:36:44.0500 2520 pmxmouse - ok
07:36:44.0515 2520 pmxusblf (1971e853b598bf9baabff2b652e5cd4d) C:\WINDOWS\system32\DRIVERS\pmxusblf.sys
07:36:44.0546 2520 pmxusblf - ok
07:36:44.0562 2520 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:36:44.0671 2520 PolicyAgent - ok
07:36:44.0703 2520 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:36:44.0875 2520 PptpMiniport - ok
07:36:44.0875 2520 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:36:44.0984 2520 ProtectedStorage - ok
07:36:45.0000 2520 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:36:45.0109 2520 PSched - ok
07:36:45.0125 2520 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:36:45.0312 2520 Ptilink - ok
07:36:45.0343 2520 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:36:45.0421 2520 PxHelp20 - ok
07:36:45.0468 2520 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
07:36:45.0625 2520 ql1080 - ok
07:36:45.0640 2520 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
07:36:45.0781 2520 Ql10wnt - ok
07:36:45.0796 2520 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
07:36:45.0937 2520 ql12160 - ok
07:36:45.0937 2520 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
07:36:46.0093 2520 ql1240 - ok
07:36:46.0125 2520 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
07:36:46.0250 2520 ql1280 - ok
07:36:46.0281 2520 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:36:46.0437 2520 RasAcd - ok
07:36:46.0500 2520 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
07:36:46.0656 2520 RasAuto - ok
07:36:46.0671 2520 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:36:46.0812 2520 Rasl2tp - ok
07:36:46.0843 2520 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
07:36:46.0968 2520 RasMan - ok
07:36:46.0984 2520 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:36:47.0156 2520 RasPppoe - ok
07:36:47.0171 2520 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:36:47.0375 2520 Raspti - ok
07:36:47.0406 2520 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:36:47.0718 2520 Rdbss - ok
07:36:47.0734 2520 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:36:47.0890 2520 RDPCDD - ok
07:36:47.0906 2520 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:36:48.0109 2520 rdpdr - ok
07:36:48.0171 2520 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
07:36:48.0265 2520 RDPWD - ok
07:36:48.0296 2520 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
07:36:48.0640 2520 RDSessMgr - ok
07:36:48.0656 2520 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:36:48.0890 2520 redbook - ok
07:36:48.0953 2520 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
07:36:49.0156 2520 RemoteAccess - ok
07:36:49.0203 2520 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
07:36:49.0375 2520 RemoteRegistry - ok
07:36:49.0437 2520 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
07:36:49.0734 2520 rimmptsk - ok
07:36:49.0781 2520 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
07:36:49.0937 2520 RpcLocator - ok
07:36:49.0984 2520 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
07:36:50.0046 2520 RpcSs - ok
07:36:50.0093 2520 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
07:36:50.0296 2520 RSVP - ok
07:36:50.0312 2520 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:36:50.0437 2520 SamSs - ok
07:36:50.0468 2520 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
07:36:50.0687 2520 SCardSvr - ok
07:36:50.0750 2520 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
07:36:50.0906 2520 Schedule - ok
07:36:50.0937 2520 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
07:36:51.0109 2520 sdbus - ok
07:36:51.0125 2520 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:36:51.0218 2520 Secdrv - ok
07:36:51.0250 2520 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
07:36:51.0359 2520 seclogon - ok
07:36:51.0500 2520 SecureStorageService (e80163f46ae96cc0a05fb9f3f55deb18) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
07:36:51.0828 2520 SecureStorageService ( UnsignedFile.Multi.Generic ) - warning
07:36:51.0828 2520 SecureStorageService - detected UnsignedFile.Multi.Generic (1)
07:36:51.0859 2520 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
07:36:52.0125 2520 SENS - ok
07:36:52.0140 2520 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
07:36:52.0265 2520 Serenum - ok
07:36:52.0281 2520 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
07:36:52.0468 2520 Serial - ok
07:36:52.0515 2520 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:36:52.0671 2520 Sfloppy - ok
07:36:52.0734 2520 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
07:36:52.0906 2520 SharedAccess - ok
07:36:52.0953 2520 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:36:52.0984 2520 ShellHWDetection - ok
07:36:52.0984 2520 Simbad - ok
07:36:53.0015 2520 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
07:36:53.0203 2520 sisagp - ok
07:36:53.0296 2520 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
07:36:53.0750 2520 SkypeUpdate - ok
07:36:53.0781 2520 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
07:36:53.0921 2520 SLIP - ok
07:36:54.0015 2520 SMManager (142eb9dfed214c274d862d3d17e4498b) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
07:36:54.0156 2520 SMManager ( UnsignedFile.Multi.Generic ) - warning
07:36:54.0156 2520 SMManager - detected UnsignedFile.Multi.Generic (1)
07:36:54.0203 2520 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
07:36:54.0312 2520 Sparrow - ok
07:36:54.0343 2520 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:36:54.0453 2520 splitter - ok
07:36:54.0500 2520 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
07:36:54.0625 2520 Spooler - ok
07:36:54.0750 2520 sprtsvc_TalkTalk (0d77554b62a9090eb05ecbb96058646e) C:\Program Files\TalkTalk\bin\sprtsvc.exe
07:36:54.0859 2520 sprtsvc_TalkTalk - ok
07:36:54.0890 2520 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:36:54.0968 2520 sr - ok
07:36:55.0015 2520 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
07:36:55.0203 2520 srservice - ok
07:36:55.0234 2520 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
07:36:55.0343 2520 Srv - ok
07:36:55.0375 2520 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
07:36:55.0468 2520 SSDPSRV - ok
07:36:55.0531 2520 STacSV (12898d947cfcb36cb7a43e8f86a53cbc) c:\drivers\audio\r190031\stacsv.exe
07:36:55.0687 2520 STacSV - ok
07:36:55.0812 2520 STHDA (503a4536c83e041ddcdf75b38cd5ecf7) C:\WINDOWS\system32\drivers\sthda.sys
07:36:55.0953 2520 STHDA - ok
07:36:56.0109 2520 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
07:36:56.0265 2520 stisvc - ok
07:36:56.0312 2520 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
07:36:56.0375 2520 stllssvr ( UnsignedFile.Multi.Generic ) - warning
07:36:56.0375 2520 stllssvr - detected UnsignedFile.Multi.Generic (1)
07:36:56.0421 2520 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
07:36:56.0546 2520 streamip - ok
07:36:56.0625 2520 SupportSoft RemoteAssist (882fc174ac21c536e41351aff58a7d7d) C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
07:36:56.0703 2520 SupportSoft RemoteAssist - ok
07:36:56.0734 2520 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:36:56.0843 2520 swenum - ok
07:36:56.0906 2520 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:36:57.0046 2520 swmidi - ok
07:36:57.0046 2520 SwPrv - ok
07:36:57.0062 2520 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
07:36:57.0250 2520 symc810 - ok
07:36:57.0265 2520 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
07:36:57.0390 2520 symc8xx - ok
07:36:57.0390 2520 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
07:36:57.0500 2520 sym_hi - ok
07:36:57.0515 2520 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
07:36:57.0687 2520 sym_u3 - ok
07:36:57.0734 2520 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:36:57.0843 2520 sysaudio - ok
07:36:57.0906 2520 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
07:36:58.0109 2520 SysmonLog - ok
07:36:58.0156 2520 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
07:36:58.0312 2520 TapiSrv - ok
07:36:58.0375 2520 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:36:58.0453 2520 Tcpip - ok
07:36:58.0609 2520 tcsd_win32.exe (ba9202e263a6fc1ffd7889fea186a2c4) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
07:36:58.0781 2520 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - warning
07:36:58.0781 2520 tcsd_win32.exe - detected UnsignedFile.Multi.Generic (1)
07:36:58.0890 2520 TdmService (ea63bf38938ad9917beb1846d6d15c84) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
07:36:59.0015 2520 TdmService ( UnsignedFile.Multi.Generic ) - warning
07:36:59.0015 2520 TdmService - detected UnsignedFile.Multi.Generic (1)
07:36:59.0187 2520 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:36:59.0328 2520 TDPIPE - ok
07:36:59.0359 2520 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:36:59.0468 2520 TDTCP - ok
07:36:59.0531 2520 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:36:59.0671 2520 TermDD - ok
07:36:59.0718 2520 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
07:36:59.0953 2520 TermService - ok
07:37:00.0031 2520 tgsrvc_TalkTalk (0e8be65daa22027624a7289090e3841e) C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
07:37:00.0125 2520 tgsrvc_TalkTalk - ok
07:37:00.0156 2520 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:37:00.0203 2520 Themes - ok
07:37:00.0234 2520 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
07:37:00.0375 2520 TlntSvr - ok
07:37:00.0375 2520 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
07:37:00.0484 2520 TosIde - ok
07:37:00.0531 2520 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
07:37:00.0671 2520 TrkWks - ok
07:37:00.0687 2520 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:37:00.0859 2520 Udfs - ok
07:37:00.0859 2520 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
07:37:00.0968 2520 ultra - ok
07:37:00.0984 2520 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:37:01.0171 2520 Update - ok
07:37:01.0203 2520 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
07:37:01.0343 2520 upnphost - ok
07:37:01.0359 2520 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
07:37:01.0468 2520 UPS - ok
07:37:01.0500 2520 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
07:37:01.0625 2520 usbaudio - ok
07:37:01.0640 2520 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:37:01.0734 2520 usbccgp - ok
07:37:01.0750 2520 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:37:01.0875 2520 usbehci - ok
07:37:01.0890 2520 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:37:02.0046 2520 usbhub - ok
07:37:02.0078 2520 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:37:02.0203 2520 usbprint - ok
07:37:02.0234 2520 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:37:02.0390 2520 usbscan - ok
07:37:02.0437 2520 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:37:02.0562 2520 USBSTOR - ok
07:37:02.0593 2520 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:37:02.0718 2520 usbuhci - ok
07:37:02.0734 2520 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
07:37:02.0859 2520 usbvideo - ok
07:37:02.0890 2520 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:37:03.0015 2520 VgaSave - ok
07:37:03.0046 2520 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
07:37:03.0218 2520 viaagp - ok
07:37:03.0218 2520 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
07:37:03.0343 2520 ViaIde - ok
07:37:03.0375 2520 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:37:03.0593 2520 VolSnap - ok
07:37:03.0656 2520 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
07:37:03.0812 2520 VSS - ok
07:37:03.0859 2520 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
07:37:03.0984 2520 w32time - ok
07:37:04.0000 2520 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:37:04.0125 2520 Wanarp - ok
07:37:04.0171 2520 WavxDMgr (0be8dd6c95c5bdff9c5f3fa8095d304c) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
07:37:04.0203 2520 WavxDMgr - ok
07:37:04.0265 2520 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
07:37:04.0343 2520 Wdf01000 - ok
07:37:04.0343 2520 WDICA - ok
07:37:04.0375 2520 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:37:04.0531 2520 wdmaud - ok
07:37:04.0562 2520 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
07:37:04.0687 2520 WebClient - ok
07:37:04.0750 2520 winachsf (92ce6497076eac3083185c44157b3a46) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
07:37:04.0906 2520 winachsf - ok
07:37:04.0968 2520 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
07:37:05.0093 2520 winmgmt - ok
07:37:05.0109 2520 wltrysvc - ok
07:37:05.0140 2520 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
07:37:05.0281 2520 WmdmPmSN - ok
07:37:05.0343 2520 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
07:37:05.0468 2520 Wmi - ok
07:37:05.0546 2520 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
07:37:05.0687 2520 WmiAcpi - ok
07:37:05.0734 2520 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:37:05.0859 2520 WmiApSrv - ok
07:37:06.0031 2520 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
07:37:06.0218 2520 WMPNetworkSvc - ok
07:37:06.0281 2520 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
07:37:06.0390 2520 wscsvc - ok
07:37:06.0437 2520 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
07:37:06.0625 2520 WSTCODEC - ok
07:37:06.0656 2520 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
07:37:06.0781 2520 wuauserv - ok
07:37:06.0812 2520 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:37:06.0875 2520 WudfPf - ok
07:37:06.0921 2520 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:37:07.0015 2520 WudfRd - ok
07:37:07.0046 2520 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
07:37:07.0078 2520 WudfSvc - ok
07:37:07.0125 2520 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
07:37:07.0296 2520 WZCSVC - ok
07:37:07.0296 2520 xcpip - ok
07:37:07.0343 2520 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
07:37:07.0453 2520 xmlprov - ok
07:37:07.0468 2520 xpsec - ok
07:37:07.0484 2520 MBR (0x1B8) (199d66d15be31321331253788f490d3d) \Device\Harddisk0\DR0
07:37:07.0484 2520 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
07:37:07.0484 2520 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
07:37:07.0593 2520 Boot (0x1200) (9cd24a1941eaf6600f0b169a5c0aa811) \Device\Harddisk0\DR0\Partition0
07:37:07.0593 2520 \Device\Harddisk0\DR0\Partition0 - ok
07:37:07.0593 2520 ============================================================
07:37:07.0593 2520 Scan finished
07:37:07.0593 2520 ============================================================
07:37:07.0703 3108 Detected object count: 8
07:37:07.0703 3108 Actual detected object count: 8
07:39:08.0640 3108 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user
07:39:08.0640 3108 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:39:08.0640 3108 BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - skipped by user
07:39:08.0640 3108 BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:39:08.0640 3108 SecureStorageService ( UnsignedFile.Multi.Generic ) - skipped by user
07:39:08.0640 3108 SecureStorageService ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:39:08.0640 3108 SMManager ( UnsignedFile.Multi.Generic ) - skipped by user
07:39:08.0640 3108 SMManager ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:39:08.0640 3108 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
07:39:08.0640 3108 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:39:08.0640 3108 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - skipped by user
07:39:08.0640 3108 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:39:08.0640 3108 TdmService ( UnsignedFile.Multi.Generic ) - skipped by user
07:39:08.0640 3108 TdmService ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:39:09.0250 3108 \Device\Harddisk0\DR0\# - copied to quarantine
07:39:09.0250 3108 \Device\Harddisk0\DR0 - copied to quarantine
07:39:09.0250 3108 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
07:39:09.0265 3108 \Device\Harddisk0\DR0 - ok
07:39:09.0265 3108 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
07:39:12.0890 1868 Deinitialize success
  • 0

#23
DragonFromWales

DragonFromWales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
OTL logfile created on: 31/05/2012 07:48:43 - Run 8
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

979.10 Mb Total Physical Memory | 446.63 Mb Available Physical Memory | 45.62% Memory free
2.30 Gb Paging File | 1.79 Gb Available in Paging File | 77.90% Paging File free
Paging file location(s): C:\pagefile.sys 1464 2928 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.68 Gb Total Space | 96.72 Gb Free Space | 86.60% Space Free | Partition Type: NTFS
Drive D: | 243.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CYNWYDLP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/31 07:46:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/05/30 08:48:01 | 001,028,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files\TalkTalk\Security\Anti-Virus\fssm32.exe
PRC - [2012/05/30 08:47:53 | 000,561,832 | ---- | M] (F-Secure Corporation) -- C:\Program Files\TalkTalk\Security\Anti-Virus\fsgk32.exe
PRC - [2012/05/23 19:18:23 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/08 20:51:46 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files\TalkTalk\Security\Anti-Virus\fsav32.exe
PRC - [2011/09/09 20:19:46 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\TalkTalk\Security\FWES\program\fsdfwd.exe
PRC - [2011/09/09 19:54:15 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\TalkTalk\Security\ORSP Client\fsorsp.exe
PRC - [2009/08/05 16:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\TalkTalk\Security\Common\FSMA32.EXE
PRC - [2009/08/05 16:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\TalkTalk\Security\Common\FSM32.EXE
PRC - [2009/08/05 16:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\TalkTalk\Security\Common\FSHDLL32.EXE
PRC - [2009/08/05 16:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\TalkTalk\Security\Anti-Virus\fsgk32st.exe
PRC - [2008/09/09 15:21:16 | 000,069,632 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2008/08/18 11:39:28 | 000,455,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2008/07/01 19:57:10 | 000,110,592 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
PRC - [2008/06/30 22:59:52 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/06/30 22:59:30 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/06/30 22:59:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/06/30 22:59:26 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/06/30 22:18:24 | 000,221,273 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R190031\stacsv.exe
PRC - [2008/06/30 22:18:22 | 000,466,944 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/06/24 08:16:50 | 000,243,000 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2008/06/15 07:12:20 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/15 07:12:18 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/06/12 09:59:58 | 000,786,432 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2008/06/11 12:39:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/06/03 16:28:50 | 000,386,328 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/14 18:42:16 | 000,105,472 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/12 09:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe
PRC - [2007/08/02 14:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe
PRC - [2006/11/08 16:01:54 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/23 19:18:22 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/12 19:38:50 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
MOD - [2012/05/12 19:38:17 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
MOD - [2012/05/12 19:37:48 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll
MOD - [2012/05/12 19:37:34 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/12 19:37:20 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/09 19:52:12 | 000,030,888 | ---- | M] () -- C:\Program Files\TalkTalk\Security\Anti-Virus\minifilter\hashlib_x86.dll
MOD - [2009/08/05 16:59:08 | 000,199,264 | ---- | M] () -- C:\Program Files\TalkTalk\Security\Spam Control\fsas.dll
MOD - [2009/08/05 16:59:02 | 000,001,536 | ---- | M] () -- C:\Program Files\TalkTalk\Security\FSPC\fspcfsm.eng
MOD - [2009/08/05 16:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files\talktalk\security\hips\fshook32.dll
MOD - [2009/08/05 16:58:30 | 000,236,128 | ---- | M] () -- \\?\c:\program files\talktalk\security\hips\fsumi.dll
MOD - [2009/08/05 16:57:04 | 000,081,920 | ---- | M] () -- C:\Program Files\TalkTalk\Security\FSGUI\strres.eng
MOD - [2009/08/05 16:56:50 | 000,045,056 | ---- | M] () -- C:\Program Files\TalkTalk\Security\FSGUI\fsavures.eng
MOD - [2009/08/05 16:56:32 | 000,838,240 | ---- | M] () -- C:\Program Files\TalkTalk\Security\FSGUI\about.dll
MOD - [2009/08/05 16:56:32 | 000,088,672 | ---- | M] () -- C:\Program Files\TalkTalk\Security\FSGUI\aboutres.dll
MOD - [2009/08/05 16:56:08 | 000,036,864 | ---- | M] () -- C:\Program Files\TalkTalk\Security\Anti-Virus\fsavhres.eng
MOD - [2008/09/09 15:20:40 | 000,393,216 | ---- | M] () -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMProfileManager.dll
MOD - [2008/09/09 15:17:44 | 000,483,328 | ---- | M] () -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMMessages.dll
MOD - [2008/06/19 02:19:56 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2008/06/19 02:19:00 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2008/05/14 18:40:30 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2007/07/23 16:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- %SystemRoot%\system32\wbem\WMIsvc.dllf -- (winmgmt)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll憎႕吀污呫污k⠀̀Ѐ⢾툿뾖⽀ᐶ [WARNING: %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll??????k?`???????] -- (helpsvc)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\glrsyfa.dll -- (asiavaona)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\system32\alrsvc.dllsh\flashplayerupdateservice.exe -- (Alerter)
SRV - [2012/05/23 19:18:23 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/08 06:12:14 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/21 02:40:23 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/09/09 20:19:46 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\TalkTalk\Security\FWES\program\fsdfwd.exe -- (FSDFWD)
SRV - [2011/09/09 19:54:15 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\TalkTalk\Security\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/02/17 22:17:12 | 000,182,768 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2011/02/17 22:16:55 | 000,136,176 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdatem) Google Update Service (gupdatem)
SRV - [2011/02/17 22:16:55 | 000,136,176 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/08/05 16:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\TalkTalk\Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 16:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\TalkTalk\Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2008/09/09 15:21:16 | 000,069,632 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2008/08/18 11:39:28 | 000,455,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2008/07/29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/01 19:57:10 | 000,110,592 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV - [2008/06/30 22:18:24 | 000,221,273 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R190031\stacsv.exe -- (STacSV)
SRV - [2008/06/15 07:12:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/06/12 09:59:58 | 000,786,432 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2008/06/11 12:39:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/06/03 16:28:50 | 000,386,328 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/04/25 16:45:40 | 000,638,976 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/04/14 13:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/14 13:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/14 13:00:00 | 000,073,216 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008/04/14 13:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2008/04/14 13:00:00 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/14 13:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/14 13:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/14 13:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2008/03/10 16:48:48 | 001,249,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/10/12 09:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\TalkTalk\bin\sprtsvc.exe -- (sprtsvc_TalkTalk) SupportSoft Sprocket Service (TalkTalk)
SRV - [2007/08/02 14:42:16 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/08/02 14:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- (tgsrvc_TalkTalk) SupportSoft Repair Service (TalkTalk)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aqflyh9w.sys -- (aqflyh9w.sys)
DRV - [2012/05/30 08:48:43 | 000,149,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\TalkTalk\Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2012/05/09 19:58:42 | 000,044,184 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts)
DRV - [2011/09/09 20:20:33 | 000,082,120 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009/08/05 16:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\TalkTalk\Security\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2008/09/17 05:03:02 | 000,110,080 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/09/10 23:18:18 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/07/12 14:58:08 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BASFND.sys -- (BASFND)
DRV - [2008/07/01 23:42:28 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/06/30 22:59:26 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/06/30 22:18:26 | 001,381,914 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/06/30 22:18:22 | 000,108,160 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/06/24 08:16:52 | 000,172,344 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2008/06/22 10:42:40 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/06/22 10:42:40 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/06/22 10:42:40 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/06/19 02:19:46 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/06/06 10:15:40 | 000,098,816 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2008/06/04 15:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2008/04/14 13:11:24 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/04/14 13:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/14 13:10:32 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde)
DRV - [2008/04/14 13:10:30 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2008/04/14 13:06:42 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\VIAAGP.SYS -- (viaagp)
DRV - [2008/04/14 13:06:40 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\AGPCPQ.SYS -- (agpCPQ)
DRV - [2008/04/14 13:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp)
DRV - [2008/04/14 13:06:40 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ALIM1541.SYS -- (alim1541)
DRV - [2008/04/14 13:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\AGP440.SYS -- (agp440)
DRV - [2008/04/14 13:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp)
DRV - [2008/04/14 13:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/14 13:00:00 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/14 13:00:00 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/14 13:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2008/04/14 13:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/06/01 14:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2007/05/24 17:56:00 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2001/08/18 03:07:44 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\hpn.sys -- (hpn)
DRV - [2001/08/18 03:07:44 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o)
DRV - [2001/08/18 03:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 03:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 03:07:42 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\perc2hib.sys -- (perc2hib)
DRV - [2001/08/18 03:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 03:07:40 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\perc2.sys -- (perc2)
DRV - [2001/08/18 03:07:38 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aic78xx.sys -- (aic78xx)
DRV - [2001/08/18 03:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aic78u2.sys -- (aic78u2)
DRV - [2001/08/18 03:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 03:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2001/08/18 03:07:32 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2001/08/18 02:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2001/08/18 02:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2001/08/18 02:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2001/08/18 02:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2001/08/18 02:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 02:52:16 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1240.sys -- (ql1240)
DRV - [2001/08/18 02:52:16 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql10wnt.sys -- (Ql10wnt)
DRV - [2001/08/18 02:52:16 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dac960nt.sys -- (dac960nt)
DRV - [2001/08/18 02:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 02:52:08 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ini910u.sys -- (ini910u)
DRV - [2001/08/18 02:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001/08/18 02:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf)
DRV - [2001/08/18 02:52:06 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray)
DRV - [2001/08/18 02:52:06 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cd20xrnt.sys -- (cd20xrnt)
DRV - [2001/08/18 02:52:04 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc3350p.sys -- (asc3350p)
DRV - [2001/08/18 02:52:04 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\amsint.sys -- (amsint)
DRV - [2001/08/18 02:52:02 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aha154x.sys -- (Aha154x)
DRV - [2001/08/18 02:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2001/08/18 02:52:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ABP480N5.SYS -- (abp480n5)
DRV - [2001/08/18 02:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2001/08/18 02:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2001/08/18 02:51:56 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\toside.sys -- (TosIde)
DRV - [2001/08/18 02:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2001/08/18 02:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=2081209
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=2081209
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=2081209
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=2081209
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=2081209
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=2081209
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2105232374-2241165323-2405145706-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
IE - HKU\S-1-5-21-2105232374-2241165323-2405145706-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...html?channel=uk
IE - HKU\S-1-5-21-2105232374-2241165323-2405145706-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2105232374-2241165323-2405145706-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2105232374-2241165323-2405145706-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk
IE - HKU\S-1-5-21-2105232374-2241165323-2405145706-500\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKU\S-1-5-21-2105232374-2241165323-2405145706-500\..\SearchScopes,DefaultScope = {3660636F-51A7-4101-90DC-FAEF53C77959}
IE - HKU\S-1-5-21-2105232374-2241165323-2405145706-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-2105232374-2241165323-2405145706-500\..\SearchScopes\{3660636F-51A7-4101-90DC-FAEF53C77959}: "URL" = http://www.google.co...1I7SKPT_enGB420
IE - HKU\S-1-5-21-2105232374-2241165323-2405145706-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2645238
IE - HKU\S-1-5-21-2105232374-2241165323-2405145706-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2105232374-2241165323-2405145706-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.mytalktalk.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.260.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://search.yahoo....-8&fr=ytff-&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\TalkTalk\Security\NRS\[email protected] [2012/04/23 07:02:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/23 19:18:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/13 22:00:09 | 000,000,000 | ---D | M]

[2010/10/06 19:47:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/05/20 10:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aw9rhnvm.default\extensions
[2010/12/18 19:56:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aw9rhnvm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/20 09:54:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aw9rhnvm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/05/20 09:54:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aw9rhnvm.default\extensions\trash
[2012/04/24 20:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/24 20:25:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/03/31 05:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/03/31 05:55:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/05/23 19:18:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/21 02:40:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/01 11:06:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/01 11:06:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\TalkTalk\Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\TalkTalk\Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKU\S-1-5-21-2105232374-2241165323-2405145706-500\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKU\S-1-5-21-2105232374-2241165323-2405145706-500\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\TalkTalk\Security\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\TalkTalk\Security\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMX Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2105232374-2241165323-2405145706-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2105232374-2241165323-2405145706-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\S-1-5-21-2105232374-2241165323-2405145706-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKU\S-1-5-21-2105232374-2241165323-2405145706-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1232962184453 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1286388474093 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76ECB679-EF20-4E90-877E-710F11717CC4}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 22:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/08 02:40:00 | 000,000,131 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{064bfcac-ebd5-11dd-a678-00219be619ee}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDEULA.exe
O33 - MountPoints2\{1c235097-2f52-11de-8a98-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{1c235097-2f52-11de-8a98-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1c235097-2f52-11de-8a98-806d6172696f}\Shell\AutoRun\command - "" = D:\_SETIMG\EPSSWT.EXE -- [2004/01/08 11:03:00 | 000,110,592 | R--- | M] (SEIKO EPSON CORPORATION)
O33 - MountPoints2\{f2f8067b-ebdc-11dd-8be4-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f2f8067b-ebdc-11dd-8be4-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f2f8067b-ebdc-11dd-8be4-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{f2f8067c-ebdc-11dd-8be4-806d6172696f}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDEULA.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\_SETIMG\EPSSWT.EXE -- [2004/01/08 11:03:00 | 000,110,592 | R--- | M] (SEIKO EPSON CORPORATION)
O34 - HKLM BootExecute: ("autocheck autochk *")
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dllttings File not found
NetSvcs: asiavaona - C:\WINDOWS\system32\glrsyfa.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/31 07:39:08 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/27 14:10:53 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/05/27 10:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/23 19:24:29 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/05/23 19:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/23 19:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/23 19:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2012/05/20 11:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/05/20 11:09:19 | 000,000,000 | ---D | C] -- C:\maes hyfryd

========== Files - Modified Within 30 Days ==========

[2012/05/31 07:46:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/05/31 07:45:09 | 001,112,952 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/31 07:45:09 | 000,463,482 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/31 07:40:46 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/31 07:40:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WavXMapDrive.bat
[2012/05/31 07:40:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/31 07:40:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/31 07:40:25 | 1026,727,936 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/31 07:11:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/31 06:59:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/31 01:01:22 | 000,000,562 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2012/05/30 16:43:25 | 000,000,000 | ---- | M] () -- C:\Documents
[2012/05/30 13:52:18 | 000,000,236 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\look.bat
[2012/05/28 07:11:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/27 16:08:03 | 000,198,312 | ---- | M] () -- C:\WINDOWS\EPSTPLOG.BAK
[2012/05/27 15:57:13 | 000,000,025 | ---- | M] () -- C:\WINDOWS\CDEALCX11Euro.ini
[2012/05/25 11:34:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/20 19:33:34 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2012/05/20 11:20:03 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/05/16 21:20:17 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/05/13 21:00:06 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Publisher 2003.lnk
[2012/05/13 20:52:05 | 000,288,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/09 19:58:42 | 000,044,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys

========== Files Created - No Company Name ==========

[2012/05/30 16:43:25 | 000,000,000 | ---- | C] () -- C:\Documents
[2012/05/30 13:52:17 | 000,000,236 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\look.bat
[2012/05/30 08:39:33 | 1026,727,936 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/27 15:57:42 | 000,198,312 | ---- | C] () -- C:\WINDOWS\EPSTPLOG.BAK
[2012/05/27 15:57:13 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEALCX11Euro.ini
[2012/05/20 11:20:03 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/05/08 05:46:35 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/21 22:24:57 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/02/17 22:32:56 | 000,054,424 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/02/15 00:09:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/09 19:48:28 | 000,044,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011/09/08 19:53:54 | 000,000,750 | ---- | C] () -- C:\WINDOWS\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
[2011/08/28 14:38:34 | 000,000,332 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP21.INI
[2011/03/21 19:19:42 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/27 19:16:01 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/02/12 23:10:25 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/11/28 22:45:37 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/06 19:47:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/12 20:49:13 | 000,000,976 | ---- | C] () -- C:\WINDOWS\2ivt.ini

========== LOP Check ==========

[2011/02/17 18:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2011/11/17 19:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BACS.exe
[2011/02/12 23:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CheckPoint
[2012/01/15 21:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CyberScrub
[2011/12/23 12:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\F-Secure
[2011/11/01 20:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\go
[2009/01/27 08:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2012/03/22 14:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2010/12/28 08:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp
[2008/12/09 13:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2011/09/09 19:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/17 18:58:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/01 20:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2011/09/09 19:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2011/09/09 19:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2011/09/09 19:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/12/09 13:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2010/12/15 23:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2011/09/09 18:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/12/09 13:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2012/01/02 15:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/01/27 08:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2009/01/26 19:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Wave Systems Corp
[2008/12/09 13:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ICTSupport\Application Data\Wave Systems Corp
[2012/03/21 22:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2012/05/23 19:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2008/12/09 13:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SAVUpdate\Application Data\Wave Systems Corp
[2012/02/21 14:37:35 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job
[2012/02/21 14:37:35 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\Tasks\DataUpload.job
[2012/05/31 01:01:22 | 000,000,562 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled scanning task.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: PCHSVC.DLL >
[2008/04/14 13:00:00 | 000,038,400 | ---- | M] (Microsoft Corporation) MD5=4FCCA060DFE0C51A09DD5C3843888BCD -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

< End of report >
  • 0

#24
DragonFromWales

DragonFromWales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
There was but one txt file created. In posting #13 you said: "To get an extras.txt file you need to select Use SafeList under the category Extra Registry. " Shouldn't I therefore have ticked this option?
  • 0

#25
DragonFromWales

DragonFromWales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
C:\Documents and Settings\Administrator\My Documents\Downloads\HAMeb_check(1).exe
31/05/2012 at 8:27:09.71

Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0DF937C1
malicious code @ sector 0x0DF937C4 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services


~~ EOF ~~
  • 0

Advertisements


#26
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
I need the two text files from Post #18 and step 2

xcpip.txt
xpsec.txt

  • 0

#27
DragonFromWales

DragonFromWales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Neither files are on my desktop. I've also searched for these two files. Nothing.
  • 0

#28
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Please rerun the Look.bat file you created following the instructions.

Regards,

CompCav
  • 0

#29
DragonFromWales

DragonFromWales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
The Look.bat file is on the desk top; everything inside has been copied into it correctly. I double click; the black screen runs. I see a quick glimpse of the word "Invalid key name" then it disappears. NO text files appear on the desk top.

Edited by DragonFromWales, 01 June 2012 - 12:33 PM.

  • 0

#30
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
The invalid key name means I can remove the pointers in the next fix! Thanks

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll憎႕吀污呫污k⠀̀Ѐ⢾툿벖鑀ᐬ [WARNING: %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll??????k?`???????] -- (helpsvc)
    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\glrsyfa.dll -- (asiavaona)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aqflyh9w.sys -- (aqflyh9w.sys)
    E - HKU\S-1-5-21-2105232374-2241165323-2405145706-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2645238
    O2 - BHO: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O3 - HKU\S-1-5-21-2105232374-2241165323-2405145706-500\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
    O3 - HKU\S-1-5-21-2105232374-2241165323-2405145706-500\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dllttings File not found
    NetSvcs: asiavaona - C:\WINDOWS\system32\glrsyfa.dll File not found
    [2012/05/20 11:09:19 | 000,000,000 | ---D | C] -- C:\maes hyfryd
    [2011/02/17 18:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
    [2011/09/09 19:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    
    
    :files
    ipconfig /flushdns /c
    
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP