Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

combofix is disabled and internet is locking up [Solved]


  • This topic is locked This topic is locked

#1
Aaron2007

Aaron2007

    Member

  • Member
  • PipPip
  • 14 posts
Hello all, I'm having a very difficult time with this computer and getting it to work properly. Upon boot-up the internet will run just fine, but after 10-15 mins or so my connection seems to just lock up and by that I mean it will not load any webpages or anything else requiring the internet. The only way to get my connection back is to go to control panel and disable/reenable my connection, then after 10-15 more mins it'll do it again. Another issue I'm having is my combofix is disabled, when I click on it I get a message saying "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item". Any help will be fantastic, thank you.

Logfile of HijackThis v1.99.1
Scan saved at 1:46:32 PM, on 6/13/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\unzipped\hijackthis\hijackthis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.a...aller_2-0-0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1248838524406
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there Hijackthis gives insufficient information about todays malware

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Aaron2007

Aaron2007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thank you Essexboy your a life saver! I wasn't sure if HJT was still good or not but anyways here are the logs and thank you again.

OTL logfile created on: 6/14/2012 12:12:42 AM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Aaron\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.42 Mb Total Physical Memory | 251.81 Mb Available Physical Memory | 32.86% Memory free
2.02 Gb Paging File | 1.61 Gb Available in Paging File | 79.49% Paging File free
Paging file location(s): C:\pagefile.sys 1350 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.26 Gb Total Space | 1.36 Gb Free Space | 2.38% Space Free | Partition Type: NTFS

Computer Name: AARON-H612E60RG | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/14 00:11:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aaron\Desktop\OTL.exe
PRC - [2011/07/09 12:15:18 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2010/03/31 21:03:19 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/12/14 09:29:00 | 000,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2006/09/22 23:18:13 | 000,356,352 | ---- | M] () -- C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe
PRC - [2006/07/14 22:37:55 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/10 12:48:03 | 000,150,480 | ---- | M] () -- C:\WINDOWS\system32\5017\components\AcroFF017.dll
MOD - [2008/12/12 18:11:26 | 000,148,480 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/12/12 18:11:26 | 000,097,280 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2006/09/22 23:18:13 | 000,356,352 | ---- | M] () -- C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe
MOD - [2006/09/22 23:18:13 | 000,073,728 | ---- | M] () -- C:\Program Files\Micro Innovations\Optical Scroll\mouDL32A.dll
MOD - [2004/08/04 00:56:46 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/07/09 12:15:18 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2009/04/26 15:29:24 | 000,090,352 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/03/03 14:53:32 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\yfsjldu.sys -- (lwwmulnkvdmjxb)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\e5f36169.sys -- (e5f36169)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- -- (Beep)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\76c34a80.sys -- (76c34a80)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\63c2eb4b.sys -- (63c2eb4b)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/12/12 18:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/11/06 00:13:33 | 000,044,696 | ---- | M] (Phantombility, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\phmcd.sys -- (phmcd)
DRV - [2007/02/18 11:56:38 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/01/30 01:16:42 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2004/08/22 17:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 17:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)
DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/07/24 00:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/18 21:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/18 21:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/18 21:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/18 21:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/18 21:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/18 21:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2002/04/30 04:17:54 | 000,917,988 | R--- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winachcf.sys -- (Winachcf)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1801674531-1580818891-1060284298-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1801674531-1580818891-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1801674531-1580818891-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/flashplayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Aaron\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Aaron\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\firefox\extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5017 [2011/06/10 12:48:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/03 18:46:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 12:33:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Aaron\Application Data\Move Networks [2009/11/14 14:24:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5017 [2011/06/10 12:48:03 | 000,000,000 | ---D | M]

[2011/01/03 02:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Extensions
[2011/01/03 02:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Extensions\[email protected]
[2012/06/13 12:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\extensions
[2009/05/21 13:07:03 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/11/29 03:04:42 | 000,000,000 | ---D | M] ("BitDefender QuickScanner") -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(2)
[2008/12/12 13:23:54 | 000,002,158 | -H-- | M] () -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\searchplugins\MySpace.xml
[2012/06/13 12:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/14 14:24:37 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\AARON\APPLICATION DATA\MOVE NETWORKS
[2009/07/05 01:19:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/10 12:48:03 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5017

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealOne Player Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: getPlus for Adobe 15235 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Aaron\Application Data\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/09/17 14:24:00 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-1801674531-1580818891-1060284298-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1801674531-1580818891-1060284298-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe ()
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1801674531-1580818891-1060284298-1004..\Run: [RealPlayer] C:\Program Files\Real\RealOne Player\realplay.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1801674531-1580818891-1060284298-1004..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-1580818891-1060284298-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1801674531-1580818891-1060284298-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1801674531-1580818891-1060284298-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1801674531-1580818891-1060284298-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-1801674531-1580818891-1060284298-1004\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.micr...9E3A1BC/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} https://activation.a...aller_2-0-0.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1248838524406 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8ffbe65d-2c9c-4669-84bd-5829dc0b603c} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40D07D27-6BC4-4866-971E-D1050AE8A92E}: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{557019BA-570F-494C-8F4D-72862B87EFB0}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/13 02:10:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\dsp.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\dsp.exe" -a "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/14 00:13:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Aaron\Desktop\aswMBR.exe
[2012/06/14 00:11:15 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aaron\Desktop\OTL.exe
[2012/06/05 00:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/14 00:13:48 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Aaron\Desktop\aswMBR.exe
[2012/06/14 00:11:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aaron\Desktop\OTL.exe
[2012/06/14 00:10:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1580818891-1060284298-1004UA.job
[2012/06/14 00:10:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1580818891-1060284298-1004Core.job
[2012/06/13 19:50:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/13 14:33:38 | 000,025,296 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-00000009-00001102-00000002-80651102}.rfx
[2012/06/13 14:33:38 | 000,025,296 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-00000009-00001102-00000002-80651102}.rfx
[2012/06/13 14:33:38 | 000,016,516 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-00000009-00001102-00000002-80651102}.rfx
[2012/06/13 14:33:38 | 000,016,516 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-00000009-00001102-00000002-80651102}.rfx
[2012/06/13 14:33:38 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/06/13 14:33:38 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/06/13 14:33:38 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-80651102}.dat
[2012/06/13 14:33:38 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-00000009-00001102-00000002-80651102}.dat
[2012/06/13 14:09:44 | 000,004,036 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/11 22:11:41 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/11 22:11:39 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Aaron\Desktop\Google Chrome.lnk
[2012/06/09 23:22:51 | 000,086,528 | ---- | M] () -- C:\Documents and Settings\Aaron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/09 13:52:40 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/04 18:39:03 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\lkkjeunt.sys
[2012/06/02 15:38:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/04 18:39:03 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\lkkjeunt.sys
[2012/06/02 15:38:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/05/25 22:04:26 | 000,000,665 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat
[2011/05/25 00:48:14 | 000,001,448 | -HS- | C] () -- C:\Documents and Settings\Aaron\Local Settings\Application Data\t2342bpnbb47w8
[2011/05/25 00:48:14 | 000,001,448 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4037040817
[2011/05/25 00:47:15 | 000,017,918 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\t2342bpnbb47w8
[2011/05/25 00:47:15 | 000,017,918 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t2342bpnbb47w8
[2011/05/24 22:07:47 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\3r45f5wu.default.dat
[2011/05/18 22:36:19 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Etadofese.dat
[2011/05/18 22:36:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fcufoqi.bin
[2011/05/18 22:35:35 | 000,016,348 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0d681735hd18qbq1ml0o44tg14272ue55xak
[2011/05/18 22:35:35 | 000,016,348 | -HS- | C] () -- C:\Documents and Settings\Aaron\Local Settings\Application Data\0d681735hd18qbq1ml0o44tg14272ue55xak

========== LOP Check ==========

[2010/12/31 00:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\.anomos
[2007/01/01 20:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\acccore
[2006/07/13 13:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Aim
[2009/08/13 01:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Any Video Converter
[2012/06/13 20:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Azureus
[2011/10/08 13:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\FrostWire
[2010/02/01 22:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\iWin
[2010/08/21 23:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Leawo
[2009/11/29 03:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Lionhead Studios
[2009/07/12 21:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\LPECommon
[2006/08/07 15:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\LucasArts
[2011/12/04 03:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\MP3Rocket
[2009/11/29 03:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\My Games
[2009/06/18 00:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Opera
[2011/01/03 02:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Philips
[2011/01/03 02:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Philips-Songbird
[2009/11/29 01:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\QuickScan
[2009/03/21 02:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Research In Motion
[2009/11/07 12:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\uTorrent
[2007/01/11 16:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Viewpoint
[2009/09/09 14:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/02/07 19:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/09/10 13:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chit Chat For Facebook
[2009/11/29 03:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lionhead Studios
[2011/04/22 20:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oracle
[2009/12/16 02:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/04/22 20:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/12/26 03:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/02 10:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/15 13:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/06/21 23:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/12 01:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2011/05/19 01:40:16 | 000,050,688 | ---- | M] (Atribune.org) -- C:\ATF-Cleaner.exe
[2011/08/08 16:28:10 | 000,600,912 | ---- | M] (Google Inc.) -- C:\ChromeSetup.exe
[2009/04/09 13:30:03 | 006,879,234 | ---- | M] (FrostWire, LLC) -- C:\frostwire-4.17.2.windows.exe
[2006/07/15 01:12:39 | 000,359,112 | ---- | M] () -- C:\LimeWireWin.exe
[2011/08/21 23:00:34 | 013,126,888 | ---- | M] () -- C:\mp3rocket.exe
[2010/07/08 23:08:40 | 000,418,304 | ---- | M] (Yahoo! Inc.) -- C:\msgr10us.exe
[2006/11/26 13:48:31 | 000,078,384 | ---- | M] (MySpace Inc.) -- C:\MySpaceIM_Setup.exe
[2007/01/30 20:59:26 | 011,558,912 | ---- | M] () -- C:\nTune_2.00.23.exe
[2005/10/31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2011/05/25 02:38:17 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\tdsskiller.exe
[2011/09/17 14:23:54 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\winsockxpfix.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2002/08/29 07:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES >
[2002/08/29 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\services.exe
[2004/08/04 00:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\ERDNT\cache\services.exe
[2004/08/04 00:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2004/08/04 00:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\system32\services.exe
[2002/08/29 07:00:00 | 000,101,376 | ---- | M] (Microsoft Corporation) MD5=E3DF4A0252D287C44606EE55355E1623 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.LNK >
[2006/07/13 02:10:59 | 000,001,602 | ---- | M] () MD5=C368F5A7B83BA09CBF584238D5B5EF5D -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
[2006/07/13 02:10:59 | 000,001,602 | -H-- | M] () MD5=C368F5A7B83BA09CBF584238D5B5EF5D -- C:\Qoobox\Quarantine\C\Documents and Settings\Aaron\Local Settings\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2002/08/29 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.SBS >
[2011/03/01 02:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2002/08/29 07:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[2002/08/29 07:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2002/08/29 07:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95

< End of report >

OTL Extras logfile created on: 6/14/2012 12:12:42 AM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Aaron\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.42 Mb Total Physical Memory | 251.81 Mb Available Physical Memory | 32.86% Memory free
2.02 Gb Paging File | 1.61 Gb Available in Paging File | 79.49% Paging File free
Paging file location(s): C:\pagefile.sys 1350 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.26 Gb Total Space | 1.36 Gb Free Space | 2.38% Space Free | Partition Type: NTFS

Computer Name: AARON-H612E60RG | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\dsp.exe" -a "%1" %*

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\dsp.exe" -a "%1" %*

[HKEY_USERS\S-1-5-21-1801674531-1580818891-1060284298-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1"
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\System32\mshtml.dll,PrintHTML "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\domainprofile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\standardprofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad -- ()
"C:\Program Files\Sony\Station\LaunchPad\_aunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\_aunchPad.exe:*:Enabled:_aunchPad -- ()
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Documents and Settings\Aaron\Desktop\utorrent.exe" = C:\Documents and Settings\Aaron\Desktop\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- ()
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CA14F11-6F47-4613-8E40-6AC088E464A0}" = Cisco Network Magic
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B1A4366-8DFA-4582-91F6-27F7A4714FCC}" = Pure Networks Platform
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5F5D8937-508B-440F-9C1B-19CB78DBB834}" = Pocket Tanks Deluxe
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9115e7db-3b29-445a-802d-11e0aa945b7f}" = Sound Blaster Live!
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{a2a60894-e3ed-46fe-9a6a-7cf7a87572a0}" = Opera 9.64
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B97A0C89-29C0-4682-902C-364109A9857C}" = Belkin F6D4050 Enhanced Wireless USB Adapter
"{BAA11826-70EF-4E44-9E97-8476793E022F}" = Launchpad Enhanced
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"adobe flash player plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Any Video Converter_is1" = Any Video Converter 2.7.6
"AOL Instant Messenger" = AOL Instant Messenger
"AviSynth" = AviSynth 2.5
"BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"Browser Hijack Recover_is1" = Browser Hijack Recover(BHR) 3.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CXT10B6" = AOpen FM56-PX Controllerless PCI Modem
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0 (build 25)
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.4.0
"FrostWire" = FrostWire 4.17.2
"GameBiz 2_is1" = GameBiz 2 Uninstall
"HijackThis" = HijackThis 1.99.1
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™
"InstallShield_{B97A0C89-29C0-4682-902C-364109A9857C}" = Belkin F6D4050 Enhanced Wireless USB Adapter
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Micro Innovations Optical Scroll Mouse" = Micro Innovations Optical Scroll Mouse
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MP3 Rocket" = MP3 Rocket
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network MagicUninstall" = Network Magic
"OpenSSL Light (32-bit)_is1" = OpenSSL 0.9.8l Light (32-bit)
"PC Pitstop Driver Alert2_is1" = PC Pitstop Driver Alert2 2.0.0.0
"PC Pitstop Exterminate_is1" = PC Pitstop Exterminate 1.0
"PC Pitstop Optimize3_is1" = PC Pitstop Optimize3 3.0
"PeerGuardian_is1" = PeerGuardian 2.0
"Recover My Files_is1" = Recover My Files
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Videora iPod Converter" = Videora iPod Converter 6
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YouTube Downloader App" = YouTube Downloader App 3.00

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1801674531-1580818891-1060284298-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/15/2012 5:06:43 PM | Computer Name = AARON-H612E60RG | Source = Application Error | ID = 1000
Description = Faulting application services.exe, version 5.1.2600.2180, faulting
module oleaut32.dll, version 5.1.2600.2180, fault address 0x0000af08.

Error - 5/28/2012 1:49:47 PM | Computer Name = AARON-H612E60RG | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 5/28/2012 1:49:47 PM | Computer Name = AARON-H612E60RG | Source = Bonjour Service | ID = 100
Description = 424: ERROR: read_msg errno 10053 (An established connection was aborted
by the software in your host machine.)

Error - 5/28/2012 1:49:47 PM | Computer Name = AARON-H612E60RG | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 5/28/2012 1:49:47 PM | Computer Name = AARON-H612E60RG | Source = Bonjour Service | ID = 100
Description = 424: ERROR: read_msg errno 10053 (An established connection was aborted
by the software in your host machine.)

Error - 5/28/2012 1:49:53 PM | Computer Name = AARON-H612E60RG | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 5/28/2012 1:49:53 PM | Computer Name = AARON-H612E60RG | Source = Bonjour Service | ID = 100
Description = 424: ERROR: read_msg errno 10053 (An established connection was aborted
by the software in your host machine.)

Error - 5/28/2012 1:50:06 PM | Computer Name = AARON-H612E60RG | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 5/28/2012 1:50:06 PM | Computer Name = AARON-H612E60RG | Source = Bonjour Service | ID = 100
Description = 424: ERROR: read_msg errno 10053 (An established connection was aborted
by the software in your host machine.)

Error - 5/30/2012 2:19:21 PM | Computer Name = AARON-H612E60RG | Source = Application Error | ID = 1000
Description = Faulting application services.exe, version 5.1.2600.2180, faulting
module oleaut32.dll, version 5.1.2600.2180, fault address 0x0000af08.

[ System Events ]
Error - 6/13/2012 9:38:14 PM | Computer Name = AARON-H612E60RG | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/13/2012 11:24:50 PM | Computer Name = AARON-H612E60RG | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/13/2012 11:24:51 PM | Computer Name = AARON-H612E60RG | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/13/2012 11:24:53 PM | Computer Name = AARON-H612E60RG | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/13/2012 11:34:11 PM | Computer Name = AARON-H612E60RG | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/13/2012 11:34:12 PM | Computer Name = AARON-H612E60RG | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/14/2012 1:12:37 AM | Computer Name = AARON-H612E60RG | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/14/2012 1:12:39 AM | Computer Name = AARON-H612E60RG | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/14/2012 1:22:47 AM | Computer Name = AARON-H612E60RG | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 6/14/2012 1:22:47 AM | Computer Name = AARON-H612E60RG | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-14 00:36:10
-----------------------------
00:36:10.260 OS Version: Windows 5.1.2600 Service Pack 2
00:36:10.280 Number of processors: 1 586 0x207
00:36:10.320 ComputerName: AARON-H612E60RG UserName: Aaron
00:36:18.912 Initialize success
00:36:57.348 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-12
00:36:57.378 Disk 0 Vendor: IC35L060AVV207-0 V22OA63A Size: 58644MB BusType: 3
00:36:57.408 Device \Driver\atapi -> DriverStartIo f762d7c6
00:36:57.438 Device \Driver\atapi -> MajorFunction 83c83470
00:36:57.488 Disk 0 MBR read successfully
00:36:57.508 Disk 0 MBR scan
00:36:57.538 Disk 0 Windows XP default MBR code
00:36:57.568 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 58635 MB offset 63
00:36:57.618 Disk 0 scanning sectors +120085875
00:36:57.768 Disk 0 scanning C:\WINDOWS\system32\drivers
00:37:02.425 File: C:\WINDOWS\system32\drivers\afd.sys **SUSPICIOUS**
00:37:27.421 Disk 0 trace - called modules:
00:37:27.441 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xf78798b0]<<
00:37:27.451 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83f4fab8]
00:37:27.471 3 CLASSPNP.SYS[f773405b] -> nt!IofCallDriver -> [0x83da8030]
00:37:27.471 \Driver\Disk[0x839a9c80] -> IRP_MJ_CREATE -> 0xf78798b0
00:37:27.471 Scan finished successfully
00:40:18.016 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Aaron\Desktop\MBR.dat"
00:40:18.076 The log file has been saved successfully to "C:\Documents and Settings\Aaron\Desktop\aswMBR.txt"
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi it appears that you may have two different infections to clear

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\yfsjldu.sys -- (lwwmulnkvdmjxb)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\76c34a80.sys -- (76c34a80)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\63c2eb4b.sys -- (63c2eb4b)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
    O3 - HKU\S-1-5-21-1801674531-1580818891-1060284298-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\dsp.exe" -a "%1" %*
    O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\dsp.exe" -a "%1" %*
    2012/06/04 18:39:03 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\lkkjeunt.sys
    [2011/05/25 22:04:26 | 000,000,665 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat
    [2011/05/25 00:48:14 | 000,001,448 | -HS- | C] () -- C:\Documents and Settings\Aaron\Local Settings\Application Data\t2342bpnbb47w8
    [2011/05/25 00:48:14 | 000,001,448 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4037040817
    [2011/05/25 00:47:15 | 000,017,918 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\t2342bpnbb47w8
    [2011/05/25 00:47:15 | 000,017,918 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t2342bpnbb47w8
    [2011/05/24 22:07:47 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\3r45f5wu.default.dat
    [2011/05/18 22:36:19 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Etadofese.dat
    [2011/05/18 22:36:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fcufoqi.bin
    [2011/05/18 22:35:35 | 000,016,348 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0d681735hd18qbq1ml0o44tg14272ue55xak
    [2011/05/18 22:35:35 | 000,016,348 | -HS- | C] () -- C:\Documents and Settings\Aaron\Local Settings\Application Data\0d681735hd18qbq1ml0o44tg14272ue55xak

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

FINALLY

Delete your current coipy of combofix from the desktop
Download a fresh copy but rename it to Gotcha before saving

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
Aaron2007

Aaron2007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
After following your instructions my computer seems to be running better than it was, but my add/remove program says " windows cannot find "C:\WINDOWS\system32\rundll32.exe"" and therefore it won't open and also I cannot delete the original combofix from my desktop. When I click delete it says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access them". One more thing, after I ran OTL and it rebooted there were some icons on my desktop I had not seen in months but they were check-marked hidden in their attributes when I right-clicked on them. One in particular stood out, it was an image file and when I went to its properties there was a message in the middle of the screen that said something like it was from another computer, could be malicious. Anyways here are the logs.

OTL logfile created on: 6/15/2012 1:32:36 AM - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Aaron\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.42 Mb Total Physical Memory | 433.53 Mb Available Physical Memory | 56.57% Memory free
2.02 Gb Paging File | 1.78 Gb Available in Paging File | 87.89% Paging File free
Paging file location(s): C:\pagefile.sys 1350 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.26 Gb Total Space | 6.51 Gb Free Space | 11.36% Space Free | Partition Type: NTFS

Computer Name: AARON-H612E60RG | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/14 00:11:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aaron\Desktop\OTL.exe
PRC - [2011/07/09 12:15:18 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2010/03/31 21:03:19 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/12/14 09:29:00 | 000,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2006/09/22 23:18:13 | 000,356,352 | ---- | M] () -- C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe
PRC - [2006/07/14 22:37:55 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/07/14 22:37:55 | 000,053,293 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realevent.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/10 12:48:03 | 000,150,480 | ---- | M] () -- C:\WINDOWS\system32\5017\components\AcroFF017.dll
MOD - [2008/12/12 18:11:26 | 000,148,480 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/12/12 18:11:26 | 000,097,280 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2006/09/22 23:18:13 | 000,356,352 | ---- | M] () -- C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe
MOD - [2006/09/22 23:18:13 | 000,073,728 | ---- | M] () -- C:\Program Files\Micro Innovations\Optical Scroll\mouDL32A.dll
MOD - [2004/08/04 00:56:46 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/07/09 12:15:18 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2009/04/26 15:29:24 | 000,090,352 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/03/03 14:53:32 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\e5f36169.sys -- (e5f36169)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- -- (Beep)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/12/12 18:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/11/06 00:13:33 | 000,044,696 | ---- | M] (Phantombility, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\phmcd.sys -- (phmcd)
DRV - [2007/02/18 11:56:38 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/01/30 01:16:42 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2004/08/22 17:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 17:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)
DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/07/24 00:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/18 21:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/18 21:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/18 21:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/18 21:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/18 21:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/18 21:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2002/04/30 04:17:54 | 000,917,988 | R--- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winachcf.sys -- (Winachcf)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/flashplayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Aaron\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Aaron\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\firefox\extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5017 [2011/06/10 12:48:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/03 18:46:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 12:33:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Aaron\Application Data\Move Networks [2009/11/14 14:24:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5017 [2011/06/10 12:48:03 | 000,000,000 | ---D | M]

[2011/01/03 02:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Extensions
[2011/01/03 02:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Extensions\[email protected]
[2012/06/15 01:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\extensions
[2009/05/21 13:07:03 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/11/29 03:04:42 | 000,000,000 | ---D | M] ("BitDefender QuickScanner") -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(2)
[2008/12/12 13:23:54 | 000,002,158 | -H-- | M] () -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\searchplugins\MySpace.xml
[2012/06/15 01:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/14 14:24:37 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\AARON\APPLICATION DATA\MOVE NETWORKS
[2009/07/05 01:19:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/10 12:48:03 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5017

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealOne Player Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: getPlus for Adobe 15235 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Aaron\Application Data\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/15 01:23:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe ()
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [RealPlayer] C:\Program Files\Real\RealOne Player\realplay.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.micr...9E3A1BC/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} https://activation.a...aller_2-0-0.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1248838524406 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8ffbe65d-2c9c-4669-84bd-5829dc0b603c} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40D07D27-6BC4-4866-971E-D1050AE8A92E}: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{557019BA-570F-494C-8F4D-72862B87EFB0}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/13 02:10:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 01:32:50 | 002,127,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Aaron\Desktop\tdsskiller.exe
[2012/06/15 01:23:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/14 00:13:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Aaron\Desktop\aswMBR.exe
[2012/06/14 00:11:15 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aaron\Desktop\OTL.exe
[2012/06/05 00:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm

========== Files - Modified Within 30 Days ==========

[2012/06/15 01:33:02 | 002,127,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Aaron\Desktop\tdsskiller.exe
[2012/06/15 01:29:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/15 01:28:47 | 000,025,296 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-00000009-00001102-00000002-80651102}.rfx
[2012/06/15 01:28:47 | 000,025,296 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-00000009-00001102-00000002-80651102}.rfx
[2012/06/15 01:28:47 | 000,016,516 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-00000009-00001102-00000002-80651102}.rfx
[2012/06/15 01:28:47 | 000,016,516 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-00000009-00001102-00000002-80651102}.rfx
[2012/06/15 01:28:47 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/06/15 01:28:47 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/06/15 01:28:47 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-80651102}.dat
[2012/06/15 01:28:47 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-00000009-00001102-00000002-80651102}.dat
[2012/06/15 01:23:26 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/06/15 01:10:32 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1580818891-1060284298-1004UA.job
[2012/06/15 01:00:52 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/14 00:43:15 | 000,086,528 | ---- | M] () -- C:\Documents and Settings\Aaron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/14 00:40:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Aaron\Desktop\MBR.dat
[2012/06/14 00:13:48 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Aaron\Desktop\aswMBR.exe
[2012/06/14 00:11:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aaron\Desktop\OTL.exe
[2012/06/14 00:10:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1580818891-1060284298-1004Core.job
[2012/06/13 14:09:44 | 000,004,036 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/11 22:11:41 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/11 22:11:39 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Aaron\Desktop\Google Chrome.lnk
[2012/06/04 18:39:03 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\lkkjeunt.sys
[2012/06/02 15:38:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/06/14 00:40:18 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Aaron\Desktop\MBR.dat
[2012/06/04 18:39:03 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\lkkjeunt.sys
[2012/06/02 15:38:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

========== LOP Check ==========

[2010/12/31 00:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\.anomos
[2007/01/01 20:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\acccore
[2006/07/13 13:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Aim
[2009/08/13 01:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Any Video Converter
[2012/06/13 20:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Azureus
[2011/10/08 13:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\FrostWire
[2010/02/01 22:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\iWin
[2010/08/21 23:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Leawo
[2009/11/29 03:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Lionhead Studios
[2009/07/12 21:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\LPECommon
[2006/08/07 15:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\LucasArts
[2011/12/04 03:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\MP3Rocket
[2009/11/29 03:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\My Games
[2009/06/18 00:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Opera
[2011/01/03 02:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Philips
[2011/01/03 02:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Philips-Songbird
[2009/11/29 01:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\QuickScan
[2009/03/21 02:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Research In Motion
[2009/11/07 12:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\uTorrent
[2007/01/11 16:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Viewpoint
[2009/09/09 14:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/02/07 19:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/09/10 13:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chit Chat For Facebook
[2009/11/29 03:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lionhead Studios
[2011/04/22 20:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oracle
[2009/12/16 02:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/04/22 20:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/12/26 03:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/02 10:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/15 13:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/06/21 23:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/12 01:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95

< End of report >

01:59:28.0916 2128 TDSS rootkit removing tool 2.7.39.0 Jun 14 2012 08:11:46
01:59:29.0376 2128 ============================================================
01:59:29.0376 2128 Current date / time: 2012/06/15 01:59:29.0376
01:59:29.0376 2128 SystemInfo:
01:59:29.0376 2128
01:59:29.0376 2128 OS Version: 5.1.2600 ServicePack: 2.0
01:59:29.0376 2128 Product type: Workstation
01:59:29.0376 2128 ComputerName: AARON-H612E60RG
01:59:29.0376 2128 UserName: Aaron
01:59:29.0376 2128 Windows directory: C:\WINDOWS
01:59:29.0376 2128 System windows directory: C:\WINDOWS
01:59:29.0376 2128 Processor architecture: Intel x86
01:59:29.0376 2128 Number of processors: 1
01:59:29.0376 2128 Page size: 0x1000
01:59:29.0376 2128 Boot type: Normal boot
01:59:29.0376 2128 ============================================================
01:59:31.0349 2128 Drive \Device\Harddisk0\DR0 - Size: 0xE51424000 (57.27 Gb), SectorSize: 0x200, Cylinders: 0x1D34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
01:59:31.0349 2128 ============================================================
01:59:31.0359 2128 \Device\Harddisk0\DR0:
01:59:31.0359 2128 MBR partitions:
01:59:31.0359 2128 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7285D34
01:59:31.0359 2128 ============================================================
01:59:31.0600 2128 C: <-> \Device\Harddisk0\DR0\Partition0
01:59:31.0650 2128 ============================================================
01:59:31.0650 2128 Initialize success
01:59:31.0650 2128 ============================================================
02:00:42.0532 1300 ============================================================
02:00:42.0532 1300 Scan started
02:00:42.0532 1300 Mode: Manual; SigCheck; TDLFS;
02:00:42.0532 1300 ============================================================
02:00:42.0892 1300 Abiosdsk - ok
02:00:42.0952 1300 abp480n5 - ok
02:00:43.0082 1300 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:00:45.0536 1300 ACPI - ok
02:00:45.0636 1300 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
02:00:45.0957 1300 ACPIEC - ok
02:00:46.0007 1300 adpu160m - ok
02:00:46.0087 1300 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
02:00:46.0367 1300 aec - ok
02:00:46.0427 1300 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
02:00:46.0447 1300 AegisP ( UnsignedFile.Multi.Generic ) - warning
02:00:46.0447 1300 AegisP - detected UnsignedFile.Multi.Generic (1)
02:00:46.0517 1300 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
02:00:46.0788 1300 AFD - ok
02:00:46.0838 1300 Aha154x - ok
02:00:46.0918 1300 aic78u2 - ok
02:00:46.0968 1300 aic78xx - ok
02:00:47.0058 1300 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
02:00:47.0338 1300 Alerter - ok
02:00:47.0409 1300 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
02:00:47.0699 1300 ALG - ok
02:00:47.0729 1300 AliIde - ok
02:00:47.0779 1300 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
02:00:48.0029 1300 AmdK7 - ok
02:00:48.0080 1300 amsint - ok
02:00:48.0250 1300 Apple Mobile Device (b1a0266d5f48c1a9a87c60ca5304a43e) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:00:48.0300 1300 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning
02:00:48.0300 1300 Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)
02:00:48.0350 1300 AppMgmt - ok
02:00:48.0380 1300 asc - ok
02:00:48.0430 1300 asc3350p - ok
02:00:48.0480 1300 asc3550 - ok
02:00:48.0660 1300 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:00:48.0680 1300 aspnet_state - ok
02:00:48.0730 1300 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:00:49.0001 1300 AsyncMac - ok
02:00:49.0081 1300 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:00:49.0321 1300 atapi - ok
02:00:49.0391 1300 Atdisk - ok
02:00:49.0462 1300 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:00:49.0732 1300 Atmarpc - ok
02:00:49.0832 1300 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
02:00:50.0072 1300 AudioSrv - ok
02:00:50.0163 1300 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:00:50.0463 1300 audstub - ok
02:00:50.0533 1300 Beep - ok
02:00:50.0683 1300 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
02:00:51.0004 1300 BITS - ok
02:00:51.0174 1300 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
02:00:51.0214 1300 Bonjour Service - ok
02:00:51.0304 1300 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
02:00:51.0565 1300 Browser - ok
02:00:51.0615 1300 catchme - ok
02:00:51.0735 1300 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:00:52.0035 1300 cbidf2k - ok
02:00:52.0085 1300 cd20xrnt - ok
02:00:52.0216 1300 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:00:52.0496 1300 Cdaudio - ok
02:00:52.0556 1300 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
02:00:52.0806 1300 Cdfs - ok
02:00:52.0876 1300 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:00:53.0157 1300 Cdrom - ok
02:00:53.0177 1300 Changer - ok
02:00:53.0247 1300 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
02:00:53.0517 1300 CiSvc - ok
02:00:53.0567 1300 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
02:00:53.0868 1300 ClipSrv - ok
02:00:53.0948 1300 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:00:54.0018 1300 clr_optimization_v2.0.50727_32 - ok
02:00:54.0038 1300 CmdIde - ok
02:00:54.0098 1300 COMSysApp - ok
02:00:54.0168 1300 Cpqarray - ok
02:00:54.0248 1300 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
02:00:54.0499 1300 CryptSvc - ok
02:00:54.0569 1300 ctac32k (4b6096745f72b4fd36514617e2ea5d37) C:\WINDOWS\system32\drivers\ctac32k.sys
02:00:54.0659 1300 ctac32k - ok
02:00:54.0829 1300 ctaud2k (3576ec792347ed15699f6d830e0f5437) C:\WINDOWS\system32\drivers\ctaud2k.sys
02:00:54.0899 1300 ctaud2k - ok
02:00:54.0969 1300 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
02:00:55.0270 1300 ctljystk - ok
02:00:55.0330 1300 ctprxy2k (097d42574e3c6d98cd5a2ee7647fa6bf) C:\WINDOWS\system32\drivers\ctprxy2k.sys
02:00:55.0360 1300 ctprxy2k - ok
02:00:55.0430 1300 ctsfm2k (c58a2507ef62b20b9bd670c666088b50) C:\WINDOWS\system32\drivers\ctsfm2k.sys
02:00:55.0470 1300 ctsfm2k - ok
02:00:55.0560 1300 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
02:00:55.0590 1300 d347bus ( UnsignedFile.Multi.Generic ) - warning
02:00:55.0590 1300 d347bus - detected UnsignedFile.Multi.Generic (1)
02:00:55.0660 1300 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys
02:00:55.0711 1300 d347prt ( UnsignedFile.Multi.Generic ) - warning
02:00:55.0711 1300 d347prt - detected UnsignedFile.Multi.Generic (1)
02:00:55.0761 1300 dac2w2k - ok
02:00:55.0821 1300 dac960nt - ok
02:00:55.0961 1300 DcomLaunch (5c83a4408604f737717ab96371201680) C:\WINDOWS\system32\rpcss.dll
02:00:56.0251 1300 DcomLaunch - ok
02:00:56.0341 1300 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
02:00:56.0592 1300 Dhcp - ok
02:00:56.0632 1300 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
02:00:56.0902 1300 Disk - ok
02:00:56.0932 1300 dmadmin - ok
02:00:57.0093 1300 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
02:00:57.0413 1300 dmboot - ok
02:00:57.0493 1300 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
02:00:57.0753 1300 dmio - ok
02:00:57.0824 1300 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:00:58.0134 1300 dmload - ok
02:00:58.0184 1300 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
02:00:58.0464 1300 dmserver - ok
02:00:58.0555 1300 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
02:00:58.0795 1300 DMusic - ok
02:00:58.0865 1300 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
02:00:59.0125 1300 Dnscache - ok
02:00:59.0176 1300 dpti2o - ok
02:00:59.0246 1300 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
02:00:59.0486 1300 drmkaud - ok
02:00:59.0516 1300 e5f36169 - ok
02:00:59.0606 1300 emupia (a9d94b89372f3f9609a1a5eec631a260) C:\WINDOWS\system32\drivers\emupia2k.sys
02:00:59.0646 1300 emupia - ok
02:00:59.0686 1300 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
02:00:59.0947 1300 ERSvc - ok
02:01:00.0007 1300 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
02:01:00.0397 1300 Eventlog - ok
02:01:00.0497 1300 EventSystem (acd36a2dd7d1e9d8a060aa651dc07e63) C:\WINDOWS\System32\es.dll
02:01:00.0768 1300 EventSystem - ok
02:01:00.0858 1300 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
02:01:01.0108 1300 Fastfat - ok
02:01:01.0208 1300 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
02:01:01.0489 1300 FastUserSwitchingCompatibility - ok
02:01:01.0579 1300 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
02:01:01.0829 1300 Fdc - ok
02:01:01.0899 1300 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
02:01:02.0220 1300 FETNDIS - ok
02:01:02.0310 1300 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
02:01:02.0610 1300 Fips - ok
02:01:02.0651 1300 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
02:01:02.0911 1300 Flpydisk - ok
02:01:02.0981 1300 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
02:01:03.0251 1300 FltMgr - ok
02:01:03.0301 1300 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:01:03.0622 1300 Fs_Rec - ok
02:01:03.0712 1300 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:01:04.0022 1300 Ftdisk - ok
02:01:04.0073 1300 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
02:01:04.0323 1300 gameenum - ok
02:01:04.0383 1300 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
02:01:04.0473 1300 GEARAspiWDM - ok
02:01:04.0593 1300 getPlus® Helper (35a1f815962f3552066c6be4c969d297) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
02:01:04.0653 1300 getPlus® Helper - ok
02:01:04.0713 1300 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:01:04.0964 1300 Gpc - ok
02:01:05.0124 1300 ha10kx2k (dc9847cdc43665ed4cc780947516209c) C:\WINDOWS\system32\drivers\ha10kx2k.sys
02:01:05.0204 1300 ha10kx2k - ok
02:01:05.0344 1300 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:01:05.0635 1300 helpsvc - ok
02:01:05.0665 1300 HidServ - ok
02:01:05.0725 1300 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:01:06.0045 1300 hidusb - ok
02:01:06.0075 1300 hpn - ok
02:01:06.0176 1300 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
02:01:06.0426 1300 HTTP - ok
02:01:06.0486 1300 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
02:01:06.0726 1300 HTTPFilter - ok
02:01:06.0776 1300 i2omgmt - ok
02:01:06.0837 1300 i2omp - ok
02:01:06.0927 1300 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:01:07.0167 1300 i8042prt - ok
02:01:07.0367 1300 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
02:01:07.0387 1300 IDriverT ( UnsignedFile.Multi.Generic ) - warning
02:01:07.0387 1300 IDriverT - detected UnsignedFile.Multi.Generic (1)
02:01:07.0467 1300 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:01:07.0718 1300 Imapi - ok
02:01:07.0828 1300 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
02:01:08.0088 1300 ImapiService - ok
02:01:08.0168 1300 ini910u - ok
02:01:08.0249 1300 IntelIde - ok
02:01:08.0329 1300 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:01:08.0549 1300 intelppm - ok
02:01:08.0599 1300 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
02:01:08.0829 1300 ip6fw - ok
02:01:08.0899 1300 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:01:09.0170 1300 IpFilterDriver - ok
02:01:09.0270 1300 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:01:09.0520 1300 IpInIp - ok
02:01:09.0601 1300 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:01:09.0851 1300 IpNat - ok
02:01:09.0991 1300 iPod Service (ed81ac5676fa647904c240aaadd83ca8) C:\Program Files\iPod\bin\iPodService.exe
02:01:10.0031 1300 iPod Service ( UnsignedFile.Multi.Generic ) - warning
02:01:10.0031 1300 iPod Service - detected UnsignedFile.Multi.Generic (1)
02:01:10.0121 1300 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:01:10.0382 1300 IPSec - ok
02:01:10.0432 1300 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:01:10.0672 1300 IRENUM - ok
02:01:10.0752 1300 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:01:11.0063 1300 isapnp - ok
02:01:11.0223 1300 JavaQuickStarterService (d98896a4264cdcbe77d513892e8892df) C:\Program Files\Java\jre6\bin\jqs.exe
02:01:11.0243 1300 JavaQuickStarterService ( UnsignedFile.Multi.Generic ) - warning
02:01:11.0243 1300 JavaQuickStarterService - detected UnsignedFile.Multi.Generic (1)
02:01:11.0303 1300 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:01:11.0543 1300 Kbdclass - ok
02:01:11.0623 1300 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
02:01:11.0874 1300 kmixer - ok
02:01:11.0934 1300 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
02:01:12.0194 1300 KSecDD - ok
02:01:12.0334 1300 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll
02:01:12.0565 1300 lanmanserver - ok
02:01:12.0655 1300 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS\System32\wkssvc.dll
02:01:12.0905 1300 lanmanworkstation - ok
02:01:12.0965 1300 lbrtfdc - ok
02:01:13.0116 1300 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
02:01:13.0366 1300 LmHosts - ok
02:01:13.0656 1300 MDM (498689a056809b70e4f0c6e05ea9b340) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
02:01:13.0716 1300 MDM ( UnsignedFile.Multi.Generic ) - warning
02:01:13.0716 1300 MDM - detected UnsignedFile.Multi.Generic (1)
02:01:13.0787 1300 mdmxsdk (a1e9d936eac07ee9386e87bac1377fad) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
02:01:13.0877 1300 mdmxsdk - ok
02:01:13.0937 1300 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
02:01:14.0167 1300 Messenger - ok
02:01:14.0277 1300 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
02:01:14.0307 1300 Microsoft Office Groove Audit Service - ok
02:01:14.0347 1300 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:01:14.0648 1300 mnmdd - ok
02:01:14.0748 1300 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\System32\mnmsrvc.exe
02:01:14.0998 1300 mnmsrvc - ok
02:01:15.0088 1300 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
02:01:15.0329 1300 Modem - ok
02:01:15.0409 1300 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
02:01:15.0729 1300 MODEMCSA - ok
02:01:15.0789 1300 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:01:16.0030 1300 Mouclass - ok
02:01:16.0080 1300 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:01:16.0390 1300 mouhid - ok
02:01:16.0470 1300 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
02:01:16.0731 1300 MountMgr - ok
02:01:16.0781 1300 mraid35x - ok
02:01:16.0871 1300 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:01:17.0121 1300 MRxDAV - ok
02:01:17.0272 1300 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:01:17.0542 1300 MRxSmb - ok
02:01:17.0622 1300 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\System32\msdtc.exe
02:01:17.0852 1300 MSDTC - ok
02:01:17.0942 1300 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
02:01:18.0203 1300 Msfs - ok
02:01:18.0253 1300 MSIServer - ok
02:01:18.0333 1300 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:01:18.0583 1300 MSKSSRV - ok
02:01:18.0704 1300 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:01:18.0954 1300 MSPCLOCK - ok
02:01:19.0014 1300 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
02:01:19.0284 1300 MSPQM - ok
02:01:19.0345 1300 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:01:19.0595 1300 mssmbios - ok
02:01:19.0685 1300 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
02:01:20.0005 1300 ms_mpu401 - ok
02:01:20.0066 1300 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
02:01:20.0336 1300 Mup - ok
02:01:20.0406 1300 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
02:01:20.0666 1300 NDIS - ok
02:01:20.0757 1300 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:01:21.0077 1300 NdisTapi - ok
02:01:21.0127 1300 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:01:21.0397 1300 Ndisuio - ok
02:01:21.0458 1300 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:01:21.0698 1300 NdisWan - ok
02:01:21.0788 1300 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
02:01:22.0098 1300 NDProxy - ok
02:01:22.0149 1300 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:01:22.0409 1300 NetBIOS - ok
02:01:22.0499 1300 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:01:22.0719 1300 NetBT - ok
02:01:22.0830 1300 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
02:01:23.0040 1300 NetDDE - ok
02:01:23.0100 1300 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
02:01:23.0330 1300 NetDDEdsdm - ok
02:01:23.0430 1300 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
02:01:23.0671 1300 Netlogon - ok
02:01:23.0741 1300 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
02:01:24.0001 1300 Netman - ok
02:01:24.0101 1300 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS\System32\mswsock.dll
02:01:24.0342 1300 Nla - ok
02:01:24.0562 1300 nmservice (d19952d40e7188a728d502993d37353f) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
02:01:24.0592 1300 nmservice ( UnsignedFile.Multi.Generic ) - warning
02:01:24.0592 1300 nmservice - detected UnsignedFile.Multi.Generic (1)
02:01:24.0672 1300 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
02:01:24.0923 1300 Npfs - ok
02:01:25.0073 1300 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
02:01:25.0363 1300 Ntfs - ok
02:01:25.0423 1300 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
02:01:25.0664 1300 NtLmSsp - ok
02:01:25.0764 1300 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
02:01:26.0034 1300 NtmsSvc - ok
02:01:26.0074 1300 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:01:26.0385 1300 Null - ok
02:01:26.0815 1300 nv (be10db9ad60d5814aeff31d976b99448) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:01:27.0176 1300 nv - ok
02:01:27.0366 1300 NVSvc (a3b67aa9f60533557fd9141bca9fa4a9) C:\WINDOWS\system32\nvsvc32.exe
02:01:27.0406 1300 NVSvc - ok
02:01:27.0516 1300 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:01:27.0817 1300 NwlnkFlt - ok
02:01:27.0867 1300 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:01:28.0177 1300 NwlnkFwd - ok
02:01:28.0408 1300 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:01:28.0448 1300 odserv - ok
02:01:28.0528 1300 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:01:28.0578 1300 ose - ok
02:01:28.0678 1300 ossrv (f29184bdc81c398b6027a67ff6a19895) C:\WINDOWS\system32\drivers\ctoss2k.sys
02:01:28.0718 1300 ossrv - ok
02:01:28.0848 1300 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
02:01:29.0068 1300 Parport - ok
02:01:29.0109 1300 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
02:01:29.0399 1300 PartMgr - ok
02:01:29.0469 1300 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
02:01:29.0790 1300 ParVdm - ok
02:01:29.0890 1300 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
02:01:30.0130 1300 PCI - ok
02:01:30.0200 1300 PCIDump - ok
02:01:30.0230 1300 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
02:01:30.0581 1300 PCIIde - ok
02:01:30.0671 1300 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
02:01:30.0921 1300 Pcmcia - ok
02:01:31.0071 1300 PCPitstop Scheduling (a2ac545ab59ab2a564058b9a60f6456f) C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
02:01:31.0091 1300 PCPitstop Scheduling - ok
02:01:31.0141 1300 PDCOMP - ok
02:01:31.0202 1300 PDFRAME - ok
02:01:31.0252 1300 PDRELI - ok
02:01:31.0282 1300 PDRFRAME - ok
02:01:31.0312 1300 perc2 - ok
02:01:31.0362 1300 perc2hib - ok
02:01:31.0572 1300 pgfilter (2ee7f9a01fac4d7c5516a5c3ce130fd7) C:\Program Files\PeerGuardian2\pgfilter.sys
02:01:31.0602 1300 pgfilter ( UnsignedFile.Multi.Generic ) - warning
02:01:31.0602 1300 pgfilter - detected UnsignedFile.Multi.Generic (1)
02:01:31.0662 1300 phmcd (16b9f7516ec157854be4f1f83913c553) C:\WINDOWS\system32\DRIVERS\phmcd.sys
02:01:31.0672 1300 phmcd - ok
02:01:31.0772 1300 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
02:01:32.0023 1300 PlugPlay - ok
02:01:32.0093 1300 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys
02:01:32.0133 1300 pnarp - ok
02:01:32.0163 1300 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
02:01:32.0423 1300 PolicyAgent - ok
02:01:32.0473 1300 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:01:32.0724 1300 PptpMiniport - ok
02:01:32.0784 1300 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
02:01:33.0014 1300 ProtectedStorage - ok
02:01:33.0054 1300 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
02:01:33.0315 1300 PSched - ok
02:01:33.0385 1300 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
02:01:33.0405 1300 PSI - ok
02:01:33.0465 1300 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:01:33.0765 1300 Ptilink - ok
02:01:33.0805 1300 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys
02:01:33.0835 1300 purendis - ok
02:01:33.0935 1300 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
02:01:33.0956 1300 PxHelp20 - ok
02:01:33.0976 1300 ql1080 - ok
02:01:34.0036 1300 Ql10wnt - ok
02:01:34.0066 1300 ql12160 - ok
02:01:34.0116 1300 ql1240 - ok
02:01:34.0166 1300 ql1280 - ok
02:01:34.0226 1300 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:01:34.0556 1300 RasAcd - ok
02:01:34.0616 1300 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
02:01:34.0887 1300 RasAuto - ok
02:01:34.0937 1300 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:01:35.0197 1300 Rasl2tp - ok
02:01:35.0307 1300 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
02:01:35.0568 1300 RasMan - ok
02:01:35.0638 1300 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:01:35.0888 1300 RasPppoe - ok
02:01:35.0968 1300 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:01:36.0289 1300 Raspti - ok
02:01:36.0389 1300 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:01:36.0639 1300 Rdbss - ok
02:01:36.0730 1300 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:01:37.0030 1300 RDPCDD - ok
02:01:37.0170 1300 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
02:01:37.0431 1300 RDPWD - ok
02:01:37.0521 1300 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
02:01:37.0771 1300 RDSessMgr - ok
02:01:37.0821 1300 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:01:38.0081 1300 redbook - ok
02:01:38.0152 1300 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
02:01:38.0502 1300 RemoteAccess - ok
02:01:38.0582 1300 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
02:01:38.0672 1300 RimUsb - ok
02:01:38.0742 1300 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
02:01:38.0792 1300 RimVSerPort - ok
02:01:38.0843 1300 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
02:01:39.0143 1300 ROOTMODEM - ok
02:01:39.0263 1300 Roxio UPnP Renderer 9 (afd61a7c48a3e15c86a6fadf0b69a2e4) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
02:01:39.0283 1300 Roxio UPnP Renderer 9 - ok
02:01:39.0393 1300 Roxio Upnp Server 9 (efbb36e2bb02169d26e9980778fc20d3) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
02:01:39.0433 1300 Roxio Upnp Server 9 - ok
02:01:39.0644 1300 RoxLiveShare9 (272572b93ede9d44e8330a03d1b83092) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
02:01:39.0674 1300 RoxLiveShare9 - ok
02:01:39.0854 1300 RoxMediaDB9 (6ba45db2953d0fc7c8107b2e3024cb89) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
02:01:39.0944 1300 RoxMediaDB9 - ok
02:01:40.0004 1300 RoxWatch9 (c48eabb051422eb38adc9eabd47640b9) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
02:01:40.0054 1300 RoxWatch9 - ok
02:01:40.0225 1300 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\System32\locator.exe
02:01:40.0485 1300 RpcLocator - ok
02:01:40.0645 1300 RpcSs (5c83a4408604f737717ab96371201680) C:\WINDOWS\System32\rpcss.dll
02:01:40.0916 1300 RpcSs - ok
02:01:41.0006 1300 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
02:01:41.0326 1300 RSVP - ok
02:01:41.0426 1300 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
02:01:41.0637 1300 rtl8139 - ok
02:01:41.0687 1300 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
02:01:41.0927 1300 SamSs - ok
02:01:42.0057 1300 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
02:01:42.0077 1300 SASDIFSV - ok
02:01:42.0107 1300 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
02:01:42.0127 1300 SASKUTIL - ok
02:01:42.0237 1300 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
02:01:42.0488 1300 SCardSvr - ok
02:01:42.0578 1300 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
02:01:42.0828 1300 Schedule - ok
02:01:42.0958 1300 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:01:43.0009 1300 Secdrv ( UnsignedFile.Multi.Generic ) - warning
02:01:43.0009 1300 Secdrv - detected UnsignedFile.Multi.Generic (1)
02:01:43.0059 1300 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
02:01:43.0319 1300 seclogon - ok
02:01:43.0499 1300 Secunia PSI Agent (16319d96489671faf2ac5ba70228fef9) C:\Program Files\Secunia\PSI\PSIA.exe
02:01:43.0579 1300 Secunia PSI Agent ( UnsignedFile.Multi.Generic ) - warning
02:01:43.0579 1300 Secunia PSI Agent - detected UnsignedFile.Multi.Generic (1)
02:01:43.0690 1300 Secunia Update Agent (79d03af945db492304ac40e361544311) C:\Program Files\Secunia\PSI\sua.exe
02:01:43.0720 1300 Secunia Update Agent ( UnsignedFile.Multi.Generic ) - warning
02:01:43.0720 1300 Secunia Update Agent - detected UnsignedFile.Multi.Generic (1)
02:01:43.0770 1300 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
02:01:44.0020 1300 SENS - ok
02:01:44.0130 1300 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
02:01:44.0370 1300 serenum - ok
02:01:44.0471 1300 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
02:01:44.0711 1300 Serial - ok
02:01:44.0771 1300 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:01:45.0021 1300 Sfloppy - ok
02:01:45.0112 1300 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
02:01:45.0382 1300 SharedAccess - ok
02:01:45.0482 1300 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
02:01:45.0712 1300 ShellHWDetection - ok
02:01:45.0742 1300 Simbad - ok
02:01:45.0793 1300 Sparrow - ok
02:01:45.0843 1300 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
02:01:46.0093 1300 splitter - ok
02:01:46.0153 1300 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
02:01:46.0393 1300 Spooler - ok
02:01:46.0484 1300 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
02:01:46.0714 1300 sr - ok
02:01:46.0834 1300 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
02:01:47.0074 1300 srservice - ok
02:01:47.0155 1300 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
02:01:47.0375 1300 Srv - ok
02:01:47.0455 1300 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
02:01:47.0715 1300 SSDPSRV - ok
02:01:47.0805 1300 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
02:01:48.0096 1300 stisvc - ok
02:01:48.0196 1300 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:01:48.0436 1300 swenum - ok
02:01:48.0547 1300 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
02:01:48.0867 1300 swmidi - ok
02:01:48.0917 1300 SwPrv - ok
02:01:48.0977 1300 symc810 - ok
02:01:49.0027 1300 symc8xx - ok
02:01:49.0057 1300 sym_hi - ok
02:01:49.0107 1300 sym_u3 - ok
02:01:49.0167 1300 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
02:01:49.0428 1300 sysaudio - ok
02:01:49.0528 1300 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
02:01:49.0788 1300 SysmonLog - ok
02:01:49.0888 1300 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
02:01:50.0149 1300 TapiSrv - ok
02:01:50.0249 1300 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:01:50.0529 1300 Tcpip - ok
02:01:50.0609 1300 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:01:50.0850 1300 TDPIPE - ok
02:01:50.0880 1300 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
02:01:51.0150 1300 TDTCP - ok
02:01:51.0220 1300 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:01:51.0461 1300 TermDD - ok
02:01:51.0571 1300 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
02:01:51.0791 1300 TermService - ok
02:01:51.0881 1300 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
02:01:52.0112 1300 Themes - ok
02:01:52.0162 1300 TosIde - ok
02:01:52.0252 1300 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
02:01:52.0502 1300 TrkWks - ok
02:01:52.0612 1300 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
02:01:52.0612 1300 TVICHW32 ( UnsignedFile.Multi.Generic ) - warning
02:01:52.0622 1300 TVICHW32 - detected UnsignedFile.Multi.Generic (1)
02:01:52.0672 1300 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys
02:01:52.0913 1300 uagp35 - ok
02:01:53.0013 1300 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
02:01:53.0253 1300 Udfs - ok
02:01:53.0283 1300 ultra - ok
02:01:53.0383 1300 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
02:01:53.0624 1300 Update - ok
02:01:53.0734 1300 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
02:01:53.0974 1300 upnphost - ok
02:01:54.0054 1300 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
02:01:54.0305 1300 UPS - ok
02:01:54.0415 1300 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
02:01:54.0475 1300 USBAAPL - ok
02:01:54.0565 1300 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:01:54.0806 1300 usbccgp - ok
02:01:54.0896 1300 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:01:55.0136 1300 usbehci - ok
02:01:55.0196 1300 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:01:55.0436 1300 usbhub - ok
02:01:55.0496 1300 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:01:55.0737 1300 usbprint - ok
02:01:55.0817 1300 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:01:56.0037 1300 usbscan - ok
02:01:56.0157 1300 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
02:01:56.0167 1300 usbsermpt ( UnsignedFile.Multi.Generic ) - warning
02:01:56.0167 1300 usbsermpt - detected UnsignedFile.Multi.Generic (1)
02:01:56.0248 1300 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:01:56.0488 1300 USBSTOR - ok
02:01:56.0538 1300 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:01:56.0788 1300 usbuhci - ok
02:01:56.0878 1300 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
02:01:57.0109 1300 VgaSave - ok
02:01:57.0169 1300 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
02:01:57.0399 1300 viaagp - ok
02:01:57.0429 1300 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
02:01:57.0680 1300 ViaIde - ok
02:01:57.0750 1300 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
02:01:57.0990 1300 VolSnap - ok
02:01:58.0080 1300 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
02:01:58.0341 1300 VSS - ok
02:01:58.0431 1300 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
02:01:58.0661 1300 W32Time - ok
02:01:58.0731 1300 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:01:58.0982 1300 Wanarp - ok
02:01:59.0012 1300 WDICA - ok
02:01:59.0082 1300 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
02:01:59.0342 1300 wdmaud - ok
02:01:59.0402 1300 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll
02:01:59.0652 1300 WebClient - ok
02:01:59.0813 1300 Winachcf (e3df12ce194d1da6ca7fdc0d8fbcb55e) C:\WINDOWS\system32\DRIVERS\winachcf.sys
02:01:59.0893 1300 Winachcf - ok
02:02:00.0013 1300 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
02:02:00.0253 1300 winmgmt - ok
02:02:00.0394 1300 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
02:02:00.0734 1300 WmdmPmSN - ok
02:02:00.0874 1300 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
02:02:01.0115 1300 WmiApSrv - ok
02:02:01.0335 1300 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
02:02:01.0475 1300 WMPNetworkSvc - ok
02:02:01.0575 1300 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
02:02:01.0595 1300 WpdUsb - ok
02:02:01.0695 1300 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
02:02:01.0936 1300 wscsvc - ok
02:02:01.0976 1300 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
02:02:02.0236 1300 wuauserv - ok
02:02:02.0346 1300 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:02:02.0416 1300 WudfPf - ok
02:02:02.0507 1300 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:02:02.0527 1300 WudfRd - ok
02:02:02.0607 1300 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
02:02:02.0657 1300 WudfSvc - ok
02:02:02.0767 1300 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
02:02:03.0037 1300 WZCSVC - ok
02:02:03.0107 1300 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
02:02:03.0358 1300 xmlprov - ok
02:02:03.0558 1300 YahooAUService (f2375729b44769b20a26b9c402c7e781) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
02:02:03.0598 1300 YahooAUService ( UnsignedFile.Multi.Generic ) - warning
02:02:03.0598 1300 YahooAUService - detected UnsignedFile.Multi.Generic (1)
02:02:03.0728 1300 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
02:02:04.0580 1300 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
02:02:04.0600 1300 \Device\Harddisk0\DR0 - detected TDSS File System (1)
02:02:04.0670 1300 Boot (0x1200) (4f93683189d6a4f532cdc7faa5f675b7) \Device\Harddisk0\DR0\Partition0
02:02:04.0670 1300 \Device\Harddisk0\DR0\Partition0 - ok
02:02:04.0700 1300 ============================================================
02:02:04.0700 1300 Scan finished
02:02:04.0700 1300 ============================================================
02:02:04.0880 1528 Detected object count: 17
02:02:04.0880 1528 Actual detected object count: 17
02:02:16.0667 1528 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0667 1528 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0667 1528 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0667 1528 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0747 1528 d347bus ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0747 1528 d347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0747 1528 d347prt ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0747 1528 d347prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0747 1528 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0747 1528 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0777 1528 iPod Service ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0777 1528 iPod Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0777 1528 JavaQuickStarterService ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0777 1528 JavaQuickStarterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0797 1528 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0797 1528 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0797 1528 nmservice ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0797 1528 nmservice ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0827 1528 pgfilter ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0827 1528 pgfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0827 1528 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0827 1528 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0847 1528 Secunia PSI Agent ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0847 1528 Secunia PSI Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0847 1528 Secunia Update Agent ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0847 1528 Secunia Update Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0877 1528 TVICHW32 ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0877 1528 TVICHW32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0877 1528 usbsermpt ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0877 1528 usbsermpt ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0897 1528 YahooAUService ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0897 1528 YahooAUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0897 1528 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
02:02:16.0897 1528 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

ComboFix 12-06-14.05 - Aaron 06/15/2012 2:13.12.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.766.486 [GMT -5:00]
Running from: c:\documents and settings\Aaron\Desktop\Gotcha.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\avisynth.dll
c:\windows\system32\devil.dll
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\xmldm
c:\windows\system32\xmldm\2480_FF_0000009381.key
c:\windows\system32\xmldm\2480_FF_0000009382.htm
c:\windows\system32\xmldm\2480_FF_0000009383.frm
c:\windows\system32\xmldm\2480_FF_0000009384.pst
c:\windows\system32\xmldm\2480_FF_0000009385.htm
c:\windows\system32\xmldm\2480_FF_0000009386.key
c:\windows\system32\xmldm\2480_FF_0000009387.htm
c:\windows\system32\xmldm\2480_FF_0000009388.key
c:\windows\system32\xmldm\2480_FF_0000009389.htm
c:\windows\system32\xmldm\2480_FF_0000009390.key
c:\windows\system32\xmldm\2480_FF_0000009391.htm
c:\windows\system32\xmldm\2480_FF_0000009392.key
c:\windows\system32\xmldm\2480_FF_0000009393.htm
c:\windows\system32\xmldm\2480_FF_0000009394.key
c:\windows\system32\xmldm\2480_FF_0000009395.htm
c:\windows\system32\xmldm\2480_FF_0000009396.key
c:\windows\system32\xmldm\2480_FF_0000009397.htm
c:\windows\system32\xmldm\2480_FF_0000009398.key
c:\windows\system32\xmldm\2480_FF_0000009399.htm
c:\windows\system32\xmldm\2480_FF_0000009400.key
c:\windows\system32\xmldm\2480_FF_0000009401.htm
c:\windows\system32\xmldm\2480_FF_0000009402.key
c:\windows\system32\xmldm\2480_FF_0000009403.htm
c:\windows\system32\xmldm\2480_FF_0000009404.key
c:\windows\system32\xmldm\2480_FF_0000009405.pst
c:\windows\system32\xmldm\2480_FF_0000009406_ifrm.htm
c:\windows\system32\xmldm\2480_FF_0000009407.htm
c:\windows\system32\xmldm\2480_FF_0000009408.key
c:\windows\system32\xmldm\2480_FF_0000009409.frm
c:\windows\system32\xmldm\2480_FF_0000009410.frm
c:\windows\system32\xmldm\2480_FF_0000009411.frm
c:\windows\system32\xmldm\2480_FF_0000009412.frm
c:\windows\system32\xmldm\2480_FF_0000009413.frm
c:\windows\system32\xmldm\2480_FF_0000009414.frm
c:\windows\system32\xmldm\2480_FF_0000009415.frm
c:\windows\system32\xmldm\2480_FF_0000009416.pst
c:\windows\system32\xmldm\2480_FF_0000009417.htm
c:\windows\system32\xmldm\2480_FF_0000009418.key
c:\windows\system32\xmldm\2488_FF_0000009139_ifrm.htm
c:\windows\system32\xmldm\2488_FF_0000009140_ifrm.htm
c:\windows\system32\xmldm\2488_FF_0000009141_ifrm.htm
c:\windows\system32\xmldm\2488_FF_0000009142_ifrm.htm
c:\windows\system32\xmldm\2488_FF_0000009143_ifrm.htm
c:\windows\system32\xmldm\2488_FF_0000009144_ifrm.htm
c:\windows\system32\xmldm\2488_FF_0000009145_ifrm.htm
c:\windows\system32\xmldm\2488_FF_0000009146.htm
c:\windows\system32\xmldm\2488_FF_0000009147.key
c:\windows\system32\xmldm\2488_FF_0000009148.frm
c:\windows\system32\xmldm\2596_FF_0000009571.key
c:\windows\system32\xmldm\2596_FF_0000009572.frm
c:\windows\system32\xmldm\2596_FF_0000009573.pst
c:\windows\system32\xmldm\2596_FF_0000009574.key
c:\windows\system32\xmldm\2636_FF_0000009149.key
c:\windows\system32\xmldm\2636_FF_0000009150.htm
c:\windows\system32\xmldm\2636_FF_0000009151.key
c:\windows\system32\xmldm\2636_FF_0000009152_ifrm.htm
c:\windows\system32\xmldm\2636_FF_0000009153.key
c:\windows\system32\xmldm\2636_FF_0000009154.frm
c:\windows\system32\xmldm\2636_FF_0000009155.frm
c:\windows\system32\xmldm\2636_FF_0000009156.pst
c:\windows\system32\xmldm\2636_FF_0000009157.key
c:\windows\system32\xmldm\2636_FF_0000009158.key
c:\windows\system32\xmldm\2636_FF_0000009159.frm
c:\windows\system32\xmldm\2636_FF_0000009160.frm
c:\windows\system32\xmldm\2636_FF_0000009161.key
c:\windows\system32\xmldm\2636_FF_0000009162.htm
c:\windows\system32\xmldm\2636_FF_0000009163.frm
c:\windows\system32\xmldm\2636_FF_0000009164.frm
c:\windows\system32\xmldm\2636_FF_0000009165.pst
c:\windows\system32\xmldm\2636_FF_0000009166.htm
c:\windows\system32\xmldm\2636_FF_0000009167.key
c:\windows\system32\xmldm\2636_FF_0000009168.frm
c:\windows\system32\xmldm\2636_FF_0000009169.pst
c:\windows\system32\xmldm\2636_FF_0000009170.htm
c:\windows\system32\xmldm\2636_FF_0000009171.key
c:\windows\system32\xmldm\2636_FF_0000009172.htm
c:\windows\system32\xmldm\2636_FF_0000009173.htm
c:\windows\system32\xmldm\2636_FF_0000009174.key
c:\windows\system32\xmldm\2636_FF_0000009175_ifrm.htm
c:\windows\system32\xmldm\2636_FF_0000009176.htm
c:\windows\system32\xmldm\2636_FF_0000009177.key
c:\windows\system32\xmldm\2636_FF_0000009178.frm
c:\windows\system32\xmldm\2636_FF_0000009179_ifrm.htm
c:\windows\system32\xmldm\2636_FF_0000009180.htm
c:\windows\system32\xmldm\2636_FF_0000009181.key
c:\windows\system32\xmldm\2636_FF_0000009182.frm
c:\windows\system32\xmldm\2636_FF_0000009183.htm
c:\windows\system32\xmldm\2636_FF_0000009184_ifrm.htm
c:\windows\system32\xmldm\2636_FF_0000009185.htm
c:\windows\system32\xmldm\2636_FF_0000009186.key
c:\windows\system32\xmldm\2636_FF_0000009187.frm
c:\windows\system32\xmldm\2636_FF_0000009188.htm
c:\windows\system32\xmldm\2636_FF_0000009189_ifrm.htm
c:\windows\system32\xmldm\2636_FF_0000009190.htm
c:\windows\system32\xmldm\2636_FF_0000009191.key
c:\windows\system32\xmldm\2636_FF_0000009192.frm
c:\windows\system32\xmldm\2808_FF_0000009369.htm
c:\windows\system32\xmldm\2808_FF_0000009370.key
c:\windows\system32\xmldm\3104_FF_0000009371_ifrm.htm
c:\windows\system32\xmldm\3104_FF_0000009372.htm
c:\windows\system32\xmldm\3104_FF_0000009373.key
c:\windows\system32\xmldm\3104_FF_0000009374_ifrm.htm
c:\windows\system32\xmldm\3104_FF_0000009375.key
c:\windows\system32\xmldm\3104_FF_0000009376.frm
c:\windows\system32\xmldm\3104_FF_0000009377.frm
c:\windows\system32\xmldm\3104_FF_0000009378.pst
c:\windows\system32\xmldm\3104_FF_0000009379.key
c:\windows\system32\xmldm\3104_FF_0000009380.key
c:\windows\system32\xmldm\332_FF_0000009419.key
c:\windows\system32\xmldm\332_FF_0000009420.frm
c:\windows\system32\xmldm\332_FF_0000009421.frm
c:\windows\system32\xmldm\332_FF_0000009422.pst
c:\windows\system32\xmldm\332_FF_0000009423.key
c:\windows\system32\xmldm\332_FF_0000009424.frm
c:\windows\system32\xmldm\332_FF_0000009425.frm
c:\windows\system32\xmldm\332_FF_0000009426.pst
c:\windows\system32\xmldm\332_FF_0000009427.key
c:\windows\system32\xmldm\332_FF_0000009428.frm
c:\windows\system32\xmldm\332_FF_0000009429.frm
c:\windows\system32\xmldm\332_FF_0000009430.pst
c:\windows\system32\xmldm\332_FF_0000009431.key
c:\windows\system32\xmldm\332_FF_0000009432.frm
c:\windows\system32\xmldm\332_FF_0000009433.frm
c:\windows\system32\xmldm\332_FF_0000009434.pst
c:\windows\system32\xmldm\332_FF_0000009435.key
c:\windows\system32\xmldm\332_FF_0000009436.frm
c:\windows\system32\xmldm\332_FF_0000009437.key
c:\windows\system32\xmldm\332_FF_0000009438.pst
c:\windows\system32\xmldm\332_FF_0000009439.pst
c:\windows\system32\xmldm\332_FF_0000009440.key
c:\windows\system32\xmldm\332_FF_0000009441.frm
c:\windows\system32\xmldm\332_FF_0000009442.htm
c:\windows\system32\xmldm\332_FF_0000009443.key
c:\windows\system32\xmldm\332_FF_0000009444.frm
c:\windows\system32\xmldm\332_FF_0000009445.pst
c:\windows\system32\xmldm\332_FF_0000009446.htm
c:\windows\system32\xmldm\332_FF_0000009447.key
c:\windows\system32\xmldm\332_FF_0000009448.key
c:\windows\system32\xmldm\332_FF_0000009449.frm
c:\windows\system32\xmldm\332_FF_0000009450.pst
c:\windows\system32\xmldm\332_FF_0000009451.key
c:\windows\system32\xmldm\332_FF_0000009452.frm
c:\windows\system32\xmldm\332_FF_0000009453.frm
c:\windows\system32\xmldm\332_FF_0000009454.pst
c:\windows\system32\xmldm\332_FF_0000009455.key
c:\windows\system32\xmldm\332_FF_0000009456.frm
c:\windows\system32\xmldm\332_FF_0000009457.frm
c:\windows\system32\xmldm\332_FF_0000009458.frm
c:\windows\system32\xmldm\332_FF_0000009459.pst
c:\windows\system32\xmldm\332_FF_0000009460.key
c:\windows\system32\xmldm\332_FF_0000009461.frm
c:\windows\system32\xmldm\332_FF_0000009462.frm
c:\windows\system32\xmldm\332_FF_0000009463.pst
c:\windows\system32\xmldm\332_FF_0000009464.key
c:\windows\system32\xmldm\332_FF_0000009465.frm
c:\windows\system32\xmldm\332_FF_0000009466.key
c:\windows\system32\xmldm\332_FF_0000009467.pst
c:\windows\system32\xmldm\332_FF_0000009468.pst
c:\windows\system32\xmldm\332_FF_0000009469.key
c:\windows\system32\xmldm\332_FF_0000009470.key
c:\windows\system32\xmldm\332_FF_0000009471.htm
c:\windows\system32\xmldm\332_FF_0000009472.frm
c:\windows\system32\xmldm\332_FF_0000009473.pst
c:\windows\system32\xmldm\332_FF_0000009474.key
c:\windows\system32\xmldm\332_FF_0000009475.key
c:\windows\system32\xmldm\332_FF_0000009476.key
c:\windows\system32\xmldm\332_FF_0000009477.key
c:\windows\system32\xmldm\332_FF_0000009478.key
c:\windows\system32\xmldm\332_FF_0000009479.key
c:\windows\system32\xmldm\332_FF_0000009480.key
c:\windows\system32\xmldm\332_FF_0000009481.key
c:\windows\system32\xmldm\332_FF_0000009482.key
c:\windows\system32\xmldm\332_FF_0000009483.frm
c:\windows\system32\xmldm\332_FF_0000009484.frm
c:\windows\system32\xmldm\332_FF_0000009485.frm
c:\windows\system32\xmldm\332_FF_0000009486.frm
c:\windows\system32\xmldm\332_FF_0000009487.frm
c:\windows\system32\xmldm\332_FF_0000009488.frm
c:\windows\system32\xmldm\332_FF_0000009489.frm
c:\windows\system32\xmldm\332_FF_0000009490.frm
c:\windows\system32\xmldm\332_FF_0000009491.frm
c:\windows\system32\xmldm\332_FF_0000009492.frm
c:\windows\system32\xmldm\332_FF_0000009493.frm
c:\windows\system32\xmldm\332_FF_0000009494.frm
c:\windows\system32\xmldm\332_FF_0000009495.frm
c:\windows\system32\xmldm\332_FF_0000009496.frm
c:\windows\system32\xmldm\332_FF_0000009497.frm
c:\windows\system32\xmldm\332_FF_0000009498.frm
c:\windows\system32\xmldm\332_FF_0000009499.frm
c:\windows\system32\xmldm\332_FF_0000009500.frm
c:\windows\system32\xmldm\332_FF_0000009501.frm
c:\windows\system32\xmldm\332_FF_0000009502.frm
c:\windows\system32\xmldm\332_FF_0000009503.frm
c:\windows\system32\xmldm\332_FF_0000009504.frm
c:\windows\system32\xmldm\332_FF_0000009505.frm
c:\windows\system32\xmldm\332_FF_0000009506.frm
c:\windows\system32\xmldm\332_FF_0000009507.frm
c:\windows\system32\xmldm\332_FF_0000009508.frm
c:\windows\system32\xmldm\332_FF_0000009509.frm
c:\windows\system32\xmldm\332_FF_0000009510.frm
c:\windows\system32\xmldm\332_FF_0000009511.frm
c:\windows\system32\xmldm\332_FF_0000009512.frm
c:\windows\system32\xmldm\332_FF_0000009513.frm
c:\windows\system32\xmldm\332_FF_0000009514.frm
c:\windows\system32\xmldm\332_FF_0000009515.frm
c:\windows\system32\xmldm\332_FF_0000009516.frm
c:\windows\system32\xmldm\332_FF_0000009517.frm
c:\windows\system32\xmldm\332_FF_0000009518.frm
c:\windows\system32\xmldm\332_FF_0000009519.frm
c:\windows\system32\xmldm\332_FF_0000009520.frm
c:\windows\system32\xmldm\332_FF_0000009521.frm
c:\windows\system32\xmldm\332_FF_0000009522.frm
c:\windows\system32\xmldm\332_FF_0000009523.frm
c:\windows\system32\xmldm\332_FF_0000009524.frm
c:\windows\system32\xmldm\332_FF_0000009525.frm
c:\windows\system32\xmldm\332_FF_0000009526.frm
c:\windows\system32\xmldm\332_FF_0000009527.frm
c:\windows\system32\xmldm\332_FF_0000009528.frm
c:\windows\system32\xmldm\332_FF_0000009529.frm
c:\windows\system32\xmldm\332_FF_0000009530.frm
c:\windows\system32\xmldm\332_FF_0000009531.frm
c:\windows\system32\xmldm\332_FF_0000009532.frm
c:\windows\system32\xmldm\332_FF_0000009533.frm
c:\windows\system32\xmldm\332_FF_0000009534.frm
c:\windows\system32\xmldm\332_FF_0000009535.pst
c:\windows\system32\xmldm\332_FF_0000009536.key
c:\windows\system32\xmldm\332_FF_0000009537.key
c:\windows\system32\xmldm\332_FF_0000009538.key
c:\windows\system32\xmldm\332_FF_0000009539.htm
c:\windows\system32\xmldm\332_FF_0000009540.key
c:\windows\system32\xmldm\332_FF_0000009541.htm
c:\windows\system32\xmldm\332_FF_0000009542.key
c:\windows\system32\xmldm\332_FF_0000009543_ifrm.htm
c:\windows\system32\xmldm\332_FF_0000009544.htm
c:\windows\system32\xmldm\332_FF_0000009545_ifrm.htm
c:\windows\system32\xmldm\332_FF_0000009546.key
c:\windows\system32\xmldm\332_FF_0000009547_ifrm.htm
c:\windows\system32\xmldm\332_FF_0000009548_ifrm.htm
c:\windows\system32\xmldm\332_FF_0000009549.pst
c:\windows\system32\xmldm\332_FF_0000009550_ifrm.htm
c:\windows\system32\xmldm\332_FF_0000009551.key
c:\windows\system32\xmldm\332_FF_0000009552.frm
c:\windows\system32\xmldm\332_FF_0000009553.pst
c:\windows\system32\xmldm\332_FF_0000009554_ifrm.htm
c:\windows\system32\xmldm\332_FF_0000009555.pst
c:\windows\system32\xmldm\332_FF_0000009556_ifrm.htm
c:\windows\system32\xmldm\332_FF_0000009557.key
c:\windows\system32\xmldm\332_FF_0000009558.frm
c:\windows\system32\xmldm\3328_FF_0000009197_ifrm.htm
c:\windows\system32\xmldm\3328_FF_0000009198.key
c:\windows\system32\xmldm\3328_FF_0000009199.frm
c:\windows\system32\xmldm\3328_FF_0000009200.frm
c:\windows\system32\xmldm\3328_FF_0000009201.pst
c:\windows\system32\xmldm\3328_FF_0000009202.key
c:\windows\system32\xmldm\3328_FF_0000009203.key
c:\windows\system32\xmldm\3880_FF_0000009559.key
c:\windows\system32\xmldm\3880_FF_0000009560.frm
c:\windows\system32\xmldm\3880_FF_0000009561.pst
c:\windows\system32\xmldm\3880_FF_0000009562.key
c:\windows\system32\xmldm\3880_FF_0000009563.key
c:\windows\system32\xmldm\3880_FF_0000009564.key
c:\windows\system32\xmldm\3880_FF_0000009565.key
c:\windows\system32\xmldm\3880_FF_0000009566.frm
c:\windows\system32\xmldm\3880_FF_0000009567.key
c:\windows\system32\xmldm\3880_FF_0000009568.pst
c:\windows\system32\xmldm\3880_FF_0000009569.pst
c:\windows\system32\xmldm\3880_FF_0000009570.key
c:\windows\system32\xmldm\3988_FF_0000009355.htm
c:\windows\system32\xmldm\3988_FF_0000009356.frm
c:\windows\system32\xmldm\3988_FF_0000009357.pst
c:\windows\system32\xmldm\3988_FF_0000009358.htm
c:\windows\system32\xmldm\3988_FF_0000009359.frm
c:\windows\system32\xmldm\3988_FF_0000009360.frm
c:\windows\system32\xmldm\3988_FF_0000009361.frm
c:\windows\system32\xmldm\3988_FF_0000009362.pst
c:\windows\system32\xmldm\3988_FF_0000009363.htm
c:\windows\system32\xmldm\3988_FF_0000009364.htm
c:\windows\system32\xmldm\3988_FF_0000009365.key
c:\windows\system32\xmldm\3988_FF_0000009366_ifrm.htm
c:\windows\system32\xmldm\3988_FF_0000009367.htm
c:\windows\system32\xmldm\3988_FF_0000009368.key
c:\windows\system32\xmldm\4028_FF_0000009204.htm
c:\windows\system32\xmldm\4028_FF_0000009205.key
c:\windows\system32\xmldm\4028_FF_0000009206.frm
c:\windows\system32\xmldm\4028_FF_0000009207.pst
c:\windows\system32\xmldm\4028_FF_0000009208.htm
c:\windows\system32\xmldm\4028_FF_0000009209.key
c:\windows\system32\xmldm\4028_FF_0000009210.htm
c:\windows\system32\xmldm\4028_FF_0000009211.key
c:\windows\system32\xmldm\4028_FF_0000009212.htm
c:\windows\system32\xmldm\4028_FF_0000009213.key
c:\windows\system32\xmldm\4028_FF_0000009214.htm
c:\windows\system32\xmldm\4028_FF_0000009215.key
c:\windows\system32\xmldm\4028_FF_0000009216_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009217.htm
c:\windows\system32\xmldm\4028_FF_0000009218.key
c:\windows\system32\xmldm\4028_FF_0000009219.frm
c:\windows\system32\xmldm\4028_FF_0000009220.htm
c:\windows\system32\xmldm\4028_FF_0000009221.key
c:\windows\system32\xmldm\4028_FF_0000009222.frm
c:\windows\system32\xmldm\4028_FF_0000009223.pst
c:\windows\system32\xmldm\4028_FF_0000009224.htm
c:\windows\system32\xmldm\4028_FF_0000009225.key
c:\windows\system32\xmldm\4028_FF_0000009226.htm
c:\windows\system32\xmldm\4028_FF_0000009227.key
c:\windows\system32\xmldm\4028_FF_0000009228.htm
c:\windows\system32\xmldm\4028_FF_0000009229.key
c:\windows\system32\xmldm\4028_FF_0000009230.htm
c:\windows\system32\xmldm\4028_FF_0000009231.key
c:\windows\system32\xmldm\4028_FF_0000009232_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009233.htm
c:\windows\system32\xmldm\4028_FF_0000009234.key
c:\windows\system32\xmldm\4028_FF_0000009235.frm
c:\windows\system32\xmldm\4028_FF_0000009236.pst
c:\windows\system32\xmldm\4028_FF_0000009237_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009238.htm
c:\windows\system32\xmldm\4028_FF_0000009239.key
c:\windows\system32\xmldm\4028_FF_0000009240.frm
c:\windows\system32\xmldm\4028_FF_0000009241.htm
c:\windows\system32\xmldm\4028_FF_0000009242.key
c:\windows\system32\xmldm\4028_FF_0000009243_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009244_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009245.htm
c:\windows\system32\xmldm\4028_FF_0000009246.key
c:\windows\system32\xmldm\4028_FF_0000009247.frm
c:\windows\system32\xmldm\4028_FF_0000009248_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009249_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009250.htm
c:\windows\system32\xmldm\4028_FF_0000009251.key
c:\windows\system32\xmldm\4028_FF_0000009252_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009253_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009254.htm
c:\windows\system32\xmldm\4028_FF_0000009255.key
c:\windows\system32\xmldm\4028_FF_0000009256_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009257_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009258.htm
c:\windows\system32\xmldm\4028_FF_0000009259.key
c:\windows\system32\xmldm\4028_FF_0000009260_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009261.htm
c:\windows\system32\xmldm\4028_FF_0000009262.key
c:\windows\system32\xmldm\4028_FF_0000009263.frm
c:\windows\system32\xmldm\4028_FF_0000009264_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009265_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009266.htm
c:\windows\system32\xmldm\4028_FF_0000009267.key
c:\windows\system32\xmldm\4028_FF_0000009268.frm
c:\windows\system32\xmldm\4028_FF_0000009269_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009270_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009271.key
c:\windows\system32\xmldm\4028_FF_0000009272.htm
c:\windows\system32\xmldm\4028_FF_0000009273.frm
c:\windows\system32\xmldm\4028_FF_0000009274.frm
c:\windows\system32\xmldm\4028_FF_0000009275.frm
c:\windows\system32\xmldm\4028_FF_0000009276_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009277_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009278.htm
c:\windows\system32\xmldm\4028_FF_0000009279.key
c:\windows\system32\xmldm\4028_FF_0000009280.frm
c:\windows\system32\xmldm\4028_FF_0000009281_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009282_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009283.htm
c:\windows\system32\xmldm\4028_FF_0000009284.key
c:\windows\system32\xmldm\4028_FF_0000009285.frm
c:\windows\system32\xmldm\4028_FF_0000009286.pst
c:\windows\system32\xmldm\4028_FF_0000009287.htm
c:\windows\system32\xmldm\4028_FF_0000009288.key
c:\windows\system32\xmldm\4028_FF_0000009289.key
c:\windows\system32\xmldm\4028_FF_0000009290.htm
c:\windows\system32\xmldm\4028_FF_0000009291.htm
c:\windows\system32\xmldm\4028_FF_0000009292.htm
c:\windows\system32\xmldm\4028_FF_0000009293.key
c:\windows\system32\xmldm\4028_FF_0000009294.htm
c:\windows\system32\xmldm\4028_FF_0000009295.key
c:\windows\system32\xmldm\4028_FF_0000009296_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009297_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009298.htm
c:\windows\system32\xmldm\4028_FF_0000009299.key
c:\windows\system32\xmldm\4028_FF_0000009300.frm
c:\windows\system32\xmldm\4028_FF_0000009301_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009302_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009303.htm
c:\windows\system32\xmldm\4028_FF_0000009304.key
c:\windows\system32\xmldm\4028_FF_0000009305_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009306.htm
c:\windows\system32\xmldm\4028_FF_0000009307.key
c:\windows\system32\xmldm\4028_FF_0000009308.frm
c:\windows\system32\xmldm\4028_FF_0000009309.frm
c:\windows\system32\xmldm\4028_FF_0000009310.frm
c:\windows\system32\xmldm\4028_FF_0000009311.pst
c:\windows\system32\xmldm\4028_FF_0000009312_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009313_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009314.htm
c:\windows\system32\xmldm\4028_FF_0000009315.key
c:\windows\system32\xmldm\4028_FF_0000009316.frm
c:\windows\system32\xmldm\4028_FF_0000009317_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009318_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009319.htm
c:\windows\system32\xmldm\4028_FF_0000009320.key
c:\windows\system32\xmldm\4028_FF_0000009321_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009322_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009323.htm
c:\windows\system32\xmldm\4028_FF_0000009324.key
c:\windows\system32\xmldm\4028_FF_0000009325_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009326.frm
c:\windows\system32\xmldm\4028_FF_0000009327.frm
c:\windows\system32\xmldm\4028_FF_0000009328.pst
c:\windows\system32\xmldm\4028_FF_0000009329_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009330_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009331.htm
c:\windows\system32\xmldm\4028_FF_0000009332.key
c:\windows\system32\xmldm\4028_FF_0000009333.frm
c:\windows\system32\xmldm\4028_FF_0000009334_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009335_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009336.htm
c:\windows\system32\xmldm\4028_FF_0000009337.key
c:\windows\system32\xmldm\4028_FF_0000009338_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009339_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009340.htm
c:\windows\system32\xmldm\4028_FF_0000009341.key
c:\windows\system32\xmldm\4028_FF_0000009342_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009343.frm
c:\windows\system32\xmldm\4028_FF_0000009344.pst
c:\windows\system32\xmldm\4028_FF_0000009345_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009346_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009347.htm
c:\windows\system32\xmldm\4028_FF_0000009348.key
c:\windows\system32\xmldm\4028_FF_0000009349.frm
c:\windows\system32\xmldm\456_FF_0000009193_ifrm.htm
c:\windows\system32\xmldm\456_FF_0000009194_ifrm.htm
c:\windows\system32\xmldm\456_FF_0000009195_ifrm.htm
c:\windows\system32\xmldm\456_FF_0000009196_ifrm.htm
c:\windows\system32\xmldm\684_FF_0000009350.key
c:\windows\system32\xmldm\684_FF_0000009351.frm
c:\windows\system32\xmldm\684_FF_0000009352.frm
c:\windows\system32\xmldm\684_FF_0000009353_ifrm.htm
c:\windows\system32\xmldm\684_FF_0000009354_ifrm.htm
c:\windows\system32\xmldm\912_FF_0000009132_ifrm.htm
c:\windows\system32\xmldm\912_FF_0000009133.key
c:\windows\system32\xmldm\912_FF_0000009134.frm
c:\windows\system32\xmldm\912_FF_0000009135.frm
c:\windows\system32\xmldm\912_FF_0000009136.pst
c:\windows\system32\xmldm\912_FF_0000009137.key
c:\windows\system32\xmldm\912_FF_0000009138.key
.
Infected copy of c:\windows\system32\msiexec.exe was found and disinfected
Restored copy from - c:\windows\$MSI31Uninstall_KB893803v2$\msiexec.exe
.
Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\wuauclt.exe
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . . . is infected!!
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\iPod\bin\iPodService.exe . . . is infected!!
c:\program files\iPod\bin\iPodService.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Java\jre6\bin\jqs.exe . . . is infected!!
c:\program files\Java\jre6\bin\jqs.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe . . . is infected!!
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe . . . is infected!!
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Secunia\PSI\PSIA.exe . . . is infected!!
c:\program files\Secunia\PSI\PSIA.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Secunia\PSI\sua.exe . . . is infected!!
c:\program files\Secunia\PSI\sua.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe . . . is infected!!
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe . . . was deleted!! You should re-install the program it pertains to
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 06:55 . 2012-06-15 06:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-15 06:23 . 2012-06-15 06:23 -------- d-----w- C:\_OTL
2012-06-04 23:39 . 2012-06-04 23:39 54016 ----a-w- c:\windows\system32\drivers\lkkjeunt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 06:57 . 2002-08-29 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-04 20:56 . 2009-06-23 03:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-16 20:45 . 2009-09-16 20:45 13056 ----a-w- c:\program files\Common Files\ogehumym.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-08_21.04.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-14 19:09 . 2011-05-10 13:06 42496 c:\windows\system32\ReinstallBackups\0007\DriverFiles\usbaapl.sys
- 2002-08-29 12:00 . 2011-04-08 23:32 59440 c:\windows\system32\perfc009.dat
+ 2002-08-29 12:00 . 2012-04-01 14:13 59440 c:\windows\system32\perfc009.dat
+ 2002-08-29 12:00 . 2004-08-04 05:56 77312 c:\windows\system32\msiexec.exe
+ 2011-12-14 19:09 . 2011-05-10 13:06 42496 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaapl.sys
+ 2011-12-14 19:09 . 2011-05-10 13:06 18432 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\netaapl.sys
+ 2011-08-31 05:05 . 2011-08-31 05:05 73064 c:\windows\system32\dnssd.dll
+ 2011-08-31 05:05 . 2011-08-31 05:05 83816 c:\windows\system32\dns-sd.exe
+ 2007-02-11 22:15 . 2012-06-13 19:09 4036 c:\windows\system32\d3d9caps.dat
- 2007-02-11 22:15 . 2011-08-08 20:01 4036 c:\windows\system32\d3d9caps.dat
+ 2011-05-14 07:17 . 2011-05-14 07:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 07:12 . 2011-05-14 07:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 07:11 . 2011-05-14 07:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
- 2002-08-29 12:00 . 2011-04-08 23:32 395200 c:\windows\system32\perfh009.dat
+ 2002-08-29 12:00 . 2012-04-01 14:13 395200 c:\windows\system32\perfh009.dat
+ 2011-08-31 05:05 . 2011-08-31 05:05 178536 c:\windows\system32\dnssdX.dll
+ 2011-12-14 20:14 . 2011-12-14 20:14 380928 c:\windows\Installer\{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}\iTunesIco.exe
+ 2011-12-14 19:09 . 2011-05-10 13:06 4517664 c:\windows\system32\ReinstallBackups\0007\DriverFiles\usbaaplrc.dll
+ 2011-12-14 19:09 . 2011-05-10 13:06 4517664 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaaplrc.dll
+ 2011-12-14 19:09 . 2010-04-20 01:29 1461992 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\wdfcoinstaller01009.dll
+ 2011-12-14 19:09 . 2011-12-14 19:09 1717248 c:\windows\Installer\574d99.msi
+ 2011-12-14 19:07 . 2011-12-14 19:07 2002432 c:\windows\Installer\574d3f.msi
+ 2011-12-14 19:02 . 2011-12-14 19:02 1530368 c:\windows\Installer\574cf3.msi
+ 2011-12-14 20:14 . 2011-12-14 20:14 5651456 c:\windows\Installer\28c58e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"="c:\program files\Real\RealOne Player\realplay.exe" [2006-07-15 1003520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-15 151597]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"FLMOFFICE4DMOUSE"="c:\program files\Micro Innovations\Optical Scroll\mouse32a.exe" [2006-09-23 356352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin F6D4050 Enhanced Wireless USB Adapter Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin F6D4050 Enhanced Wireless USB Adapter Utility.lnk
backup=c:\windows\pss\Belkin F6D4050 Enhanced Wireless USB Adapter Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast!AVSControlService"=2 (0x2)
"avast!Antivirus"=2 (0x2)
"XobniService"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"ASKService"=2 (0x2)
"YahooAUService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Secunia Update Agent"=2 (0x2)
"Secunia PSI Agent"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"IDriverT"=3 (0x3)
"getPlus® Helper"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Documents and Settings\\Aaron\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2/1/2010 8:31 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2/1/2010 8:31 PM 5248]
R0 phmcd;phmcd;c:\windows\system32\drivers\phmcd.sys [4/8/2008 1:41 PM 44696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
S1 e5f36169;e5f36169;c:\windows\system32\drivers\e5f36169.sys --> c:\windows\system32\drivers\e5f36169.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [7/20/2009 11:22 PM 90352]
S4 Secunia PSI Agent;Secunia PSI Agent;"c:\program files\Secunia\PSI\PSIA.exe" --start-service --> c:\program files\Secunia\PSI\PSIA.exe [?]
S4 Secunia Update Agent;Secunia Update Agent;"c:\program files\Secunia\PSI\sua.exe" --start-service --> c:\program files\Secunia\PSI\sua.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1580818891-1060284298-1004Core.job
- c:\documents and settings\Aaron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-08 21:28]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1580818891-1060284298-1004UA.job
- c:\documents and settings\Aaron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-08 21:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: aol.com\free
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: JavaString Helper: {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - c:\windows\system32\5017
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Aaron\Application Data\Move Networks
FF - Ext: JavaString Helper: {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - c:\windows\system32\5017
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-36506585.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-15 02:30
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&2????wd??w????????\???\??????????????w-??w\???\???????pI`[email protected]?\???\??????s????\??????s\????&2?A??s?&[email protected]?x???`|?w\[email protected]
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1801674531-1580818891-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{660F3A60-2CC8-29F5-9985-3A8379FFC639}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2120)
c:\windows\system32\msi.dll
c:\program files\Micro Innovations\Optical Scroll\MOUDL32A.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Real\Update_OB\realevent.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-06-15 02:37:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 07:37
ComboFix2.txt 2011-08-08 21:11
ComboFix3.txt 2011-05-25 01:16
ComboFix4.txt 2011-05-19 05:26
ComboFix5.txt 2012-06-15 07:10
.
Pre-Run: 6,948,990,976 bytes free
Post-Run: 6,934,331,392 bytes free
.
- - End Of File - - 4E28FBB56E689ED13D3919DE859ACC5B
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there has been a minor bug with Combofix. Delete the current copy from your desktop and download a fresh one... No need to rename this time

But first re-run TDSSKiller with the same parameters, and when you get the following select delete:

\Device\Harddisk0\DR0 ( TDSS File System )

Then run OTL

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    ipconfig /flushdns /c
    c:\program files\Common Files\ogehumym.exe

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


As you may have noticed from the combofix log several infected files were delete which will necessitate the reinstallation of the following programmes :

Pure Networks Shared
Secunia
Java
iPod
Apple\Mobile Device Support


Finally a new combofix run

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
Aaron2007

Aaron2007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I apoligize for the delay, well my computer will still not allow me to delete the original combofix. It is still saying I do not have the appropriate permissions to do so, but here are the logs.


OTL logfile created on: 6/15/2012 3:20:14 PM - Run 3
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Aaron\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.42 Mb Total Physical Memory | 496.50 Mb Available Physical Memory | 64.78% Memory free
2.02 Gb Paging File | 1.85 Gb Available in Paging File | 91.19% Paging File free
Paging file location(s): C:\pagefile.sys 1350 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.26 Gb Total Space | 6.49 Gb Free Space | 11.34% Space Free | Partition Type: NTFS

Computer Name: AARON-H612E60RG | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/14 00:11:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aaron\Desktop\OTL.exe
PRC - [2010/03/31 21:03:19 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/12/14 09:29:00 | 000,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2006/09/22 23:18:13 | 000,356,352 | ---- | M] () -- C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe
PRC - [2006/07/14 22:37:55 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/07/14 22:37:55 | 000,053,293 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realevent.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/10 12:48:03 | 000,150,480 | ---- | M] () -- C:\WINDOWS\system32\5017\components\AcroFF017.dll
MOD - [2006/09/22 23:18:13 | 000,356,352 | ---- | M] () -- C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe
MOD - [2006/09/22 23:18:13 | 000,073,728 | ---- | M] () -- C:\Program Files\Micro Innovations\Optical Scroll\mouDL32A.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/26 15:29:24 | 000,090,352 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/03/03 14:53:32 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\e5f36169.sys -- (e5f36169)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Gotcha\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- -- (Beep)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/12/12 18:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/11/06 00:13:33 | 000,044,696 | ---- | M] (Phantombility, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\phmcd.sys -- (phmcd)
DRV - [2007/02/18 11:56:38 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/01/30 01:16:42 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2004/08/22 17:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 17:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)
DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/07/24 00:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/18 21:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/18 21:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/18 21:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/18 21:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/18 21:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/18 21:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2002/04/30 04:17:54 | 000,917,988 | R--- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winachcf.sys -- (Winachcf)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/flashplayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Aaron\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Aaron\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\firefox\extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5017 [2011/06/10 12:48:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/03 18:46:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 12:33:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Aaron\Application Data\Move Networks [2009/11/14 14:24:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5017 [2011/06/10 12:48:03 | 000,000,000 | ---D | M]

[2011/01/03 02:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Extensions
[2011/01/03 02:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Extensions\[email protected]
[2012/06/15 01:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\extensions
[2009/05/21 13:07:03 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/11/29 03:04:42 | 000,000,000 | ---D | M] ("BitDefender QuickScanner") -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(2)
[2008/12/12 13:23:54 | 000,002,158 | -H-- | M] () -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\searchplugins\MySpace.xml
[2012/06/15 01:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/14 14:24:37 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\AARON\APPLICATION DATA\MOVE NETWORKS
[2009/07/05 01:19:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/10 12:48:03 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5017

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealOne Player Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: getPlus for Adobe 15235 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Aaron\Application Data\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/15 15:14:16 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe ()
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [RealPlayer] C:\Program Files\Real\RealOne Player\realplay.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.micr...9E3A1BC/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} https://activation.a...aller_2-0-0.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1248838524406 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8ffbe65d-2c9c-4669-84bd-5829dc0b603c} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40D07D27-6BC4-4866-971E-D1050AE8A92E}: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{557019BA-570F-494C-8F4D-72862B87EFB0}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/13 02:10:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 02:38:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/15 02:38:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2012/06/15 02:37:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/06/15 01:55:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/15 01:32:50 | 002,127,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Aaron\Desktop\tdsskiller.exe
[2012/06/15 01:23:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/14 00:13:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Aaron\Desktop\aswMBR.exe
[2012/06/14 00:11:15 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aaron\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2012/06/15 15:15:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/15 15:14:50 | 000,025,296 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-00000009-00001102-00000002-80651102}.rfx
[2012/06/15 15:14:50 | 000,025,296 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-00000009-00001102-00000002-80651102}.rfx
[2012/06/15 15:14:50 | 000,016,516 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-00000009-00001102-00000002-80651102}.rfx
[2012/06/15 15:14:50 | 000,016,516 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-00000009-00001102-00000002-80651102}.rfx
[2012/06/15 15:14:50 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/06/15 15:14:50 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/06/15 15:14:50 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-80651102}.dat
[2012/06/15 15:14:50 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-00000009-00001102-00000002-80651102}.dat
[2012/06/15 15:14:16 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/06/15 15:10:05 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1580818891-1060284298-1004UA.job
[2012/06/15 01:33:02 | 002,127,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Aaron\Desktop\tdsskiller.exe
[2012/06/15 01:00:52 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/14 00:43:15 | 000,086,528 | ---- | M] () -- C:\Documents and Settings\Aaron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/14 00:40:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Aaron\Desktop\MBR.dat
[2012/06/14 00:13:48 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Aaron\Desktop\aswMBR.exe
[2012/06/14 00:11:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aaron\Desktop\OTL.exe
[2012/06/14 00:10:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1580818891-1060284298-1004Core.job
[2012/06/13 14:09:44 | 000,004,036 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/11 22:11:41 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/11 22:11:39 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Aaron\Desktop\Google Chrome.lnk
[2012/06/04 18:39:03 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\lkkjeunt.sys
[2012/06/02 15:38:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/06/14 00:40:18 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Aaron\Desktop\MBR.dat
[2012/06/04 18:39:03 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\lkkjeunt.sys
[2012/06/02 15:38:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

========== LOP Check ==========

[2010/12/31 00:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\.anomos
[2007/01/01 20:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\acccore
[2006/07/13 13:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Aim
[2009/08/13 01:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Any Video Converter
[2012/06/13 20:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Azureus
[2011/10/08 13:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\FrostWire
[2010/02/01 22:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\iWin
[2010/08/21 23:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Leawo
[2009/11/29 03:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Lionhead Studios
[2009/07/12 21:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\LPECommon
[2006/08/07 15:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\LucasArts
[2011/12/04 03:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\MP3Rocket
[2009/11/29 03:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\My Games
[2009/06/18 00:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Opera
[2011/01/03 02:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Philips
[2011/01/03 02:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Philips-Songbird
[2009/11/29 01:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\QuickScan
[2009/03/21 02:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Research In Motion
[2009/11/07 12:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\uTorrent
[2007/01/11 16:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Viewpoint
[2009/09/09 14:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/02/07 19:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/09/10 13:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chit Chat For Facebook
[2009/11/29 03:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lionhead Studios
[2011/04/22 20:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oracle
[2009/12/16 02:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/04/22 20:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/05/02 10:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/15 13:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/06/21 23:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/12 01:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

========== Purity Check ==========



< End of report >

15:09:16.0132 1468 TDSS rootkit removing tool 2.7.39.0 Jun 14 2012 08:11:46
15:09:19.0196 1468 ============================================================
15:09:19.0196 1468 Current date / time: 2012/06/15 15:09:19.0196
15:09:19.0196 1468 SystemInfo:
15:09:19.0196 1468
15:09:19.0196 1468 OS Version: 5.1.2600 ServicePack: 2.0
15:09:19.0196 1468 Product type: Workstation
15:09:19.0196 1468 ComputerName: AARON-H612E60RG
15:09:19.0196 1468 UserName: Aaron
15:09:19.0196 1468 Windows directory: C:\WINDOWS
15:09:19.0196 1468 System windows directory: C:\WINDOWS
15:09:19.0196 1468 Processor architecture: Intel x86
15:09:19.0196 1468 Number of processors: 1
15:09:19.0196 1468 Page size: 0x1000
15:09:19.0196 1468 Boot type: Normal boot
15:09:19.0196 1468 ============================================================
15:09:22.0331 1468 Drive \Device\Harddisk0\DR0 - Size: 0xE51424000 (57.27 Gb), SectorSize: 0x200, Cylinders: 0x1D34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:09:22.0331 1468 ============================================================
15:09:22.0331 1468 \Device\Harddisk0\DR0:
15:09:22.0331 1468 MBR partitions:
15:09:22.0331 1468 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7285D34
15:09:22.0331 1468 ============================================================
15:09:22.0401 1468 C: <-> \Device\Harddisk0\DR0\Partition0
15:09:22.0421 1468 ============================================================
15:09:22.0421 1468 Initialize success
15:09:22.0421 1468 ============================================================
15:09:29.0641 1460 ============================================================
15:09:29.0641 1460 Scan started
15:09:29.0641 1460 Mode: Manual; SigCheck; TDLFS;
15:09:29.0641 1460 ============================================================
15:09:30.0072 1460 Abiosdsk - ok
15:09:30.0132 1460 abp480n5 - ok
15:09:30.0252 1460 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:09:32.0445 1460 ACPI - ok
15:09:32.0495 1460 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:09:32.0786 1460 ACPIEC - ok
15:09:32.0836 1460 adpu160m - ok
15:09:32.0956 1460 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
15:09:33.0246 1460 aec - ok
15:09:33.0316 1460 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:09:33.0406 1460 AegisP ( UnsignedFile.Multi.Generic ) - warning
15:09:33.0406 1460 AegisP - detected UnsignedFile.Multi.Generic (1)
15:09:33.0477 1460 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
15:09:33.0737 1460 AFD - ok
15:09:33.0767 1460 Aha154x - ok
15:09:33.0817 1460 aic78u2 - ok
15:09:33.0867 1460 aic78xx - ok
15:09:33.0927 1460 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
15:09:34.0218 1460 Alerter - ok
15:09:34.0258 1460 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
15:09:34.0548 1460 ALG - ok
15:09:34.0598 1460 AliIde - ok
15:09:34.0668 1460 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
15:09:34.0919 1460 AmdK7 - ok
15:09:34.0949 1460 amsint - ok
15:09:35.0069 1460 Apple Mobile Device - ok
15:09:35.0119 1460 AppMgmt - ok
15:09:35.0169 1460 asc - ok
15:09:35.0229 1460 asc3350p - ok
15:09:35.0269 1460 asc3550 - ok
15:09:35.0449 1460 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:09:35.0499 1460 aspnet_state - ok
15:09:35.0560 1460 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:09:35.0830 1460 AsyncMac - ok
15:09:35.0930 1460 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:09:36.0190 1460 atapi - ok
15:09:36.0241 1460 Atdisk - ok
15:09:36.0311 1460 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:09:36.0581 1460 Atmarpc - ok
15:09:36.0631 1460 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
15:09:36.0891 1460 AudioSrv - ok
15:09:36.0982 1460 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:09:37.0272 1460 audstub - ok
15:09:37.0322 1460 Beep - ok
15:09:37.0452 1460 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
15:09:37.0753 1460 BITS - ok
15:09:37.0853 1460 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:09:37.0893 1460 Bonjour Service - ok
15:09:37.0973 1460 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
15:09:38.0233 1460 Browser - ok
15:09:38.0263 1460 catchme - ok
15:09:38.0334 1460 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:09:38.0704 1460 cbidf2k - ok
15:09:38.0724 1460 cd20xrnt - ok
15:09:38.0794 1460 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:09:39.0125 1460 Cdaudio - ok
15:09:39.0205 1460 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
15:09:39.0445 1460 Cdfs - ok
15:09:39.0515 1460 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:09:39.0766 1460 Cdrom - ok
15:09:39.0816 1460 Changer - ok
15:09:39.0886 1460 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
15:09:40.0156 1460 CiSvc - ok
15:09:40.0226 1460 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
15:09:40.0487 1460 ClipSrv - ok
15:09:40.0537 1460 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:09:40.0597 1460 clr_optimization_v2.0.50727_32 - ok
15:09:40.0617 1460 CmdIde - ok
15:09:40.0667 1460 COMSysApp - ok
15:09:40.0747 1460 Cpqarray - ok
15:09:40.0817 1460 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
15:09:41.0088 1460 CryptSvc - ok
15:09:41.0178 1460 ctac32k (4b6096745f72b4fd36514617e2ea5d37) C:\WINDOWS\system32\drivers\ctac32k.sys
15:09:41.0268 1460 ctac32k - ok
15:09:41.0458 1460 ctaud2k (3576ec792347ed15699f6d830e0f5437) C:\WINDOWS\system32\drivers\ctaud2k.sys
15:09:41.0578 1460 ctaud2k - ok
15:09:41.0658 1460 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
15:09:41.0969 1460 ctljystk - ok
15:09:42.0009 1460 ctprxy2k (097d42574e3c6d98cd5a2ee7647fa6bf) C:\WINDOWS\system32\drivers\ctprxy2k.sys
15:09:42.0079 1460 ctprxy2k - ok
15:09:42.0149 1460 ctsfm2k (c58a2507ef62b20b9bd670c666088b50) C:\WINDOWS\system32\drivers\ctsfm2k.sys
15:09:42.0189 1460 ctsfm2k - ok
15:09:42.0249 1460 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
15:09:42.0299 1460 d347bus ( UnsignedFile.Multi.Generic ) - warning
15:09:42.0299 1460 d347bus - detected UnsignedFile.Multi.Generic (1)
15:09:42.0329 1460 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys
15:09:42.0389 1460 d347prt ( UnsignedFile.Multi.Generic ) - warning
15:09:42.0389 1460 d347prt - detected UnsignedFile.Multi.Generic (1)
15:09:42.0419 1460 dac2w2k - ok
15:09:42.0470 1460 dac960nt - ok
15:09:42.0590 1460 DcomLaunch (5c83a4408604f737717ab96371201680) C:\WINDOWS\system32\rpcss.dll
15:09:42.0870 1460 DcomLaunch - ok
15:09:42.0930 1460 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
15:09:43.0181 1460 Dhcp - ok
15:09:43.0231 1460 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
15:09:43.0511 1460 Disk - ok
15:09:43.0541 1460 dmadmin - ok
15:09:43.0701 1460 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
15:09:44.0002 1460 dmboot - ok
15:09:44.0062 1460 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
15:09:44.0312 1460 dmio - ok
15:09:44.0382 1460 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:09:44.0733 1460 dmload - ok
15:09:44.0783 1460 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
15:09:45.0043 1460 dmserver - ok
15:09:45.0133 1460 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
15:09:45.0394 1460 DMusic - ok
15:09:45.0484 1460 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
15:09:45.0744 1460 Dnscache - ok
15:09:45.0774 1460 dpti2o - ok
15:09:45.0844 1460 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
15:09:46.0095 1460 drmkaud - ok
15:09:46.0145 1460 e5f36169 - ok
15:09:46.0245 1460 emupia (a9d94b89372f3f9609a1a5eec631a260) C:\WINDOWS\system32\drivers\emupia2k.sys
15:09:46.0285 1460 emupia - ok
15:09:46.0355 1460 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
15:09:46.0615 1460 ERSvc - ok
15:09:46.0716 1460 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
15:09:46.0966 1460 Eventlog - ok
15:09:47.0036 1460 EventSystem (acd36a2dd7d1e9d8a060aa651dc07e63) C:\WINDOWS\System32\es.dll
15:09:47.0296 1460 EventSystem - ok
15:09:47.0357 1460 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
15:09:47.0617 1460 Fastfat - ok
15:09:47.0707 1460 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
15:09:47.0967 1460 FastUserSwitchingCompatibility - ok
15:09:48.0017 1460 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:09:48.0288 1460 Fdc - ok
15:09:48.0318 1460 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
15:09:48.0678 1460 FETNDIS - ok
15:09:48.0719 1460 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
15:09:49.0049 1460 Fips - ok
15:09:49.0109 1460 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:09:49.0359 1460 Flpydisk - ok
15:09:49.0450 1460 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
15:09:49.0700 1460 FltMgr - ok
15:09:49.0740 1460 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:09:50.0060 1460 Fs_Rec - ok
15:09:50.0121 1460 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:09:50.0441 1460 Ftdisk - ok
15:09:50.0491 1460 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
15:09:50.0741 1460 gameenum - ok
15:09:50.0761 1460 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:09:50.0862 1460 GEARAspiWDM - ok
15:09:50.0982 1460 getPlus® Helper (35a1f815962f3552066c6be4c969d297) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
15:09:51.0002 1460 getPlus® Helper - ok
15:09:51.0052 1460 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:09:51.0312 1460 Gpc - ok
15:09:51.0482 1460 ha10kx2k (dc9847cdc43665ed4cc780947516209c) C:\WINDOWS\system32\drivers\ha10kx2k.sys
15:09:51.0573 1460 ha10kx2k - ok
15:09:51.0673 1460 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:09:51.0923 1460 helpsvc - ok
15:09:51.0953 1460 HidServ - ok
15:09:52.0023 1460 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:09:52.0334 1460 hidusb - ok
15:09:52.0364 1460 hpn - ok
15:09:52.0454 1460 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
15:09:52.0694 1460 HTTP - ok
15:09:52.0744 1460 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
15:09:52.0985 1460 HTTPFilter - ok
15:09:53.0015 1460 i2omgmt - ok
15:09:53.0065 1460 i2omp - ok
15:09:53.0135 1460 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:09:53.0385 1460 i8042prt - ok
15:09:53.0525 1460 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:09:53.0555 1460 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:09:53.0555 1460 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:09:53.0606 1460 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:09:53.0876 1460 Imapi - ok
15:09:53.0946 1460 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
15:09:54.0206 1460 ImapiService - ok
15:09:54.0287 1460 ini910u - ok
15:09:54.0387 1460 IntelIde - ok
15:09:54.0457 1460 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:09:54.0707 1460 intelppm - ok
15:09:54.0777 1460 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
15:09:55.0008 1460 ip6fw - ok
15:09:55.0078 1460 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:09:55.0418 1460 IpFilterDriver - ok
15:09:55.0458 1460 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:09:55.0709 1460 IpInIp - ok
15:09:55.0779 1460 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:09:56.0019 1460 IpNat - ok
15:09:56.0089 1460 iPod Service - ok
15:09:56.0219 1460 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:09:56.0480 1460 IPSec - ok
15:09:56.0520 1460 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:09:56.0750 1460 IRENUM - ok
15:09:56.0810 1460 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:09:57.0131 1460 isapnp - ok
15:09:57.0221 1460 JavaQuickStarterService - ok
15:09:57.0301 1460 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:09:57.0511 1460 Kbdclass - ok
15:09:57.0601 1460 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
15:09:57.0852 1460 kmixer - ok
15:09:57.0902 1460 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
15:09:58.0152 1460 KSecDD - ok
15:09:58.0212 1460 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll
15:09:58.0473 1460 lanmanserver - ok
15:09:58.0553 1460 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS\System32\wkssvc.dll
15:09:58.0793 1460 lanmanworkstation - ok
15:09:58.0823 1460 lbrtfdc - ok
15:09:58.0933 1460 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
15:09:59.0194 1460 LmHosts - ok
15:09:59.0274 1460 MDM - ok
15:09:59.0334 1460 mdmxsdk (a1e9d936eac07ee9386e87bac1377fad) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:09:59.0474 1460 mdmxsdk - ok
15:09:59.0524 1460 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
15:09:59.0784 1460 Messenger - ok
15:09:59.0905 1460 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:09:59.0935 1460 Microsoft Office Groove Audit Service - ok
15:09:59.0995 1460 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:10:00.0415 1460 mnmdd - ok
15:10:00.0596 1460 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\System32\mnmsrvc.exe
15:10:00.0946 1460 mnmsrvc - ok
15:10:01.0026 1460 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
15:10:01.0267 1460 Modem - ok
15:10:01.0347 1460 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
15:10:01.0787 1460 MODEMCSA - ok
15:10:01.0837 1460 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:10:02.0118 1460 Mouclass - ok
15:10:02.0198 1460 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:10:02.0538 1460 mouhid - ok
15:10:02.0649 1460 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
15:10:02.0899 1460 MountMgr - ok
15:10:02.0929 1460 mraid35x - ok
15:10:03.0009 1460 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:10:03.0259 1460 MRxDAV - ok
15:10:03.0520 1460 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:10:03.0860 1460 MRxSmb - ok
15:10:03.0960 1460 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\System32\msdtc.exe
15:10:04.0221 1460 MSDTC - ok
15:10:04.0301 1460 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
15:10:04.0581 1460 Msfs - ok
15:10:04.0611 1460 MSIServer - ok
15:10:04.0681 1460 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:10:04.0962 1460 MSKSSRV - ok
15:10:05.0112 1460 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:10:05.0372 1460 MSPCLOCK - ok
15:10:05.0433 1460 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
15:10:05.0693 1460 MSPQM - ok
15:10:05.0783 1460 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:10:06.0003 1460 mssmbios - ok
15:10:06.0043 1460 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
15:10:06.0384 1460 ms_mpu401 - ok
15:10:06.0444 1460 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
15:10:06.0694 1460 Mup - ok
15:10:06.0784 1460 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
15:10:07.0035 1460 NDIS - ok
15:10:07.0135 1460 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:10:07.0455 1460 NdisTapi - ok
15:10:07.0536 1460 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:10:07.0776 1460 Ndisuio - ok
15:10:07.0846 1460 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:10:08.0096 1460 NdisWan - ok
15:10:08.0176 1460 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
15:10:08.0497 1460 NDProxy - ok
15:10:08.0567 1460 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:10:08.0797 1460 NetBIOS - ok
15:10:08.0857 1460 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:10:09.0078 1460 NetBT - ok
15:10:09.0138 1460 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
15:10:09.0348 1460 NetDDE - ok
15:10:09.0398 1460 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
15:10:09.0659 1460 NetDDEdsdm - ok
15:10:09.0709 1460 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
15:10:09.0949 1460 Netlogon - ok
15:10:10.0049 1460 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
15:10:10.0300 1460 Netman - ok
15:10:11.0071 1460 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS\System32\mswsock.dll
15:10:11.0311 1460 Nla - ok
15:10:11.0431 1460 nmservice - ok
15:10:11.0501 1460 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
15:10:11.0742 1460 Npfs - ok
15:10:11.0882 1460 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
15:10:12.0162 1460 Ntfs - ok
15:10:12.0192 1460 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
15:10:12.0453 1460 NtLmSsp - ok
15:10:12.0543 1460 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
15:10:12.0823 1460 NtmsSvc - ok
15:10:12.0863 1460 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:10:13.0194 1460 Null - ok
15:10:13.0624 1460 nv (be10db9ad60d5814aeff31d976b99448) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:10:14.0035 1460 nv - ok
15:10:14.0225 1460 NVSvc (a3b67aa9f60533557fd9141bca9fa4a9) C:\WINDOWS\system32\nvsvc32.exe
15:10:14.0265 1460 NVSvc - ok
15:10:14.0365 1460 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:10:14.0656 1460 NwlnkFlt - ok
15:10:14.0716 1460 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:10:15.0026 1460 NwlnkFwd - ok
15:10:15.0227 1460 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:10:15.0267 1460 odserv - ok
15:10:15.0327 1460 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:10:15.0357 1460 ose - ok
15:10:15.0447 1460 ossrv (f29184bdc81c398b6027a67ff6a19895) C:\WINDOWS\system32\drivers\ctoss2k.sys
15:10:15.0487 1460 ossrv - ok
15:10:15.0607 1460 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
15:10:15.0848 1460 Parport - ok
15:10:15.0898 1460 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
15:10:16.0198 1460 PartMgr - ok
15:10:16.0238 1460 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:10:16.0579 1460 ParVdm - ok
15:10:16.0669 1460 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
15:10:16.0929 1460 PCI - ok
15:10:16.0979 1460 PCIDump - ok
15:10:17.0029 1460 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:10:17.0320 1460 PCIIde - ok
15:10:17.0440 1460 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:10:17.0690 1460 Pcmcia - ok
15:10:17.0790 1460 PCPitstop Scheduling (a2ac545ab59ab2a564058b9a60f6456f) C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
15:10:17.0810 1460 PCPitstop Scheduling - ok
15:10:17.0840 1460 PDCOMP - ok
15:10:17.0890 1460 PDFRAME - ok
15:10:17.0920 1460 PDRELI - ok
15:10:17.0971 1460 PDRFRAME - ok
15:10:18.0021 1460 perc2 - ok
15:10:18.0061 1460 perc2hib - ok
15:10:18.0231 1460 pgfilter (2ee7f9a01fac4d7c5516a5c3ce130fd7) C:\Program Files\PeerGuardian2\pgfilter.sys
15:10:18.0261 1460 pgfilter ( UnsignedFile.Multi.Generic ) - warning
15:10:18.0261 1460 pgfilter - detected UnsignedFile.Multi.Generic (1)
15:10:18.0341 1460 phmcd (16b9f7516ec157854be4f1f83913c553) C:\WINDOWS\system32\DRIVERS\phmcd.sys
15:10:18.0361 1460 phmcd - ok
15:10:18.0421 1460 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
15:10:18.0672 1460 PlugPlay - ok
15:10:18.0742 1460 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys
15:10:18.0772 1460 pnarp - ok
15:10:18.0852 1460 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
15:10:19.0082 1460 PolicyAgent - ok
15:10:19.0162 1460 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:10:19.0413 1460 PptpMiniport - ok
15:10:19.0443 1460 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
15:10:19.0693 1460 ProtectedStorage - ok
15:10:19.0753 1460 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
15:10:19.0993 1460 PSched - ok
15:10:20.0084 1460 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
15:10:20.0114 1460 PSI - ok
15:10:20.0174 1460 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:10:20.0474 1460 Ptilink - ok
15:10:20.0514 1460 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys
15:10:20.0544 1460 purendis - ok
15:10:20.0634 1460 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:10:20.0664 1460 PxHelp20 - ok
15:10:20.0694 1460 ql1080 - ok
15:10:20.0745 1460 Ql10wnt - ok
15:10:20.0795 1460 ql12160 - ok
15:10:20.0845 1460 ql1240 - ok
15:10:20.0895 1460 ql1280 - ok
15:10:20.0925 1460 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:10:21.0265 1460 RasAcd - ok
15:10:21.0355 1460 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
15:10:21.0616 1460 RasAuto - ok
15:10:21.0686 1460 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:10:21.0926 1460 Rasl2tp - ok
15:10:22.0046 1460 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
15:10:22.0277 1460 RasMan - ok
15:10:22.0307 1460 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:10:22.0547 1460 RasPppoe - ok
15:10:22.0597 1460 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:10:22.0908 1460 Raspti - ok
15:10:22.0968 1460 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:10:23.0218 1460 Rdbss - ok
15:10:23.0268 1460 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:10:23.0579 1460 RDPCDD - ok
15:10:23.0689 1460 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
15:10:23.0939 1460 RDPWD - ok
15:10:24.0009 1460 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
15:10:24.0260 1460 RDSessMgr - ok
15:10:24.0300 1460 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:10:24.0560 1460 redbook - ok
15:10:24.0660 1460 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
15:10:25.0001 1460 RemoteAccess - ok
15:10:25.0091 1460 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
15:10:25.0181 1460 RimUsb - ok
15:10:25.0281 1460 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
15:10:25.0331 1460 RimVSerPort - ok
15:10:25.0371 1460 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
15:10:25.0682 1460 ROOTMODEM - ok
15:10:25.0792 1460 Roxio UPnP Renderer 9 (afd61a7c48a3e15c86a6fadf0b69a2e4) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
15:10:25.0812 1460 Roxio UPnP Renderer 9 - ok
15:10:25.0912 1460 Roxio Upnp Server 9 (efbb36e2bb02169d26e9980778fc20d3) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
15:10:25.0952 1460 Roxio Upnp Server 9 - ok
15:10:26.0092 1460 RoxLiveShare9 (272572b93ede9d44e8330a03d1b83092) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
15:10:26.0142 1460 RoxLiveShare9 - ok
15:10:26.0293 1460 RoxMediaDB9 (6ba45db2953d0fc7c8107b2e3024cb89) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
15:10:26.0363 1460 RoxMediaDB9 - ok
15:10:26.0463 1460 RoxWatch9 (c48eabb051422eb38adc9eabd47640b9) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
15:10:26.0493 1460 RoxWatch9 - ok
15:10:26.0663 1460 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\System32\locator.exe
15:10:26.0903 1460 RpcLocator - ok
15:10:27.0024 1460 RpcSs (5c83a4408604f737717ab96371201680) C:\WINDOWS\System32\rpcss.dll
15:10:27.0294 1460 RpcSs - ok
15:10:27.0354 1460 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
15:10:27.0685 1460 RSVP - ok
15:10:27.0795 1460 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:10:28.0025 1460 rtl8139 - ok
15:10:28.0075 1460 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
15:10:28.0305 1460 SamSs - ok
15:10:28.0366 1460 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:10:28.0386 1460 SASDIFSV - ok
15:10:28.0416 1460 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:10:28.0446 1460 SASKUTIL - ok
15:10:28.0516 1460 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
15:10:28.0756 1460 SCardSvr - ok
15:10:28.0846 1460 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
15:10:29.0097 1460 Schedule - ok
15:10:29.0197 1460 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:10:29.0227 1460 Secdrv ( UnsignedFile.Multi.Generic ) - warning
15:10:29.0227 1460 Secdrv - detected UnsignedFile.Multi.Generic (1)
15:10:29.0337 1460 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
15:10:29.0577 1460 seclogon - ok
15:10:29.0657 1460 Secunia PSI Agent - ok
15:10:29.0707 1460 Secunia Update Agent - ok
15:10:29.0778 1460 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
15:10:30.0018 1460 SENS - ok
15:10:30.0068 1460 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:10:30.0308 1460 serenum - ok
15:10:30.0348 1460 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
15:10:30.0589 1460 Serial - ok
15:10:30.0669 1460 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:10:30.0919 1460 Sfloppy - ok
15:10:30.0999 1460 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
15:10:31.0270 1460 SharedAccess - ok
15:10:31.0380 1460 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
15:10:31.0610 1460 ShellHWDetection - ok
15:10:31.0630 1460 Simbad - ok
15:10:31.0680 1460 Sparrow - ok
15:10:31.0750 1460 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
15:10:32.0001 1460 splitter - ok
15:10:32.0061 1460 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
15:10:32.0291 1460 Spooler - ok
15:10:32.0391 1460 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
15:10:32.0622 1460 sr - ok
15:10:32.0712 1460 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
15:10:32.0932 1460 srservice - ok
15:10:33.0012 1460 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
15:10:33.0243 1460 Srv - ok
15:10:33.0303 1460 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
15:10:33.0543 1460 SSDPSRV - ok
15:10:33.0623 1460 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
15:10:33.0903 1460 stisvc - ok
15:10:33.0954 1460 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:10:34.0194 1460 swenum - ok
15:10:34.0254 1460 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
15:10:34.0615 1460 swmidi - ok
15:10:34.0665 1460 SwPrv - ok
15:10:34.0745 1460 symc810 - ok
15:10:34.0795 1460 symc8xx - ok
15:10:34.0875 1460 sym_hi - ok
15:10:34.0925 1460 sym_u3 - ok
15:10:34.0985 1460 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
15:10:35.0225 1460 sysaudio - ok
15:10:35.0326 1460 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
15:10:35.0556 1460 SysmonLog - ok
15:10:35.0656 1460 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
15:10:35.0916 1460 TapiSrv - ok
15:10:35.0996 1460 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:10:36.0267 1460 Tcpip - ok
15:10:36.0357 1460 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:10:36.0597 1460 TDPIPE - ok
15:10:36.0627 1460 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
15:10:36.0898 1460 TDTCP - ok
15:10:36.0968 1460 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:10:37.0188 1460 TermDD - ok
15:10:37.0288 1460 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
15:10:37.0519 1460 TermService - ok
15:10:37.0579 1460 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
15:10:37.0809 1460 Themes - ok
15:10:37.0859 1460 TosIde - ok
15:10:37.0939 1460 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
15:10:38.0200 1460 TrkWks - ok
15:10:38.0310 1460 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
15:10:38.0320 1460 TVICHW32 ( UnsignedFile.Multi.Generic ) - warning
15:10:38.0320 1460 TVICHW32 - detected UnsignedFile.Multi.Generic (1)
15:10:38.0370 1460 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys
15:10:38.0620 1460 uagp35 - ok
15:10:38.0710 1460 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
15:10:38.0961 1460 Udfs - ok
15:10:38.0991 1460 ultra - ok
15:10:39.0081 1460 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
15:10:39.0321 1460 Update - ok
15:10:39.0391 1460 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
15:10:39.0712 1460 upnphost - ok
15:10:39.0772 1460 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
15:10:40.0002 1460 UPS - ok
15:10:40.0092 1460 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:10:40.0172 1460 USBAAPL - ok
15:10:40.0263 1460 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:10:40.0503 1460 usbccgp - ok
15:10:40.0623 1460 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:10:40.0863 1460 usbehci - ok
15:10:40.0944 1460 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:10:41.0184 1460 usbhub - ok
15:10:41.0244 1460 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:10:41.0484 1460 usbprint - ok
15:10:41.0564 1460 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:10:41.0785 1460 usbscan - ok
15:10:41.0855 1460 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
15:10:41.0865 1460 usbsermpt ( UnsignedFile.Multi.Generic ) - warning
15:10:41.0865 1460 usbsermpt - detected UnsignedFile.Multi.Generic (1)
15:10:41.0965 1460 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:10:42.0195 1460 USBSTOR - ok
15:10:42.0245 1460 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:10:42.0506 1460 usbuhci - ok
15:10:42.0556 1460 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
15:10:42.0796 1460 VgaSave - ok
15:10:42.0876 1460 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:10:43.0117 1460 viaagp - ok
15:10:43.0167 1460 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:10:43.0407 1460 ViaIde - ok
15:10:43.0477 1460 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
15:10:43.0728 1460 VolSnap - ok
15:10:43.0848 1460 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
15:10:44.0108 1460 VSS - ok
15:10:44.0168 1460 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
15:10:44.0399 1460 W32Time - ok
15:10:44.0519 1460 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:10:44.0779 1460 Wanarp - ok
15:10:44.0809 1460 WDICA - ok
15:10:44.0889 1460 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
15:10:45.0130 1460 wdmaud - ok
15:10:45.0240 1460 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll
15:10:45.0490 1460 WebClient - ok
15:10:45.0620 1460 Winachcf (e3df12ce194d1da6ca7fdc0d8fbcb55e) C:\WINDOWS\system32\DRIVERS\winachcf.sys
15:10:45.0720 1460 Winachcf - ok
15:10:45.0861 1460 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:10:46.0111 1460 winmgmt - ok
15:10:46.0221 1460 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:10:46.0321 1460 WmdmPmSN - ok
15:10:46.0442 1460 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
15:10:46.0692 1460 WmiApSrv - ok
15:10:46.0932 1460 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:10:47.0022 1460 WMPNetworkSvc - ok
15:10:47.0112 1460 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:10:47.0133 1460 WpdUsb - ok
15:10:47.0223 1460 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:10:47.0563 1460 WS2IFSL - ok
15:10:47.0613 1460 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
15:10:47.0864 1460 wscsvc - ok
15:10:47.0914 1460 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
15:10:48.0134 1460 wuauserv - ok
15:10:48.0194 1460 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:10:48.0274 1460 WudfPf - ok
15:10:48.0344 1460 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:10:48.0374 1460 WudfRd - ok
15:10:48.0434 1460 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:10:48.0494 1460 WudfSvc - ok
15:10:48.0585 1460 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
15:10:48.0855 1460 WZCSVC - ok
15:10:48.0945 1460 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
15:10:49.0185 1460 xmlprov - ok
15:10:49.0306 1460 YahooAUService - ok
15:10:49.0406 1460 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:10:50.0257 1460 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:10:50.0257 1460 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:10:50.0327 1460 Boot (0x1200) (4f93683189d6a4f532cdc7faa5f675b7) \Device\Harddisk0\DR0\Partition0
15:10:50.0337 1460 \Device\Harddisk0\DR0\Partition0 - ok
15:10:50.0347 1460 ============================================================
15:10:50.0347 1460 Scan finished
15:10:50.0347 1460 ============================================================
15:10:50.0547 1580 Detected object count: 9
15:10:50.0547 1580 Actual detected object count: 9
15:12:26.0015 1580 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
15:12:26.0015 1580 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:12:26.0045 1580 d347bus ( UnsignedFile.Multi.Generic ) - skipped by user
15:12:26.0045 1580 d347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:12:26.0045 1580 d347prt ( UnsignedFile.Multi.Generic ) - skipped by user
15:12:26.0045 1580 d347prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:12:26.0065 1580 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:12:26.0065 1580 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:12:26.0105 1580 pgfilter ( UnsignedFile.Multi.Generic ) - skipped by user
15:12:26.0105 1580 pgfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:12:26.0105 1580 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:12:26.0105 1580 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:12:26.0155 1580 TVICHW32 ( UnsignedFile.Multi.Generic ) - skipped by user
15:12:26.0155 1580 TVICHW32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:12:26.0155 1580 usbsermpt ( UnsignedFile.Multi.Generic ) - skipped by user
15:12:26.0155 1580 usbsermpt ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:12:26.0255 1580 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
15:12:26.0265 1580 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
15:12:26.0265 1580 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
15:12:26.0285 1580 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
15:12:26.0315 1580 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:12:26.0325 1580 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:12:26.0325 1580 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:12:26.0385 1580 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:12:26.0385 1580 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
15:12:26.0425 1580 \Device\Harddisk0\DR0\TDLFS\dkmks.tmp - copied to quarantine
15:12:26.0425 1580 \Device\Harddisk0\DR0\TDLFS - deleted
15:12:26.0425 1580 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

ComboFix 12-06-15.06 - Aaron 06/15/2012 15:43:43.13.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.766.516 [GMT -5:00]
Running from: c:\documents and settings\Aaron\Desktop\combo.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\xmldm
c:\windows\system32\xmldm\172_FF_0000009576.key
c:\windows\system32\xmldm\172_FF_0000009577.frm
c:\windows\system32\xmldm\172_FF_0000009578.frm
c:\windows\system32\xmldm\172_FF_0000009579.pst
c:\windows\system32\xmldm\172_FF_0000009580.key
c:\windows\system32\xmldm\492_FF_0000009575_ifrm.htm
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 06:55 . 2012-06-15 06:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-15 06:23 . 2012-06-15 06:23 -------- d-----w- C:\_OTL
2012-06-04 23:39 . 2012-06-04 23:39 54016 ----a-w- c:\windows\system32\drivers\lkkjeunt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 06:57 . 2002-08-29 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-04 20:56 . 2009-06-23 03:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-08_21.04.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-14 19:09 . 2011-05-10 13:06 42496 c:\windows\system32\ReinstallBackups\0007\DriverFiles\usbaapl.sys
- 2002-08-29 12:00 . 2011-04-08 23:32 59440 c:\windows\system32\perfc009.dat
+ 2002-08-29 12:00 . 2012-04-01 14:13 59440 c:\windows\system32\perfc009.dat
+ 2002-08-29 12:00 . 2004-08-04 05:56 77312 c:\windows\system32\msiexec.exe
+ 2011-12-14 19:09 . 2011-05-10 13:06 42496 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaapl.sys
+ 2011-12-14 19:09 . 2011-05-10 13:06 18432 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\netaapl.sys
+ 2011-08-31 05:05 . 2011-08-31 05:05 73064 c:\windows\system32\dnssd.dll
+ 2011-08-31 05:05 . 2011-08-31 05:05 83816 c:\windows\system32\dns-sd.exe
+ 2007-02-11 22:15 . 2012-06-13 19:09 4036 c:\windows\system32\d3d9caps.dat
- 2007-02-11 22:15 . 2011-08-08 20:01 4036 c:\windows\system32\d3d9caps.dat
+ 2011-05-14 07:17 . 2011-05-14 07:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 07:12 . 2011-05-14 07:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 07:11 . 2011-05-14 07:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
- 2002-08-29 12:00 . 2011-04-08 23:32 395200 c:\windows\system32\perfh009.dat
+ 2002-08-29 12:00 . 2012-04-01 14:13 395200 c:\windows\system32\perfh009.dat
+ 2011-08-31 05:05 . 2011-08-31 05:05 178536 c:\windows\system32\dnssdX.dll
+ 2011-12-14 20:14 . 2011-12-14 20:14 380928 c:\windows\Installer\{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}\iTunesIco.exe
+ 2011-12-14 19:09 . 2011-05-10 13:06 4517664 c:\windows\system32\ReinstallBackups\0007\DriverFiles\usbaaplrc.dll
+ 2011-12-14 19:09 . 2011-05-10 13:06 4517664 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaaplrc.dll
+ 2011-12-14 19:09 . 2010-04-20 01:29 1461992 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\wdfcoinstaller01009.dll
+ 2011-12-14 19:09 . 2011-12-14 19:09 1717248 c:\windows\Installer\574d99.msi
+ 2011-12-14 19:07 . 2011-12-14 19:07 2002432 c:\windows\Installer\574d3f.msi
+ 2011-12-14 19:02 . 2011-12-14 19:02 1530368 c:\windows\Installer\574cf3.msi
+ 2011-12-14 20:14 . 2011-12-14 20:14 5651456 c:\windows\Installer\28c58e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"="c:\program files\Real\RealOne Player\realplay.exe" [2006-07-15 1003520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-15 151597]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"FLMOFFICE4DMOUSE"="c:\program files\Micro Innovations\Optical Scroll\mouse32a.exe" [2006-09-23 356352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin F6D4050 Enhanced Wireless USB Adapter Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin F6D4050 Enhanced Wireless USB Adapter Utility.lnk
backup=c:\windows\pss\Belkin F6D4050 Enhanced Wireless USB Adapter Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast!AVSControlService"=2 (0x2)
"avast!Antivirus"=2 (0x2)
"XobniService"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"ASKService"=2 (0x2)
"YahooAUService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Secunia Update Agent"=2 (0x2)
"Secunia PSI Agent"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"IDriverT"=3 (0x3)
"getPlus® Helper"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Documents and Settings\\Aaron\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2/1/2010 8:31 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2/1/2010 8:31 PM 5248]
R0 phmcd;phmcd;c:\windows\system32\drivers\phmcd.sys [4/8/2008 1:41 PM 44696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
S1 e5f36169;e5f36169;c:\windows\system32\drivers\e5f36169.sys --> c:\windows\system32\drivers\e5f36169.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [7/20/2009 11:22 PM 90352]
S4 Secunia PSI Agent;Secunia PSI Agent;"c:\program files\Secunia\PSI\PSIA.exe" --start-service --> c:\program files\Secunia\PSI\PSIA.exe [?]
S4 Secunia Update Agent;Secunia Update Agent;"c:\program files\Secunia\PSI\sua.exe" --start-service --> c:\program files\Secunia\PSI\sua.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1580818891-1060284298-1004Core.job
- c:\documents and settings\Aaron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-08 21:28]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1580818891-1060284298-1004UA.job
- c:\documents and settings\Aaron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-08 21:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: aol.com\free
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: JavaString Helper: {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - c:\windows\system32\5017
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Aaron\Application Data\Move Networks
FF - Ext: JavaString Helper: {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - c:\windows\system32\5017
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-15 15:54
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???~????&2????wd??w~???????\???\??????????????w-??w\???\??????? 8`[email protected]?\???\??????s~???\??????s\????&2?A??s?&[email protected]?x???`|?w\[email protected]
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1801674531-1580818891-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{660F3A60-2CC8-29F5-9985-3A8379FFC639}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2012-06-15 15:58:08
ComboFix-quarantined-files.txt 2012-06-15 20:58
ComboFix2.txt 2012-06-15 07:37
ComboFix3.txt 2011-08-08 21:11
ComboFix4.txt 2011-05-25 01:16
ComboFix5.txt 2012-06-15 20:41
.
Pre-Run: 6,916,612,096 bytes free
Post-Run: 6,908,678,144 bytes free
.
- - End Of File - - AE7C34ACA9787AC58AD2BF66DC094103
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ? Any problems.. I will remove all Combofixes when we clean up
  • 0

#9
Aaron2007

Aaron2007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
It's running a lot better, my internet is no longer locking up on me and I am able to load programs and websites much faster than before.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
I would recommend that you upgrade XP to Service Pack 3

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

Advertisements


#11
Aaron2007

Aaron2007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I've followed your directions and my computer is running much much better. However, I still cannot use add/remove program, it says I'm missing rundll32? Actually I'm not able to use any of the tools in my control panel because it says "Windows cannot find C:\WINDOWS\system32\rundll32.exe make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search." Is there any way to fix this?
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Updating to SP 3 should fix this

Download from Here

If that does not cure it then we will run a search/replace for it
  • 0

#13
Aaron2007

Aaron2007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I installed SP3 but unfortunately I am still getting the same error message :( how can I fix this?
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets do a quick search for the file

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    /md5start
    rundll32.*
    /md5stop
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows.
  • Post the main OTL log

  • 0

#15
Aaron2007

Aaron2007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thank you so much for all the help. Here is the OTL log


OTL logfile created on: 6/19/2012 11:15:10 AM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Aaron\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.42 Mb Total Physical Memory | 390.83 Mb Available Physical Memory | 50.99% Memory free
2.03 Gb Paging File | 1.75 Gb Available in Paging File | 86.36% Paging File free
Paging file location(s): C:\pagefile.sys 1350 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.26 Gb Total Space | 5.12 Gb Free Space | 8.95% Space Free | Partition Type: NTFS

Computer Name: AARON-H612E60RG | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/19 11:13:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aaron\Desktop\OTL.exe
PRC - [2010/03/31 21:03:19 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/12/14 09:29:00 | 000,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/22 23:18:13 | 000,356,352 | ---- | M] () -- C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe
PRC - [2006/07/14 22:37:55 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/07/14 22:37:55 | 000,053,293 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realevent.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/10 12:48:03 | 000,150,480 | ---- | M] () -- C:\WINDOWS\system32\5017\components\AcroFF017.dll
MOD - [2006/09/22 23:18:13 | 000,356,352 | ---- | M] () -- C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe
MOD - [2006/09/22 23:18:13 | 000,073,728 | ---- | M] () -- C:\Program Files\Micro Innovations\Optical Scroll\mouDL32A.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/26 15:29:24 | 000,090,352 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/03/03 14:53:32 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\e5f36169.sys -- (e5f36169)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- -- (Beep)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/12/12 18:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/11/06 00:13:33 | 000,044,696 | ---- | M] (Phantombility, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\phmcd.sys -- (phmcd)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/02/18 11:56:38 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/01/30 01:16:42 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2004/08/22 17:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 17:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/07/24 00:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/18 21:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/18 21:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/18 21:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/18 21:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/18 21:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/18 21:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2002/04/30 04:17:54 | 000,917,988 | R--- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winachcf.sys -- (Winachcf)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/flashplayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Aaron\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Aaron\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\firefox\extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5017 [2011/06/10 12:48:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/03 18:46:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 12:33:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Aaron\Application Data\Move Networks [2009/11/14 14:24:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5017 [2011/06/10 12:48:03 | 000,000,000 | ---D | M]

[2011/01/03 02:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Extensions
[2011/01/03 02:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Extensions\[email protected]
[2012/06/15 01:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\extensions
[2009/05/21 13:07:03 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/11/29 03:04:42 | 000,000,000 | ---D | M] ("BitDefender QuickScanner") -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(2)
[2008/12/12 13:23:54 | 000,002,158 | -H-- | M] () -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\searchplugins\MySpace.xml
[2012/06/15 01:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/14 14:24:37 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\AARON\APPLICATION DATA\MOVE NETWORKS
[2009/07/05 01:19:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/10 12:48:03 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5017

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealOne Player Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: getPlus for Adobe 15235 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Aaron\Application Data\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/18 14:33:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe ()
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [RealPlayer] C:\Program Files\Real\RealOne Player\realplay.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.micr...9E3A1BC/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} https://activation.a...aller_2-0-0.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1248838524406 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8ffbe65d-2c9c-4669-84bd-5829dc0b603c} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40D07D27-6BC4-4866-971E-D1050AE8A92E}: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{557019BA-570F-494C-8F4D-72862B87EFB0}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/13 02:10:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/19 11:13:51 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aaron\Desktop\OTL.exe
[2012/06/18 23:42:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/06/18 23:29:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/06/18 23:29:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2012/06/18 23:29:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/06/18 23:29:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/06/18 23:29:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012/06/18 23:23:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2012/06/18 15:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/06/18 15:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/18 15:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aaron\Application Data\Oracle
[2012/06/18 14:45:17 | 000,000,000 | --SD | C] -- C:\combo
[2012/06/18 14:33:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/17 15:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/06/17 15:07:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/17 01:14:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2012/06/15 15:58:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/06/15 01:55:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/14 00:13:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Aaron\Desktop\aswMBR.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/19 11:13:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aaron\Desktop\OTL.exe
[2012/06/19 11:10:18 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1580818891-1060284298-1004UA.job
[2012/06/19 10:54:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/19 02:03:52 | 000,025,296 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-00000009-00001102-00000002-80651102}.rfx
[2012/06/19 02:03:52 | 000,025,296 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-00000009-00001102-00000002-80651102}.rfx
[2012/06/19 02:03:52 | 000,016,516 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-00000009-00001102-00000002-80651102}.rfx
[2012/06/19 02:03:52 | 000,016,516 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-00000009-00001102-00000002-80651102}.rfx
[2012/06/19 02:03:52 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/06/19 02:03:52 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/06/19 02:03:52 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-80651102}.dat
[2012/06/19 02:03:52 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-00000009-00001102-00000002-80651102}.dat
[2012/06/19 00:10:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1580818891-1060284298-1004Core.job
[2012/06/18 23:45:36 | 000,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/18 23:45:36 | 000,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/18 23:44:29 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/06/18 23:44:03 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/18 23:42:42 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/18 23:41:18 | 000,313,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/18 23:22:45 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/06/18 20:11:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/18 14:33:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/06/17 15:23:17 | 000,004,036 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/14 00:43:15 | 000,086,528 | ---- | M] () -- C:\Documents and Settings\Aaron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/14 00:40:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Aaron\Desktop\MBR.dat
[2012/06/14 00:13:48 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Aaron\Desktop\aswMBR.exe
[2012/06/11 22:11:41 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/11 22:11:39 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Aaron\Desktop\Google Chrome.lnk
[2012/06/04 18:39:03 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\lkkjeunt.sys
[2012/06/02 15:38:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/18 23:44:29 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/06/14 00:40:18 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Aaron\Desktop\MBR.dat
[2012/06/04 18:39:03 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\lkkjeunt.sys
[2012/06/02 15:38:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

========== LOP Check ==========

[2010/12/31 00:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\.anomos
[2007/01/01 20:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\acccore
[2006/07/13 13:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Aim
[2009/08/13 01:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Any Video Converter
[2012/06/18 12:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Azureus
[2011/10/08 13:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\FrostWire
[2010/02/01 22:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\iWin
[2010/08/21 23:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Leawo
[2009/11/29 03:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Lionhead Studios
[2009/07/12 21:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\LPECommon
[2006/08/07 15:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\LucasArts
[2011/12/04 03:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\MP3Rocket
[2009/11/29 03:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\My Games
[2009/06/18 00:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Opera
[2012/06/18 15:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Oracle
[2011/01/03 02:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Philips
[2011/01/03 02:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Philips-Songbird
[2009/11/29 01:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\QuickScan
[2009/03/21 02:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Research In Motion
[2009/11/07 12:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\uTorrent
[2007/01/11 16:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Viewpoint
[2009/09/09 14:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/02/07 19:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/09/10 13:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chit Chat For Facebook
[2009/11/29 03:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lionhead Studios
[2011/04/22 20:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oracle
[2009/12/16 02:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/04/22 20:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/05/02 10:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/15 13:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/06/21 23:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/12 01:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: RUNDLL32.EXE >
[2008/04/14 05:42:34 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=037B1E7798960E0420003D05BB577EE6 -- C:\WINDOWS\ServicePackFiles\i386\rundll32.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\rundll32.exe
[2012/03/24 14:22:40 | 000,046,592 | ---- | M] (Microsoft Corporation) MD5=10446646D128E580C46615338E74E672 -- C:\Documents and Settings\Aaron\Desktop\rundll32\rundll32.exe

< MD5 for: RUNDLL32.LNK >
[2012/03/24 14:22:17 | 000,000,403 | ---- | M] () MD5=678AF03657D47538C86E20B9EBB1D9C0 -- C:\Documents and Settings\Aaron\Recent\rundll32.lnk

< MD5 for: RUNDLL32.ZIP >
[2012/03/24 14:22:17 | 000,020,904 | ---- | M] () MD5=FC78732548691292B3358BA738E7D17A -- C:\Documents and Settings\Aaron\Desktop\rundll32.zip

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP