Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need Help Removing Win32/Sirefef.EZ trojan [Solved]


  • This topic is locked This topic is locked

#1
liquidjo

liquidjo

    Member

  • Member
  • PipPip
  • 31 posts
Hello. Im having issues with this Sirefef variant that wont go away. It wont even let me turn on the firewall. Any help would be appreciated. Thanks. Heres the OTL scan off the laptop. This laptop is using Windows XP 2002 SP3.


OTL logfile created on: 7/18/2012 11:22:23 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Daci\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 58.32% Memory free
3.34 Gb Paging File | 2.88 Gb Available in Paging File | 86.18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 13.81 Gb Free Space | 24.71% Space Free | Partition Type: NTFS

Computer Name: DACI-3AF89A7F3F | User Name: Daci | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/18 11:21:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daci\My Documents\Downloads\OTL.exe
PRC - [2012/07/11 18:12:12 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/04 12:55:24 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012/02/01 14:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012/02/01 14:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/20 11:28:46 | 000,452,656 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files\Motorola\Bluetooth\LEsrv.exe
PRC - [2011/07/20 11:28:38 | 001,376,304 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
PRC - [2011/07/20 11:28:30 | 000,948,272 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe
PRC - [2011/07/20 11:28:26 | 003,538,480 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
PRC - [2011/06/17 19:29:56 | 000,566,832 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe
PRC - [2009/11/03 16:48:54 | 000,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/11/03 16:45:52 | 000,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2009/11/03 16:45:48 | 001,372,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/11/03 16:42:00 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/11/03 16:35:14 | 001,202,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/11/03 16:33:48 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe
PRC - [2005/10/07 14:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/06/28 23:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/11 18:12:11 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/07/11 18:06:49 | 009,465,032 | ---- | M] () -- C:\WINXP\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/01 14:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2012/02/01 14:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/11/03 16:35:46 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2012/07/11 18:12:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/11 18:06:50 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/04 12:55:24 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/02/01 14:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/07/20 11:28:46 | 000,452,656 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\LEsrv.exe -- (Bluetooth Low Energy Service)
SRV - [2011/07/20 11:28:30 | 000,948,272 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV - [2011/07/20 11:28:26 | 003,538,480 | ---- | M] (Motorola Solutions, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV - [2011/06/17 19:29:56 | 000,566,832 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2009/11/03 16:48:54 | 000,874,768 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/11/03 16:45:52 | 000,348,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2009/11/03 16:42:00 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/11/03 16:33:48 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Daci\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/02/15 22:57:28 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINXP\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/01/25 13:57:48 | 000,024,192 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2011/10/25 17:25:47 | 000,237,096 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2011/07/25 19:09:16 | 000,564,736 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\btmusb.sys -- (BTMUSB)
DRV - [2011/02/22 17:51:28 | 000,041,472 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\btmcom.sys -- (BTMCOM)
DRV - [2009/11/11 05:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2009/05/08 11:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/04/06 15:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/09/28 20:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\STAC97.sys -- (STAC97)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE C3 D3 32 50 73 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6C59297E-BFFE-4E6A-0BF5-4187155432D8}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKCU\..\SearchScopes\{CE3A3FD1-0A27-07DC-3FED-9D0FBEBC1CD0}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "vshare.tv Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://us.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {7aeb3efd-e564-43f1-b658-5058a7c5743b}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.1.20110906100327
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20111020&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/03 21:30:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/11 18:12:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/19 13:52:03 | 000,000,000 | ---D | M]

[2011/10/17 14:17:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daci\Application Data\Mozilla\Extensions
[2012/07/12 16:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daci\Application Data\Mozilla\Firefox\Profiles\0n1jtlb4.default\extensions
[2012/05/18 18:08:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Daci\Application Data\Mozilla\Firefox\Profiles\0n1jtlb4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/07/12 16:00:26 | 000,000,000 | ---D | M] (vshare.tv Community Toolbar) -- C:\Documents and Settings\Daci\Application Data\Mozilla\Firefox\Profiles\0n1jtlb4.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
[2012/07/12 16:00:31 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Documents and Settings\Daci\Application Data\Mozilla\Firefox\Profiles\0n1jtlb4.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/10/19 19:45:06 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Daci\Application Data\Mozilla\Firefox\Profiles\0n1jtlb4.default\searchplugins\bing-zugo.xml
[2011/09/27 15:24:04 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Daci\Application Data\Mozilla\Firefox\Profiles\0n1jtlb4.default\searchplugins\conduit.xml
[2012/02/17 01:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/11 18:12:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/03/22 17:29:05 | 001,184,804 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DACI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0N1JTLB4.DEFAULT\EXTENSIONS\[email protected]
[2012/07/11 18:12:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/15 18:10:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/09 06:53:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/09 06:53:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT2818425
CHR - default_search_provider: suggest_url = http://search.conduit.com/
CHR - homepage: http://www.msn.com/?...l_date=20110928
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Daci\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINXP\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Daci\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Daci\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Daci\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Complitly plugin for chrome = C:\Documents and Settings\Daci\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.1_0\
CHR - Extension: vshare plugin = C:\Documents and Settings\Daci\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Vuze Remote = C:\Documents and Settings\Daci\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.0.1.4_0\

O1 HOSTS File: ([2008/04/14 02:00:00 | 000,000,734 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINXP\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola Solutions, Inc.)
O4 - HKLM..\Run: [BYR_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKCU..\Run: [KB00373776.exe] C:\Documents and Settings\Daci\Application Data\KB00373776.exe (Creative Technology)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1530C061-CE33-43A1-B58D-A7E0422764EB}: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Daci\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daci\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/14 18:10:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0160ff6e-713b-11e1-8fa4-0016415d36c8}\Shell - "" = AutoRun
O33 - MountPoints2\{0160ff6e-713b-11e1-8fa4-0016415d36c8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5585f0f8-a429-11e1-8fdc-0016415d36c8}\Shell - "" = AutoRun
O33 - MountPoints2\{5585f0f8-a429-11e1-8fdc-0016415d36c8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{96e9165c-6c8b-11e1-8f98-0016415d36c8}\Shell - "" = AutoRun
O33 - MountPoints2\{96e9165c-6c8b-11e1-8f98-0016415d36c8}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/18 10:36:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/18 01:46:00 | 000,000,000 | ---D | C] -- C:\WINXP\System32\LogFiles
[2012/07/17 18:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/17 18:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/07/17 18:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/07/17 18:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daci\Start Menu\Programs\HiJackThis
[2012/07/17 18:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/07/17 17:58:48 | 000,128,000 | ---- | C] (Creative Technology) -- C:\Documents and Settings\Daci\Application Data\KB00373776.exe
[2012/07/17 17:58:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Daci\Application Data\A3CB6C01
[2012/07/16 16:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/07/16 16:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/07/16 10:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/07/16 10:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/07/16 10:00:28 | 000,000,000 | -HSD | C] -- C:\WINXP\assembly
[2012/07/13 14:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Magic APE FLAC CD Burner
[2012/07/13 14:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Magic APE FLAC CD Burner
[2012/07/12 18:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daci\Desktop\Mongol
[2012/07/11 09:08:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2012/07/10 17:12:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Daci\Recent
[2012/07/04 12:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daci\My Documents\My Received Files
[2012/07/04 12:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2012/07/04 12:56:13 | 000,041,472 | ---- | C] (Motorola Solutions, Inc.) -- C:\WINXP\System32\drivers\btmcom.sys
[2012/07/04 12:56:04 | 000,009,048 | ---- | C] (Motorola Solutions, Inc.) -- C:\WINXP\System32\btmsstverschk.dll
[2012/07/04 12:55:34 | 000,564,736 | ---- | C] (Motorola Solutions, Inc.) -- C:\WINXP\System32\drivers\btmusb.sys
[2012/07/04 12:55:34 | 000,317,272 | ---- | C] (Motorola Solutions, Inc.) -- C:\WINXP\System32\btmcls.dll
[2012/07/04 12:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012/07/04 12:54:00 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINXP\System32\CSVer.dll
[2012/07/04 12:52:50 | 000,000,000 | ---D | C] -- C:\Intel
[2012/07/04 12:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DriverGenius
[2012/07/04 12:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverGenius
[2012/07/04 12:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Genius Professional Edition
[2012/07/04 12:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
[2012/07/03 22:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daci\Application Data\DDMSettings
[2012/07/03 21:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daci\Application Data\DivX
[2012/07/03 21:30:22 | 002,120,176 | ---- | C] (Sonic Solutions) -- C:\WINXP\System32\pxsfs.dll
[2012/07/03 21:30:22 | 000,567,792 | ---- | C] (Sonic Solutions) -- C:\WINXP\System32\pxdrv.dll
[2012/07/03 21:30:22 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINXP\System32\pxafs.dll
[2012/07/03 21:30:22 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINXP\System32\pxinsi64.exe
[2012/07/03 21:30:22 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINXP\System32\pxcpyi64.exe
[2012/07/03 21:30:22 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINXP\System32\pxhpinst.exe
[2012/07/03 21:30:22 | 000,068,592 | ---- | C] (Sonic Solutions) -- C:\WINXP\System32\pxinsa64.exe
[2012/07/03 21:30:22 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINXP\System32\pxcpya64.exe
[2012/07/03 21:30:22 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINXP\System32\drivers\cdralw2k.sys
[2012/07/03 21:30:22 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINXP\System32\drivers\cdr4_xp.sys
[2012/07/03 21:30:21 | 000,698,864 | ---- | C] (Sonic Solutions) -- C:\WINXP\System32\px.dll
[2012/07/03 21:30:21 | 000,440,816 | ---- | C] (Sonic Solutions) -- C:\WINXP\System32\pxwave.dll
[2012/07/03 21:30:21 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINXP\System32\pxmas.dll
[2012/07/03 21:30:21 | 000,100,848 | ---- | C] (Sonic Solutions) -- C:\WINXP\System32\vxblock.dll
[2012/07/03 21:29:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2012/07/03 21:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2012/07/03 21:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/07/03 21:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2012/07/03 17:56:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daci\Local Settings\Application Data\ESET
[2012/06/29 10:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daci\Application Data\Google
[2012/06/29 10:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2012/06/29 10:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/06/25 12:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daci\Local Settings\Application Data\Apple Computer
[2012/06/25 12:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daci\Application Data\Apple Computer
[2012/06/25 12:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/06/25 12:09:07 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINXP\System32\GEARAspi.dll
[2012/06/25 12:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/25 12:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/25 12:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/06/25 12:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/06/25 12:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daci\Local Settings\Application Data\Apple
[2012/06/25 12:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/06/25 12:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012/06/25 12:06:19 | 004,547,944 | ---- | C] (Apple, Inc.) -- C:\WINXP\System32\usbaaplrc.dll
[2012/06/25 12:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/06/25 12:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple

========== Files - Modified Within 30 Days ==========

[2012/07/18 11:06:55 | 000,000,878 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/18 11:06:50 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2012/07/18 11:06:31 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2012/07/18 10:34:01 | 000,000,882 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/18 10:06:00 | 000,000,826 | ---- | M] () -- C:\WINXP\tasks\Adobe Flash Player Updater.job
[2012/07/18 09:59:35 | 000,128,000 | ---- | M] (Creative Technology) -- C:\Documents and Settings\Daci\Application Data\KB00373776.exe
[2012/07/18 09:08:02 | 000,000,284 | ---- | M] () -- C:\WINXP\tasks\AppleSoftwareUpdate.job
[2012/07/17 21:34:45 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Daci\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/17 18:37:09 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Daci\Desktop\Spybot - Search & Destroy.lnk
[2012/07/17 18:28:33 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Daci\Desktop\HiJackThis.lnk
[2012/07/17 18:02:03 | 000,000,370 | ---- | M] () -- C:\WINXP\tasks\MotoHelper Update.job
[2012/07/17 18:02:02 | 000,000,354 | ---- | M] () -- C:\WINXP\tasks\MotoHelper Routing.job
[2012/07/17 16:52:42 | 000,000,664 | ---- | M] () -- C:\WINXP\System32\d3d9caps.dat
[2012/07/13 14:15:07 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\Daci\Desktop\Magic APE FLAC CD Burner.lnk
[2012/07/11 18:06:50 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINXP\System32\FlashPlayerApp.exe
[2012/07/11 18:06:49 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINXP\System32\FlashPlayerCPLApp.cpl
[2012/07/09 22:37:43 | 000,056,312 | -H-- | M] () -- C:\WINXP\System32\mlfcache.dat
[2012/07/08 14:05:35 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\Daci\Desktop\Shortcut to Azureus.lnk
[2012/07/04 12:57:30 | 000,315,076 | ---- | M] () -- C:\WINXP\System32\perfh009.dat
[2012/07/04 12:57:30 | 000,041,238 | ---- | M] () -- C:\WINXP\System32\perfc009.dat
[2012/07/04 12:30:42 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2012/07/17 18:37:09 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Daci\Desktop\Spybot - Search & Destroy.lnk
[2012/07/17 18:28:23 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Daci\Desktop\HiJackThis.lnk
[2012/07/13 14:15:07 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\Daci\Desktop\Magic APE FLAC CD Burner.lnk
[2012/07/09 22:37:43 | 000,056,312 | -H-- | C] () -- C:\WINXP\System32\mlfcache.dat
[2012/07/08 14:05:35 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\Daci\Desktop\Shortcut to Azureus.lnk
[2012/06/29 10:50:53 | 000,000,882 | ---- | C] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/29 10:50:52 | 000,000,878 | ---- | C] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/25 12:06:38 | 000,000,284 | ---- | C] () -- C:\WINXP\tasks\AppleSoftwareUpdate.job
[2012/06/25 12:06:36 | 000,001,826 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/04/05 10:20:03 | 000,000,000 | ---- | C] () -- C:\WINXP\HPMProp.INI
[2012/03/12 14:38:50 | 000,002,427 | ---- | C] () -- C:\WINXP\System32\lgAxconfig.ini
[2012/02/15 18:10:07 | 000,003,072 | ---- | C] () -- C:\WINXP\System32\iacenc.dll
[2011/10/12 16:53:49 | 000,000,051 | ---- | C] () -- C:\WINXP\SW_Win3112X32.DLL
[2011/10/02 21:12:17 | 000,000,664 | ---- | C] () -- C:\WINXP\System32\d3d9caps.dat
[2011/09/14 20:13:23 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Daci\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/14 19:56:01 | 000,192,512 | ---- | C] () -- C:\WINXP\System32\stac97co.dll
[2011/09/14 18:15:12 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat
[2011/09/14 18:05:52 | 000,021,640 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat
[2011/09/14 10:59:04 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI
[2011/09/14 10:57:20 | 000,263,824 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT
[2010/12/09 07:15:41 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Daci\Local Settings\Application Data\{aa5548f4-d0d2-7525-29a9-a3c549fa588d}\@

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15B79D44

< End of report >


OTL Extras logfile created on: 7/18/2012 11:22:23 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Daci\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 58.32% Memory free
3.34 Gb Paging File | 2.88 Gb Available in Paging File | 86.18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 13.81 Gb Free Space | 24.71% Space Free | Partition Type: NTFS

Computer Name: DACI-3AF89A7F3F | User Name: Daci | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = TIPCI
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{61C3245C-40EF-4284-B59E-B1394BB47A6B}" = Media Downloader
"{6553F4A8-B67F-49BA-A882-FF499C83CF4B}" = 32 Bit HP CIO Components Installer
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = [email protected] ISO Burner
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{82CE6B7B-9665-4E29-8CE0-DD993484B38D}" = Intel® PROSet/Wireless WiFi Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{97F2E8BE-3018-47D2-BC2D-F0B5E92D1BF3}" = Motorola Mobile Drivers Installation 5.5.0
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers
"{B2B123D3-E780-4EB0-B540-18F5FCC6EFE9}_is1" = ISO Image Burner 1.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1" = Motorola Bluetooth
"5513-1208-7298-9440" = JDownloader 0.9
"8461-7759-5462-8226" = Vuze
"Abexo Free Registry Cleaner" = Abexo Free Registry Cleaner
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"DivX Setup" = DivX Setup
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Guitar Pro 5_is1" = Guitar Pro 5.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Magic APE FLAC CD Burner_is1" = Magic APE FLAC CD Burner 1.0
"MotoHelper" = MotoHelper 2.1.40 Driver 5.5.0
"Mozilla Firefox 14.0 (x86 en-US)" = Mozilla Firefox 14.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProInst" = Intel PROSet Wireless
"SopCast" = SopCast 3.5.0
"StreamTorrent 1.0" = StreamTorrent 1.0
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 2.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/15/2012 2:10:47 PM | Computer Name = DACI-3AF89A7F3F | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 12.0.0.4484, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/30/2012 9:02:34 PM | Computer Name = DACI-3AF89A7F3F | Source = Application Error | ID = 1000
Description = Faulting application pteditor.exe, version 1.7.0.80, faulting module
pteditor.exe, version 1.7.0.80, fault address 0x0007d1b3.

Error - 4/30/2012 9:04:35 PM | Computer Name = DACI-3AF89A7F3F | Source = Application Error | ID = 1000
Description = Faulting application pteditor.exe, version 1.7.0.80, faulting module
pteditor.exe, version 1.7.0.80, fault address 0x0007d1b3.

Error - 4/30/2012 9:04:45 PM | Computer Name = DACI-3AF89A7F3F | Source = Application Error | ID = 1001
Description = Fault bucket 04765193.

Error - 5/7/2012 6:08:02 PM | Computer Name = DACI-3AF89A7F3F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.23286, fault address 0x00067918.

Error - 5/7/2012 6:11:29 PM | Computer Name = DACI-3AF89A7F3F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.23286, fault address 0x00067918.

Error - 5/7/2012 6:12:07 PM | Computer Name = DACI-3AF89A7F3F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.23286, fault address 0x00067918.

Error - 6/24/2012 2:03:18 AM | Computer Name = DACI-3AF89A7F3F | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 14.0.0.4553, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/30/2012 10:43:30 PM | Computer Name = DACI-3AF89A7F3F | Source = Bonjour Service | ID = 100
Description =

Error - 7/4/2012 3:55:04 PM | Computer Name = DACI-3AF89A7F3F | Source = MsiInstaller | ID = 1013
Description = Product: Intel® PROSet/Wireless WiFi Software -- A newer product
version is already installed.

[ System Events ]
Error - 7/18/2012 1:49:40 PM | Computer Name = DACI-3AF89A7F3F | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 7/18/2012 1:49:40 PM | Computer Name = DACI-3AF89A7F3F | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/18/2012 1:49:43 PM | Computer Name = DACI-3AF89A7F3F | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 7/18/2012 1:49:43 PM | Computer Name = DACI-3AF89A7F3F | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 7/18/2012 1:49:43 PM | Computer Name = DACI-3AF89A7F3F | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 7/18/2012 2:06:36 PM | Computer Name = DACI-3AF89A7F3F | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 7/18/2012 2:06:36 PM | Computer Name = DACI-3AF89A7F3F | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/18/2012 2:06:44 PM | Computer Name = DACI-3AF89A7F3F | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 7/18/2012 2:06:44 PM | Computer Name = DACI-3AF89A7F3F | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 7/18/2012 2:06:44 PM | Computer Name = DACI-3AF89A7F3F | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.


< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    FF - prefs.js..browser.search.defaultthis.engineName: "vshare.tv Bar Customized Web Search"
    [2012/07/12 16:00:26 | 000,000,000 | ---D | M] (vshare.tv Community Toolbar) -- C:\Documents and Settings\Daci\Application Data\Mozilla\Firefox\Profiles\0n1jtlb4.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
    O4 - HKCU..\Run: [KB00373776.exe] C:\Documents and Settings\Daci\Application Data\KB00373776.exe (Creative Technology)
    [2012/07/17 17:58:48 | 000,128,000 | ---- | C] (Creative Technology) -- C:\Documents and Settings\Daci\Application Data\KB00373776.exe
    [2012/07/17 17:58:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Daci\Application Data\A3CB6C01

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\Daci\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk
    C:\Documents and Settings\Daci\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
liquidjo

liquidjo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Heres the OTL scan after the fixes. Combofix log coming asap.


OTL logfile created on: 7/18/2012 12:14:51 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Daci\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 61.89% Memory free
3.34 Gb Paging File | 2.92 Gb Available in Paging File | 87.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 14.01 Gb Free Space | 25.07% Space Free | Partition Type: NTFS

Computer Name: DACI-3AF89A7F3F | User Name: Daci | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/18 11:21:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daci\My Documents\Downloads\OTL.exe
PRC - [2012/07/11 18:12:12 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/04 12:55:24 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012/02/01 14:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012/02/01 14:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/20 11:28:46 | 000,452,656 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files\Motorola\Bluetooth\LEsrv.exe
PRC - [2011/07/20 11:28:38 | 001,376,304 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
PRC - [2011/07/20 11:28:30 | 000,948,272 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe
PRC - [2011/07/20 11:28:26 | 003,538,480 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
PRC - [2011/06/17 19:29:56 | 000,566,832 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe
PRC - [2009/11/03 16:48:54 | 000,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/11/03 16:45:52 | 000,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2009/11/03 16:45:48 | 001,372,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/11/03 16:42:00 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/11/03 16:35:14 | 001,202,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/11/03 16:33:48 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe
PRC - [2005/10/07 14:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 16:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/28 23:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/11 18:12:11 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/07/11 18:06:49 | 009,465,032 | ---- | M] () -- C:\WINXP\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/01 14:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2012/02/01 14:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/11/03 16:35:46 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2012/07/11 18:12:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/11 18:06:50 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/04 12:55:24 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/02/01 14:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/07/20 11:28:46 | 000,452,656 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\LEsrv.exe -- (Bluetooth Low Energy Service)
SRV - [2011/07/20 11:28:30 | 000,948,272 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV - [2011/07/20 11:28:26 | 003,538,480 | ---- | M] (Motorola Solutions, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV - [2011/06/17 19:29:56 | 000,566,832 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2009/11/03 16:48:54 | 000,874,768 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/11/03 16:45:52 | 000,348,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2009/11/03 16:42:00 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/11/03 16:33:48 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Daci\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/02/15 22:57:28 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINXP\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/01/25 13:57:48 | 000,024,192 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2011/10/25 17:25:47 | 000,237,096 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2011/07/25 19:09:16 | 000,564,736 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\btmusb.sys -- (BTMUSB)
DRV - [2011/02/22 17:51:28 | 000,041,472 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\btmcom.sys -- (BTMCOM)
DRV - [2009/11/11 05:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2009/05/08 11:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/04/06 15:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/09/28 20:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\STAC97.sys -- (STAC97)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE C3 D3 32 50 73 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6C59297E-BFFE-4E6A-0BF5-4187155432D8}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKCU\..\SearchScopes\{CE3A3FD1-0A27-07DC-3FED-9D0FBEBC1CD0}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://us.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {7aeb3efd-e564-43f1-b658-5058a7c5743b}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.1.20110906100327
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20111020&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/03 21:30:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/11 18:12:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/19 13:52:03 | 000,000,000 | ---D | M]

[2011/10/17 14:17:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daci\Application Data\Mozilla\Extensions
[2012/07/12 16:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daci\Application Data\Mozilla\Firefox\Profiles\0n1jtlb4.default\extensions
[2012/05/18 18:08:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Daci\Application Data\Mozilla\Firefox\Profiles\0n1jtlb4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/07/12 16:00:31 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Documents and Settings\Daci\Application Data\Mozilla\Firefox\Profiles\0n1jtlb4.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/10/19 19:45:06 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Daci\Application Data\Mozilla\Firefox\Profiles\0n1jtlb4.default\searchplugins\bing-zugo.xml
[2011/09/27 15:24:04 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Daci\Application Data\Mozilla\Firefox\Profiles\0n1jtlb4.default\searchplugins\conduit.xml
[2012/02/17 01:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/11 18:12:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/03/22 17:29:05 | 001,184,804 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DACI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0N1JTLB4.DEFAULT\EXTENSIONS\[email protected]
[2012/07/11 18:12:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/15 18:10:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/09 06:53:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/09 06:53:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT2818425
CHR - default_search_provider: suggest_url = http://search.conduit.com/
CHR - homepage: http://www.msn.com/?...l_date=20110928
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Daci\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINXP\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Daci\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Daci\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Daci\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Vuze Remote = C:\Documents and Settings\Daci\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.0.1.4_0\

O1 HOSTS File: ([2012/07/18 12:07:59 | 000,000,098 | ---- | M]) - C:\WINXP\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINXP\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola Solutions, Inc.)
O4 - HKLM..\Run: [BYR_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1530C061-CE33-43A1-B58D-A7E0422764EB}: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Daci\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daci\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/14 18:10:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0160ff6e-713b-11e1-8fa4-0016415d36c8}\Shell - "" = AutoRun
O33 - MountPoints2\{0160ff6e-713b-11e1-8fa4-0016415d36c8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5585f0f8-a429-11e1-8fdc-0016415d36c8}\Shell - "" = AutoRun
O33 - MountPoints2\{5585f0f8-a429-11e1-8fdc-0016415d36c8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{96e9165c-6c8b-11e1-8f98-0016415d36c8}\Shell - "" = AutoRun
O33 - MountPoints2\{96e9165c-6c8b-11e1-8f98-0016415d36c8}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/18 12:07:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/18 11:52:45 | 004,582,182 | ---- | C] (Swearware) -- C:\Documents and Settings\Daci\Desktop\ComboFix.exe
[2012/07/18 10:36:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/18 01:46:00 | 000,000,000 | ---D | C] -- C:\WINXP\System32\LogFiles
[2012/07/17 18:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/17 18:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/07/17 18:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/07/17 18:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daci\Start Menu\Programs\HiJackThis
[2012/07/17 18:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/07/16 16:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/07/16 16:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/07/16 10:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/07/16 10:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/07/16 10:00:28 | 000,000,000 | -HSD | C] -- C:\WINXP\assembly
[2012/07/13 14:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Magic APE FLAC CD Burner
[2012/07/13 14:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Magic APE FLAC CD Burner
[2012/07/12 18:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daci\Desktop\Mongol
[2012/07/11 09:08:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2012/07/10 17:12:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Daci\Recent
[2012/07/04 12:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daci\My Documents\My Received Files
[2012/07/04 12:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2012/07/04 12:56:13 | 000,041,472 | ---- | C] (Motorola Solutions, Inc.) -- C:\WINXP\System32\drivers\btmcom.sys
[2012/07/04 12:56:04 | 000,009,048 | ---- | C] (Motorola Solutions, Inc.) -- C:\WINXP\System32\btmsstverschk.dll
[2012/07/04 12:55:34 | 000,564,736 | ---- | C] (Motorola Solutions, Inc.) -- C:\WINXP\System32\drivers\btmusb.sys
[2012/07/04 12:55:34 | 000,317,272 | ---- | C] (Motorola Solutions, Inc.) -- C:\WINXP\System32\btmcls.dll
[2012/07/04 12:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012/07/04 12:54:00 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINXP\System32\CSVer.dll
[2012/07/04 12:52:50 | 000,000,000 | ---D | C] -- C:\Intel
[2012/07/04 12:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DriverGenius
[2012/07/04 12:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverGenius
[2012/07/04 12:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Genius Professional Edition
[2012/07/04 12:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
[2012/07/03 22:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daci\Application Data\DDMSettings
[2012/07/03 21:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daci\Application Data\DivX
[2012/07/03 21:29:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2012/07/03 21:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2012/07/03 21:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/07/03 21:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2012/07/03 17:56:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daci\Local Settings\Application Data\ESET
[2012/06/29 10:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daci\Application Data\Google
[2012/06/29 10:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2012/06/29 10:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/06/25 12:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daci\Local Settings\Application Data\Apple Computer
[2012/06/25 12:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daci\Application Data\Apple Computer
[2012/06/25 12:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/06/25 12:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/25 12:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/25 12:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/06/25 12:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/06/25 12:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daci\Local Settings\Application Data\Apple
[2012/06/25 12:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/06/25 12:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012/06/25 12:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/06/25 12:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple

========== Files - Modified Within 30 Days ==========

[2012/07/18 12:09:25 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2012/07/18 12:09:24 | 000,000,878 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/18 12:09:14 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2012/07/18 12:07:59 | 000,000,098 | ---- | M] () -- C:\WINXP\System32\drivers\etc\Hosts
[2012/07/18 12:06:15 | 000,000,826 | ---- | M] () -- C:\WINXP\tasks\Adobe Flash Player Updater.job
[2012/07/18 11:53:21 | 004,582,182 | ---- | M] (Swearware) -- C:\Documents and Settings\Daci\Desktop\ComboFix.exe
[2012/07/18 11:34:00 | 000,000,882 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/18 09:08:02 | 000,000,284 | ---- | M] () -- C:\WINXP\tasks\AppleSoftwareUpdate.job
[2012/07/17 21:34:45 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Daci\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/17 18:37:09 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Daci\Desktop\Spybot - Search & Destroy.lnk
[2012/07/17 18:28:33 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Daci\Desktop\HiJackThis.lnk
[2012/07/17 18:02:03 | 000,000,370 | ---- | M] () -- C:\WINXP\tasks\MotoHelper Update.job
[2012/07/17 18:02:02 | 000,000,354 | ---- | M] () -- C:\WINXP\tasks\MotoHelper Routing.job
[2012/07/17 16:52:42 | 000,000,664 | ---- | M] () -- C:\WINXP\System32\d3d9caps.dat
[2012/07/13 14:15:07 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\Daci\Desktop\Magic APE FLAC CD Burner.lnk
[2012/07/09 22:37:43 | 000,056,312 | -H-- | M] () -- C:\WINXP\System32\mlfcache.dat
[2012/07/08 14:05:35 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\Daci\Desktop\Shortcut to Azureus.lnk
[2012/07/04 12:57:30 | 000,315,076 | ---- | M] () -- C:\WINXP\System32\perfh009.dat
[2012/07/04 12:57:30 | 000,041,238 | ---- | M] () -- C:\WINXP\System32\perfc009.dat
[2012/07/04 12:30:42 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2012/07/17 18:37:09 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Daci\Desktop\Spybot - Search & Destroy.lnk
[2012/07/17 18:28:23 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Daci\Desktop\HiJackThis.lnk
[2012/07/13 14:15:07 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\Daci\Desktop\Magic APE FLAC CD Burner.lnk
[2012/07/09 22:37:43 | 000,056,312 | -H-- | C] () -- C:\WINXP\System32\mlfcache.dat
[2012/07/08 14:05:35 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\Daci\Desktop\Shortcut to Azureus.lnk
[2012/06/29 10:50:53 | 000,000,882 | ---- | C] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/29 10:50:52 | 000,000,878 | ---- | C] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/25 12:06:38 | 000,000,284 | ---- | C] () -- C:\WINXP\tasks\AppleSoftwareUpdate.job
[2012/06/25 12:06:36 | 000,001,826 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/04/05 10:20:03 | 000,000,000 | ---- | C] () -- C:\WINXP\HPMProp.INI
[2012/03/12 14:38:50 | 000,002,427 | ---- | C] () -- C:\WINXP\System32\lgAxconfig.ini
[2012/02/15 18:10:07 | 000,003,072 | ---- | C] () -- C:\WINXP\System32\iacenc.dll
[2011/10/12 16:53:49 | 000,000,051 | ---- | C] () -- C:\WINXP\SW_Win3112X32.DLL
[2011/10/02 21:12:17 | 000,000,664 | ---- | C] () -- C:\WINXP\System32\d3d9caps.dat
[2011/09/14 20:13:23 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Daci\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/14 19:56:01 | 000,192,512 | ---- | C] () -- C:\WINXP\System32\stac97co.dll
[2011/09/14 18:15:12 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat
[2011/09/14 18:05:52 | 000,021,640 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat
[2011/09/14 10:59:04 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI
[2011/09/14 10:57:20 | 000,263,824 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT
[2010/12/09 07:15:41 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Daci\Local Settings\Application Data\{aa5548f4-d0d2-7525-29a9-a3c549fa588d}\@

========== LOP Check ==========

[2012/07/04 12:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverGenius
[2011/11/11 21:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Guitar Pro 6
[2012/03/12 14:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2012/06/08 21:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/25 12:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/07/18 10:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daci\Application Data\Azureus
[2012/07/03 22:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daci\Application Data\DDMSettings
[2012/04/27 10:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daci\Application Data\FreeBurner
[2012/05/11 15:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daci\Application Data\Guitar Pro 6
[2012/03/19 18:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daci\Application Data\Motorola
[2012/05/07 15:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daci\Application Data\PriceGong
[2011/10/02 11:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daci\Application Data\StreamTorrent
[2012/07/17 18:02:02 | 000,000,354 | ---- | M] () -- C:\WINXP\Tasks\MotoHelper Routing.job
[2012/07/17 18:02:03 | 000,000,370 | ---- | M] () -- C:\WINXP\Tasks\MotoHelper Update.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15B79D44

< End of report >
  • 0

#4
liquidjo

liquidjo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I ran Combofix, it started up , but it keeps stalling at the Autoscan window that says "scan might take 10 minutes, maybe longer if it is badly infected". It just stays there.
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK change of tack

First we will check the MBR

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

Then we will retry combofix but with a difference

Delete your current copy of combofix
Download a fresh copy but this time rename it to Gotcha when you download it
Then run the renamed combofix
  • 0

#6
liquidjo

liquidjo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
16:43:15.0468 0628 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
16:43:16.0015 0628 ============================================================
16:43:16.0015 0628 Current date / time: 2012/07/19 16:43:16.0015
16:43:16.0015 0628 SystemInfo:
16:43:16.0015 0628
16:43:16.0015 0628 OS Version: 5.1.2600 ServicePack: 3.0
16:43:16.0015 0628 Product type: Workstation
16:43:16.0015 0628 ComputerName: DACI-3AF89A7F3F
16:43:16.0015 0628 UserName: Daci
16:43:16.0015 0628 Windows directory: C:\WINXP
16:43:16.0015 0628 System windows directory: C:\WINXP
16:43:16.0015 0628 Processor architecture: Intel x86
16:43:16.0015 0628 Number of processors: 1
16:43:16.0015 0628 Page size: 0x1000
16:43:16.0015 0628 Boot type: Normal boot
16:43:16.0015 0628 ============================================================
16:43:18.0250 0628 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:43:18.0250 0628 ============================================================
16:43:18.0250 0628 \Device\Harddisk0\DR0:
16:43:18.0250 0628 MBR partitions:
16:43:18.0250 0628 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
16:43:18.0250 0628 ============================================================
16:43:18.0265 0628 C: <-> \Device\Harddisk0\DR0\Partition0
16:43:18.0265 0628 ============================================================
16:43:18.0265 0628 Initialize success
16:43:18.0265 0628 ============================================================
16:43:49.0593 2696 ============================================================
16:43:49.0593 2696 Scan started
16:43:49.0593 2696 Mode: Manual; SigCheck; TDLFS;
16:43:49.0593 2696 ============================================================
16:43:49.0984 2696 Abiosdsk - ok
16:43:50.0000 2696 abp480n5 - ok
16:43:50.0078 2696 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINXP\system32\DRIVERS\ACPI.sys
16:43:52.0437 2696 ACPI - ok
16:43:52.0468 2696 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINXP\system32\drivers\ACPIEC.sys
16:43:52.0656 2696 ACPIEC - ok
16:43:52.0765 2696 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:43:52.0781 2696 AdobeFlashPlayerUpdateSvc - ok
16:43:52.0796 2696 adpu160m - ok
16:43:52.0859 2696 aec (8bed39e3c35d6a489438b8141717a557) C:\WINXP\system32\drivers\aec.sys
16:43:53.0031 2696 aec - ok
16:43:53.0093 2696 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINXP\System32\drivers\afd.sys
16:43:53.0156 2696 AFD - ok
16:43:53.0156 2696 Aha154x - ok
16:43:53.0156 2696 aic78u2 - ok
16:43:53.0171 2696 aic78xx - ok
16:43:53.0203 2696 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINXP\system32\alrsvc.dll
16:43:53.0375 2696 Alerter - ok
16:43:53.0406 2696 ALG (8c515081584a38aa007909cd02020b3d) C:\WINXP\System32\alg.exe
16:43:53.0484 2696 ALG - ok
16:43:53.0500 2696 AliIde - ok
16:43:53.0500 2696 amsint - ok
16:43:53.0562 2696 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINXP\system32\DRIVERS\Apfiltr.sys
16:43:53.0609 2696 ApfiltrService - ok
16:43:53.0734 2696 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:43:53.0750 2696 Apple Mobile Device - ok
16:43:53.0796 2696 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINXP\System32\appmgmts.dll
16:43:53.0890 2696 AppMgmt - ok
16:43:53.0890 2696 asc - ok
16:43:53.0906 2696 asc3350p - ok
16:43:53.0906 2696 asc3550 - ok
16:43:53.0953 2696 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINXP\system32\DRIVERS\asyncmac.sys
16:43:54.0109 2696 AsyncMac - ok
16:43:54.0140 2696 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINXP\system32\DRIVERS\atapi.sys
16:43:54.0296 2696 atapi - ok
16:43:54.0296 2696 Atdisk - ok
16:43:54.0343 2696 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINXP\system32\DRIVERS\atmarpc.sys
16:43:54.0484 2696 Atmarpc - ok
16:43:54.0515 2696 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINXP\System32\audiosrv.dll
16:43:54.0671 2696 AudioSrv - ok
16:43:54.0718 2696 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINXP\system32\DRIVERS\audstub.sys
16:43:54.0875 2696 audstub - ok
16:43:54.0937 2696 b57w2k (6f7911f3e674363a91541e097f49b633) C:\WINXP\system32\DRIVERS\b57xp32.sys
16:43:55.0015 2696 b57w2k - ok
16:43:55.0046 2696 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINXP\system32\drivers\Beep.sys
16:43:55.0187 2696 Beep - ok
16:43:55.0250 2696 BITS (574738f61fca2935f5265dc4e5691314) C:\WINXP\system32\qmgr.dll
16:43:55.0515 2696 BITS - ok
16:43:55.0859 2696 Bluetooth Device Manager (b32c5d84e9a52372327c6b033c3d59b6) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
16:43:56.0171 2696 Bluetooth Device Manager - ok
16:43:56.0281 2696 Bluetooth Low Energy Service (54a84bc363f697785b54f990960d68d8) C:\Program Files\Motorola\Bluetooth\LEsrv.exe
16:43:56.0328 2696 Bluetooth Low Energy Service - ok
16:43:56.0421 2696 Bluetooth Media Service (12dea7dbdb89ba39b4d0a86a7c4ae3fe) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
16:43:56.0500 2696 Bluetooth Media Service - ok
16:43:56.0578 2696 Bluetooth OBEX Service (e9d366d4365ea9775a03aa569a151bfe) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
16:43:56.0640 2696 Bluetooth OBEX Service - ok
16:43:56.0828 2696 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINXP\System32\browser.dll
16:43:56.0984 2696 Browser - ok
16:43:57.0031 2696 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINXP\system32\DRIVERS\BthEnum.sys
16:43:57.0187 2696 BthEnum - ok
16:43:57.0234 2696 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINXP\system32\DRIVERS\bthpan.sys
16:43:57.0375 2696 BthPan - ok
16:43:57.0453 2696 BTHPORT (51d05d5a8a7d93ab0b1a8d6a38db3ca4) C:\WINXP\system32\Drivers\BTHport.sys
16:43:57.0546 2696 BTHPORT - ok
16:43:57.0562 2696 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINXP\System32\bthserv.dll
16:43:57.0718 2696 BthServ - ok
16:43:57.0734 2696 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINXP\system32\Drivers\BTHUSB.sys
16:43:57.0890 2696 BTHUSB - ok
16:43:57.0937 2696 BTMCOM (daee018ea8d4faf49a7c90698865dc53) C:\WINXP\system32\Drivers\btmcom.sys
16:43:57.0984 2696 BTMCOM - ok
16:43:58.0046 2696 BTMUSB (843770815cbde9ebe03d9a0d741524b7) C:\WINXP\system32\Drivers\btmusb.sys
16:43:58.0109 2696 BTMUSB - ok
16:43:58.0218 2696 catchme - ok
16:43:58.0265 2696 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINXP\system32\drivers\cbidf2k.sys
16:43:58.0437 2696 cbidf2k - ok
16:43:58.0437 2696 cd20xrnt - ok
16:43:58.0484 2696 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINXP\system32\drivers\Cdaudio.sys
16:43:58.0640 2696 Cdaudio - ok
16:43:58.0687 2696 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINXP\system32\drivers\Cdfs.sys
16:43:58.0843 2696 Cdfs - ok
16:43:58.0875 2696 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINXP\system32\DRIVERS\cdrom.sys
16:43:59.0031 2696 Cdrom - ok
16:43:59.0046 2696 Changer - ok
16:43:59.0078 2696 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINXP\system32\cisvc.exe
16:43:59.0250 2696 CiSvc - ok
16:43:59.0281 2696 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINXP\system32\clipsrv.exe
16:43:59.0437 2696 ClipSrv - ok
16:43:59.0468 2696 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINXP\system32\DRIVERS\CmBatt.sys
16:43:59.0625 2696 CmBatt - ok
16:43:59.0640 2696 CmdIde - ok
16:43:59.0656 2696 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINXP\system32\DRIVERS\compbatt.sys
16:43:59.0796 2696 Compbatt - ok
16:43:59.0812 2696 COMSysApp - ok
16:43:59.0812 2696 Cpqarray - ok
16:43:59.0859 2696 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINXP\System32\cryptsvc.dll
16:44:00.0000 2696 CryptSvc - ok
16:44:00.0015 2696 dac2w2k - ok
16:44:00.0015 2696 dac960nt - ok
16:44:00.0093 2696 DcomLaunch (9222562d44021b988b9f9f62207fb6f2) C:\WINXP\system32\rpcss.dll
16:44:00.0218 2696 DcomLaunch - ok
16:44:00.0281 2696 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINXP\System32\dhcpcsvc.dll
16:44:00.0421 2696 Dhcp - ok
16:44:00.0468 2696 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINXP\system32\DRIVERS\disk.sys
16:44:00.0625 2696 Disk - ok
16:44:00.0640 2696 dmadmin - ok
16:44:00.0703 2696 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINXP\system32\drivers\dmboot.sys
16:44:00.0890 2696 dmboot - ok
16:44:00.0953 2696 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINXP\system32\drivers\dmio.sys
16:44:01.0125 2696 dmio - ok
16:44:01.0156 2696 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINXP\system32\drivers\dmload.sys
16:44:01.0328 2696 dmload - ok
16:44:01.0343 2696 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINXP\System32\dmserver.dll
16:44:01.0500 2696 dmserver - ok
16:44:01.0562 2696 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINXP\system32\drivers\DMusic.sys
16:44:01.0734 2696 DMusic - ok
16:44:01.0765 2696 Dnscache (d977659ae4d8ece5286d99d1ed34614d) C:\WINXP\System32\dnsrslvr.dll
16:44:01.0859 2696 Dnscache - ok
16:44:01.0906 2696 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINXP\System32\dot3svc.dll
16:44:02.0078 2696 Dot3svc - ok
16:44:02.0140 2696 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINXP\system32\DRIVERS\Dot4.sys
16:44:02.0281 2696 dot4 - ok
16:44:02.0312 2696 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINXP\system32\DRIVERS\Dot4Prt.sys
16:44:02.0468 2696 Dot4Print - ok
16:44:02.0515 2696 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINXP\system32\DRIVERS\dot4usb.sys
16:44:02.0656 2696 dot4usb - ok
16:44:02.0671 2696 dpti2o - ok
16:44:02.0718 2696 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINXP\system32\drivers\drmkaud.sys
16:44:02.0890 2696 drmkaud - ok
16:44:02.0921 2696 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINXP\System32\eapsvc.dll
16:44:03.0062 2696 EapHost - ok
16:44:03.0109 2696 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINXP\System32\ersvc.dll
16:44:03.0234 2696 ERSvc - ok
16:44:03.0281 2696 Eventlog (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINXP\system32\services.exe
16:44:03.0328 2696 Eventlog - ok
16:44:03.0375 2696 EventSystem (f17f6226bdc0cd5f0bef0daf84d29bec) C:\WINXP\system32\es.dll
16:44:03.0421 2696 EventSystem - ok
16:44:03.0640 2696 EvtEng (c37b83b51cdf10e5bb6f78a7e4fed11a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:44:03.0718 2696 EvtEng - ok
16:44:03.0796 2696 Fastfat (38d332a6d56af32635675f132548343e) C:\WINXP\system32\drivers\Fastfat.sys
16:44:03.0968 2696 Fastfat - ok
16:44:04.0015 2696 FastUserSwitchingCompatibility (888cd7b39c37e13a2419becfaaf0a28c) C:\WINXP\System32\shsvcs.dll
16:44:04.0078 2696 FastUserSwitchingCompatibility - ok
16:44:04.0125 2696 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINXP\system32\drivers\Fdc.sys
16:44:04.0281 2696 Fdc - ok
16:44:04.0312 2696 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINXP\system32\drivers\Fips.sys
16:44:04.0468 2696 Fips - ok
16:44:04.0546 2696 FLEXnet Licensing Service (3d9b36631032fde0ffea0dc0260e4e35) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:44:04.0609 2696 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
16:44:04.0609 2696 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
16:44:04.0609 2696 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINXP\system32\drivers\Flpydisk.sys
16:44:04.0750 2696 Flpydisk - ok
16:44:04.0812 2696 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINXP\system32\DRIVERS\fltMgr.sys
16:44:04.0968 2696 FltMgr - ok
16:44:05.0031 2696 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINXP\system32\drivers\Fs_Rec.sys
16:44:05.0187 2696 Fs_Rec - ok
16:44:05.0234 2696 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINXP\system32\DRIVERS\ftdisk.sys
16:44:05.0359 2696 Ftdisk - ok
16:44:05.0421 2696 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINXP\system32\DRIVERS\GEARAspiWDM.sys
16:44:05.0421 2696 GEARAspiWDM - ok
16:44:05.0484 2696 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINXP\system32\DRIVERS\msgpc.sys
16:44:05.0640 2696 Gpc - ok
16:44:05.0671 2696 GTIPCI21 (ca835331825599b938e37525796d3549) C:\WINXP\system32\DRIVERS\gtipci21.sys
16:44:05.0765 2696 GTIPCI21 - ok
16:44:05.0843 2696 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
16:44:05.0859 2696 gupdate - ok
16:44:05.0875 2696 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
16:44:05.0890 2696 gupdatem - ok
16:44:05.0984 2696 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:44:06.0156 2696 helpsvc - ok
16:44:06.0203 2696 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINXP\System32\hidserv.dll
16:44:06.0343 2696 HidServ - ok
16:44:06.0390 2696 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINXP\system32\DRIVERS\hidusb.sys
16:44:06.0562 2696 HidUsb - ok
16:44:06.0593 2696 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINXP\System32\kmsvc.dll
16:44:06.0781 2696 hkmsvc - ok
16:44:06.0781 2696 hpn - ok
16:44:06.0843 2696 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINXP\system32\DRIVERS\HSFHWICH.sys
16:44:06.0890 2696 HSFHWICH - ok
16:44:07.0000 2696 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINXP\system32\DRIVERS\HSF_DPV.SYS
16:44:07.0109 2696 HSF_DPV - ok
16:44:07.0203 2696 HTTP (937031c085718c1c04a9c0864625ec6b) C:\WINXP\system32\Drivers\HTTP.sys
16:44:07.0265 2696 HTTP - ok
16:44:07.0328 2696 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINXP\System32\w3ssl.dll
16:44:07.0468 2696 HTTPFilter - ok
16:44:07.0484 2696 i2omgmt - ok
16:44:07.0484 2696 i2omp - ok
16:44:07.0531 2696 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINXP\system32\DRIVERS\i8042prt.sys
16:44:07.0703 2696 i8042prt - ok
16:44:07.0812 2696 ialm (643162fbc619e35d3f1a90a095a5bb42) C:\WINXP\system32\DRIVERS\ialmnt5.sys
16:44:07.0984 2696 ialm - ok
16:44:08.0015 2696 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINXP\system32\DRIVERS\imapi.sys
16:44:08.0187 2696 Imapi - ok
16:44:08.0265 2696 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINXP\system32\imapi.exe
16:44:08.0406 2696 ImapiService - ok
16:44:08.0421 2696 ini910u - ok
16:44:08.0484 2696 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINXP\system32\DRIVERS\intelide.sys
16:44:08.0656 2696 IntelIde - ok
16:44:08.0687 2696 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINXP\system32\DRIVERS\intelppm.sys
16:44:08.0843 2696 intelppm - ok
16:44:08.0875 2696 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINXP\system32\DRIVERS\Ip6Fw.sys
16:44:09.0031 2696 Ip6Fw - ok
16:44:09.0062 2696 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINXP\system32\DRIVERS\ipfltdrv.sys
16:44:09.0234 2696 IpFilterDriver - ok
16:44:09.0250 2696 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINXP\system32\DRIVERS\ipinip.sys
16:44:09.0390 2696 IpInIp - ok
16:44:09.0421 2696 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINXP\system32\DRIVERS\ipnat.sys
16:44:09.0593 2696 IpNat - ok
16:44:09.0734 2696 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
16:44:09.0796 2696 iPod Service - ok
16:44:09.0875 2696 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINXP\system32\DRIVERS\ipsec.sys
16:44:10.0015 2696 IPSec - ok
16:44:10.0031 2696 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINXP\system32\DRIVERS\irenum.sys
16:44:10.0109 2696 IRENUM - ok
16:44:10.0187 2696 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINXP\system32\DRIVERS\isapnp.sys
16:44:10.0359 2696 isapnp - ok
16:44:10.0484 2696 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
16:44:10.0500 2696 JavaQuickStarterService - ok
16:44:10.0531 2696 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINXP\system32\DRIVERS\kbdclass.sys
16:44:10.0687 2696 Kbdclass - ok
16:44:10.0734 2696 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINXP\system32\DRIVERS\kbdhid.sys
16:44:10.0875 2696 kbdhid - ok
16:44:10.0937 2696 kmixer (692bcf44383d056aed41b045a323d378) C:\WINXP\system32\drivers\kmixer.sys
16:44:11.0109 2696 kmixer - ok
16:44:11.0187 2696 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINXP\system32\drivers\KSecDD.sys
16:44:11.0328 2696 KSecDD - ok
16:44:11.0390 2696 LanmanServer (3695b8d03745b2f8022b161238347a9d) C:\WINXP\System32\srvsvc.dll
16:44:11.0453 2696 LanmanServer - ok
16:44:11.0500 2696 lanmanworkstation (3b9324d60dd321bab7bf6f77931d3fd1) C:\WINXP\System32\wkssvc.dll
16:44:11.0531 2696 lanmanworkstation - ok
16:44:11.0546 2696 lbrtfdc - ok
16:44:11.0578 2696 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINXP\System32\lmhsvc.dll
16:44:11.0718 2696 LmHosts - ok
16:44:11.0781 2696 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINXP\system32\DRIVERS\mdmxsdk.sys
16:44:11.0812 2696 mdmxsdk - ok
16:44:11.0859 2696 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINXP\System32\msgsvc.dll
16:44:11.0984 2696 Messenger - ok
16:44:12.0125 2696 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
16:44:12.0125 2696 Microsoft Office Groove Audit Service - ok
16:44:12.0187 2696 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINXP\system32\drivers\mnmdd.sys
16:44:12.0328 2696 mnmdd - ok
16:44:12.0375 2696 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINXP\system32\mnmsrvc.exe
16:44:12.0531 2696 mnmsrvc - ok
16:44:12.0578 2696 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINXP\system32\drivers\Modem.sys
16:44:12.0734 2696 Modem - ok
16:44:12.0781 2696 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINXP\system32\DRIVERS\motodrv.sys
16:44:12.0875 2696 MotDev - ok
16:44:12.0906 2696 motmodem (11b8118f538b579488e7645b2578e544) C:\WINXP\system32\DRIVERS\motmodem.sys
16:44:12.0984 2696 motmodem - ok
16:44:13.0093 2696 MotoHelper (290750346f5937b02f62594b8eb03215) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
16:44:13.0109 2696 MotoHelper - ok
16:44:13.0187 2696 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINXP\system32\DRIVERS\mouclass.sys
16:44:13.0328 2696 Mouclass - ok
16:44:13.0359 2696 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINXP\system32\DRIVERS\mouhid.sys
16:44:13.0500 2696 mouhid - ok
16:44:13.0546 2696 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINXP\system32\drivers\MountMgr.sys
16:44:13.0703 2696 MountMgr - ok
16:44:13.0796 2696 MozillaMaintenance (864c02d08f2f641491fe5b4c004f8980) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:44:13.0796 2696 MozillaMaintenance - ok
16:44:13.0812 2696 mraid35x - ok
16:44:13.0859 2696 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINXP\system32\DRIVERS\mrxdav.sys
16:44:14.0000 2696 MRxDAV - ok
16:44:14.0093 2696 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINXP\system32\DRIVERS\mrxsmb.sys
16:44:14.0171 2696 MRxSmb - ok
16:44:14.0234 2696 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINXP\system32\msdtc.exe
16:44:14.0406 2696 MSDTC - ok
16:44:14.0406 2696 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINXP\system32\drivers\Msfs.sys
16:44:14.0593 2696 Msfs - ok
16:44:14.0593 2696 MSIServer - ok
16:44:14.0656 2696 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINXP\system32\drivers\MSKSSRV.sys
16:44:14.0812 2696 MSKSSRV - ok
16:44:14.0843 2696 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINXP\system32\drivers\MSPCLOCK.sys
16:44:14.0984 2696 MSPCLOCK - ok
16:44:14.0984 2696 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINXP\system32\drivers\MSPQM.sys
16:44:15.0156 2696 MSPQM - ok
16:44:15.0234 2696 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINXP\system32\DRIVERS\mssmbios.sys
16:44:15.0375 2696 mssmbios - ok
16:44:15.0406 2696 Mup (f7b1ad991491f02af6da70b00b8bf114) C:\WINXP\system32\drivers\Mup.sys
16:44:15.0453 2696 Mup - ok
16:44:15.0484 2696 napagent (0102140028fad045756796e1c685d695) C:\WINXP\System32\qagentrt.dll
16:44:15.0640 2696 napagent - ok
16:44:15.0687 2696 NDIS (1df7f42665c94b825322fae71721130d) C:\WINXP\system32\drivers\NDIS.sys
16:44:15.0843 2696 NDIS - ok
16:44:15.0890 2696 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINXP\system32\DRIVERS\ndistapi.sys
16:44:15.0921 2696 NdisTapi - ok
16:44:15.0937 2696 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINXP\system32\DRIVERS\ndisuio.sys
16:44:16.0062 2696 Ndisuio - ok
16:44:16.0078 2696 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINXP\system32\DRIVERS\ndiswan.sys
16:44:16.0250 2696 NdisWan - ok
16:44:16.0250 2696 NDProxy (816460bd4b4acd27937d1d0813e2e9e9) C:\WINXP\system32\drivers\NDProxy.sys
16:44:16.0312 2696 NDProxy - ok
16:44:16.0375 2696 Net Driver HPZ12 (f7c14f5077bf2bc476c348b88a7f74e2) C:\WINXP\system32\HPZinw12.dll
16:44:16.0390 2696 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:44:16.0390 2696 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:44:16.0421 2696 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINXP\system32\DRIVERS\netbios.sys
16:44:16.0562 2696 NetBIOS - ok
16:44:16.0593 2696 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINXP\system32\DRIVERS\netbt.sys
16:44:16.0750 2696 NetBT - ok
16:44:16.0796 2696 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINXP\system32\netdde.exe
16:44:16.0968 2696 NetDDE - ok
16:44:16.0968 2696 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINXP\system32\netdde.exe
16:44:17.0109 2696 NetDDEdsdm - ok
16:44:17.0187 2696 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINXP\system32\lsass.exe
16:44:17.0343 2696 Netlogon - ok
16:44:17.0375 2696 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINXP\System32\netman.dll
16:44:17.0546 2696 Netman - ok
16:44:17.0578 2696 Nla (fcee5fcb99f7c724593365c706d28388) C:\WINXP\System32\mswsock.dll
16:44:17.0625 2696 Nla - ok
16:44:17.0640 2696 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINXP\system32\drivers\Npfs.sys
16:44:17.0781 2696 Npfs - ok
16:44:17.0828 2696 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINXP\system32\drivers\Ntfs.sys
16:44:18.0031 2696 Ntfs - ok
16:44:18.0031 2696 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINXP\system32\lsass.exe
16:44:18.0187 2696 NtLmSsp - ok
16:44:18.0250 2696 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINXP\system32\ntmssvc.dll
16:44:18.0406 2696 NtmsSvc - ok
16:44:18.0453 2696 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINXP\system32\drivers\Null.sys
16:44:18.0609 2696 Null - ok
16:44:18.0640 2696 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINXP\system32\DRIVERS\nwlnkflt.sys
16:44:18.0765 2696 NwlnkFlt - ok
16:44:18.0781 2696 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINXP\system32\DRIVERS\nwlnkfwd.sys
16:44:18.0937 2696 NwlnkFwd - ok
16:44:19.0140 2696 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:44:19.0218 2696 odserv - ok
16:44:19.0296 2696 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:44:19.0312 2696 ose - ok
16:44:19.0375 2696 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINXP\system32\DRIVERS\parport.sys
16:44:19.0531 2696 Parport - ok
16:44:19.0562 2696 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINXP\system32\drivers\PartMgr.sys
16:44:19.0718 2696 PartMgr - ok
16:44:19.0734 2696 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINXP\system32\drivers\ParVdm.sys
16:44:19.0875 2696 ParVdm - ok
16:44:19.0875 2696 PCI (a219903ccf74233761d92bef471a07b1) C:\WINXP\system32\DRIVERS\pci.sys
16:44:20.0031 2696 PCI - ok
16:44:20.0046 2696 PCIDump - ok
16:44:20.0062 2696 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINXP\system32\drivers\PCIIde.sys
16:44:20.0203 2696 PCIIde - ok
16:44:20.0250 2696 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINXP\system32\DRIVERS\pcmcia.sys
16:44:20.0406 2696 Pcmcia - ok
16:44:20.0406 2696 PDCOMP - ok
16:44:20.0406 2696 PDFRAME - ok
16:44:20.0421 2696 PDRELI - ok
16:44:20.0421 2696 PDRFRAME - ok
16:44:20.0437 2696 perc2 - ok
16:44:20.0437 2696 perc2hib - ok
16:44:20.0500 2696 PlugPlay (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINXP\system32\services.exe
16:44:20.0515 2696 PlugPlay - ok
16:44:20.0578 2696 Pml Driver HPZ12 (e638656001c52a1faa34f92e6d3a086b) C:\WINXP\system32\HPZipm12.dll
16:44:20.0578 2696 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:44:20.0578 2696 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:44:20.0609 2696 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINXP\system32\lsass.exe
16:44:20.0750 2696 PolicyAgent - ok
16:44:20.0796 2696 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINXP\system32\DRIVERS\raspptp.sys
16:44:20.0937 2696 PptpMiniport - ok
16:44:20.0953 2696 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINXP\system32\lsass.exe
16:44:21.0078 2696 ProtectedStorage - ok
16:44:21.0093 2696 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINXP\system32\DRIVERS\psched.sys
16:44:21.0265 2696 PSched - ok
16:44:21.0328 2696 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINXP\system32\DRIVERS\ptilink.sys
16:44:21.0484 2696 Ptilink - ok
16:44:21.0515 2696 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINXP\system32\Drivers\PxHelp20.sys
16:44:21.0515 2696 PxHelp20 - ok
16:44:21.0531 2696 ql1080 - ok
16:44:21.0531 2696 Ql10wnt - ok
16:44:21.0546 2696 ql12160 - ok
16:44:21.0546 2696 ql1240 - ok
16:44:21.0562 2696 ql1280 - ok
16:44:21.0593 2696 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINXP\system32\DRIVERS\rasacd.sys
16:44:21.0734 2696 RasAcd - ok
16:44:21.0765 2696 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINXP\System32\rasauto.dll
16:44:21.0906 2696 RasAuto - ok
16:44:21.0953 2696 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINXP\system32\DRIVERS\rasl2tp.sys
16:44:22.0093 2696 Rasl2tp - ok
16:44:22.0109 2696 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINXP\System32\rasmans.dll
16:44:22.0281 2696 RasMan - ok
16:44:22.0281 2696 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINXP\system32\DRIVERS\raspppoe.sys
16:44:22.0453 2696 RasPppoe - ok
16:44:22.0468 2696 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINXP\system32\DRIVERS\raspti.sys
16:44:22.0640 2696 Raspti - ok
16:44:22.0671 2696 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINXP\system32\DRIVERS\rdbss.sys
16:44:22.0828 2696 Rdbss - ok
16:44:22.0859 2696 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINXP\system32\DRIVERS\RDPCDD.sys
16:44:23.0015 2696 RDPCDD - ok
16:44:23.0078 2696 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINXP\system32\DRIVERS\rdpdr.sys
16:44:23.0250 2696 rdpdr - ok
16:44:23.0312 2696 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINXP\system32\drivers\RDPWD.sys
16:44:23.0437 2696 RDPWD - ok
16:44:23.0500 2696 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINXP\system32\sessmgr.exe
16:44:23.0671 2696 RDSessMgr - ok
16:44:23.0718 2696 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINXP\system32\DRIVERS\redbook.sys
16:44:23.0890 2696 redbook - ok
16:44:24.0062 2696 RegSrvc (c96980cccf84329824623b0b50383703) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:44:24.0109 2696 RegSrvc - ok
16:44:24.0171 2696 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINXP\System32\mprdim.dll
16:44:24.0343 2696 RemoteAccess - ok
16:44:24.0421 2696 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINXP\system32\regsvc.dll
16:44:24.0593 2696 RemoteRegistry - ok
16:44:24.0640 2696 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINXP\system32\DRIVERS\rfcomm.sys
16:44:24.0875 2696 RFCOMM - ok
16:44:24.0906 2696 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINXP\system32\locator.exe
16:44:25.0046 2696 RpcLocator - ok
16:44:25.0125 2696 RpcSs (9222562d44021b988b9f9f62207fb6f2) C:\WINXP\system32\rpcss.dll
16:44:25.0171 2696 RpcSs - ok
16:44:25.0218 2696 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINXP\system32\rsvp.exe
16:44:25.0375 2696 RSVP - ok
16:44:25.0562 2696 S24EventMonitor (0fcb7eeb0e81a777735a5af185f56c2b) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
16:44:25.0656 2696 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
16:44:25.0656 2696 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
16:44:25.0750 2696 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINXP\system32\DRIVERS\s24trans.sys
16:44:25.0828 2696 s24trans - ok
16:44:25.0890 2696 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINXP\system32\lsass.exe
16:44:26.0046 2696 SamSs - ok
16:44:26.0078 2696 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINXP\System32\SCardSvr.exe
16:44:26.0234 2696 SCardSvr - ok
16:44:26.0312 2696 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINXP\system32\schedsvc.dll
16:44:26.0484 2696 Schedule - ok
16:44:26.0515 2696 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINXP\system32\DRIVERS\secdrv.sys
16:44:26.0593 2696 Secdrv - ok
16:44:26.0625 2696 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINXP\System32\seclogon.dll
16:44:26.0781 2696 seclogon - ok
16:44:26.0796 2696 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINXP\system32\sens.dll
16:44:26.0937 2696 SENS - ok
16:44:26.0953 2696 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINXP\system32\DRIVERS\serenum.sys
16:44:27.0125 2696 serenum - ok
16:44:27.0171 2696 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINXP\system32\DRIVERS\serial.sys
16:44:27.0312 2696 Serial - ok
16:44:27.0343 2696 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINXP\system32\drivers\Sfloppy.sys
16:44:27.0500 2696 Sfloppy - ok
16:44:27.0531 2696 ShellHWDetection (888cd7b39c37e13a2419becfaaf0a28c) C:\WINXP\System32\shsvcs.dll
16:44:27.0562 2696 ShellHWDetection - ok
16:44:27.0562 2696 Simbad - ok
16:44:27.0578 2696 Sparrow - ok
16:44:27.0609 2696 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINXP\system32\drivers\splitter.sys
16:44:27.0765 2696 splitter - ok
16:44:27.0765 2696 Spooler (258dd5d4283fd9f9a7166be9ae45ce73) C:\WINXP\system32\spoolsv.exe
16:44:27.0796 2696 Spooler - ok
16:44:27.0890 2696 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINXP\system32\Drivers\sptd.sys
16:44:27.0890 2696 Suspicious file (NoAccess): C:\WINXP\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
16:44:27.0890 2696 sptd ( LockedFile.Multi.Generic ) - warning
16:44:27.0890 2696 sptd - detected LockedFile.Multi.Generic (1)
16:44:27.0906 2696 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINXP\system32\DRIVERS\sr.sys
16:44:28.0000 2696 sr - ok
16:44:28.0031 2696 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINXP\system32\srsvc.dll
16:44:28.0109 2696 srservice - ok
16:44:28.0171 2696 Srv (9b390283569ea58d43d2586032b892f5) C:\WINXP\system32\DRIVERS\srv.sys
16:44:28.0281 2696 Srv - ok
16:44:28.0343 2696 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINXP\System32\ssdpsrv.dll
16:44:28.0406 2696 SSDPSRV - ok
16:44:28.0484 2696 STAC97 (305cc42945a713347f978d78566113f3) C:\WINXP\system32\drivers\STAC97.sys
16:44:28.0562 2696 STAC97 - ok
16:44:28.0625 2696 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINXP\system32\wiaservc.dll
16:44:28.0796 2696 stisvc - ok
16:44:28.0890 2696 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINXP\system32\DRIVERS\swenum.sys
16:44:29.0046 2696 swenum - ok
16:44:29.0093 2696 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINXP\system32\drivers\swmidi.sys
16:44:29.0250 2696 swmidi - ok
16:44:29.0265 2696 SwPrv - ok
16:44:29.0265 2696 symc810 - ok
16:44:29.0281 2696 symc8xx - ok
16:44:29.0281 2696 sym_hi - ok
16:44:29.0296 2696 sym_u3 - ok
16:44:29.0328 2696 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINXP\system32\drivers\sysaudio.sys
16:44:29.0484 2696 sysaudio - ok
16:44:29.0531 2696 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINXP\system32\smlogsvc.exe
16:44:29.0718 2696 SysmonLog - ok
16:44:29.0750 2696 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINXP\System32\tapisrv.dll
16:44:29.0906 2696 TapiSrv - ok
16:44:29.0953 2696 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINXP\system32\DRIVERS\tcpip.sys
16:44:30.0046 2696 Tcpip - ok
16:44:30.0078 2696 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINXP\system32\drivers\TDPIPE.sys
16:44:30.0250 2696 TDPIPE - ok
16:44:30.0296 2696 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINXP\system32\drivers\TDTCP.sys
16:44:30.0437 2696 TDTCP - ok
16:44:30.0468 2696 TermDD (88155247177638048422893737429d9e) C:\WINXP\system32\DRIVERS\termdd.sys
16:44:30.0625 2696 TermDD - ok
16:44:30.0656 2696 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINXP\System32\termsrv.dll
16:44:30.0859 2696 TermService - ok
16:44:30.0921 2696 Themes (888cd7b39c37e13a2419becfaaf0a28c) C:\WINXP\System32\shsvcs.dll
16:44:30.0937 2696 Themes - ok
16:44:30.0968 2696 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINXP\system32\tlntsvr.exe
16:44:31.0046 2696 TlntSvr - ok
16:44:31.0046 2696 TosIde - ok
16:44:31.0093 2696 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINXP\system32\trkwks.dll
16:44:31.0234 2696 TrkWks - ok
16:44:31.0281 2696 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINXP\system32\drivers\Udfs.sys
16:44:31.0421 2696 Udfs - ok
16:44:31.0437 2696 UIUSys - ok
16:44:31.0437 2696 ultra - ok
16:44:31.0531 2696 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINXP\system32\DRIVERS\update.sys
16:44:31.0734 2696 Update - ok
16:44:31.0781 2696 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINXP\System32\upnphost.dll
16:44:31.0875 2696 upnphost - ok
16:44:31.0906 2696 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINXP\System32\ups.exe
16:44:32.0046 2696 UPS - ok
16:44:32.0093 2696 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINXP\system32\Drivers\usbaapl.sys
16:44:32.0171 2696 USBAAPL - ok
16:44:32.0218 2696 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINXP\system32\DRIVERS\usbccgp.sys
16:44:32.0390 2696 usbccgp - ok
16:44:32.0437 2696 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINXP\system32\DRIVERS\usbehci.sys
16:44:32.0593 2696 usbehci - ok
16:44:32.0656 2696 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINXP\system32\DRIVERS\usbhub.sys
16:44:32.0796 2696 usbhub - ok
16:44:32.0859 2696 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINXP\system32\DRIVERS\usbscan.sys
16:44:33.0000 2696 usbscan - ok
16:44:33.0031 2696 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINXP\system32\DRIVERS\USBSTOR.SYS
16:44:33.0203 2696 USBSTOR - ok
16:44:33.0203 2696 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINXP\system32\DRIVERS\usbuhci.sys
16:44:33.0359 2696 usbuhci - ok
16:44:33.0390 2696 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINXP\System32\drivers\vga.sys
16:44:33.0531 2696 VgaSave - ok
16:44:33.0546 2696 ViaIde - ok
16:44:33.0609 2696 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINXP\system32\drivers\VolSnap.sys
16:44:33.0781 2696 VolSnap - ok
16:44:33.0828 2696 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINXP\System32\vssvc.exe
16:44:33.0937 2696 VSS - ok
16:44:34.0125 2696 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINXP\system32\DRIVERS\w29n51.sys
16:44:34.0421 2696 w29n51 - ok
16:44:34.0640 2696 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINXP\system32\w32time.dll
16:44:34.0812 2696 W32Time - ok
16:44:34.0843 2696 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINXP\system32\DRIVERS\wanarp.sys
16:44:35.0000 2696 Wanarp - ok
16:44:35.0078 2696 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINXP\system32\Drivers\wdf01000.sys
16:44:35.0125 2696 Wdf01000 - ok
16:44:35.0125 2696 WDICA - ok
16:44:35.0171 2696 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINXP\system32\drivers\wdmaud.sys
16:44:35.0343 2696 wdmaud - ok
16:44:35.0375 2696 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINXP\System32\webclnt.dll
16:44:35.0546 2696 WebClient - ok
16:44:35.0640 2696 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINXP\system32\DRIVERS\HSF_CNXT.sys
16:44:35.0703 2696 winachsf - ok
16:44:35.0812 2696 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINXP\system32\wbem\WMIsvc.dll
16:44:35.0984 2696 winmgmt - ok
16:44:36.0187 2696 WLANKEEPER (c9b9942eeca0b82e35d60627e365510a) C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
16:44:36.0250 2696 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning
16:44:36.0250 2696 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)
16:44:36.0296 2696 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINXP\system32\mspmsnsv.dll
16:44:36.0375 2696 WmdmPmSN - ok
16:44:36.0453 2696 Wmi (c8a6c82f90b055149925dc7526b2d78c) C:\WINXP\System32\advapi32.dll
16:44:36.0546 2696 Wmi - ok
16:44:36.0609 2696 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINXP\system32\wbem\wmiapsrv.exe
16:44:36.0781 2696 WmiApSrv - ok
16:44:36.0953 2696 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
16:44:37.0109 2696 WMPNetworkSvc - ok
16:44:37.0187 2696 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINXP\system32\DRIVERS\wpdusb.sys
16:44:37.0218 2696 WpdUsb - ok
16:44:37.0250 2696 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINXP\System32\drivers\ws2ifsl.sys
16:44:37.0421 2696 WS2IFSL - ok
16:44:37.0468 2696 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINXP\system32\wscsvc.dll
16:44:37.0640 2696 wscsvc - ok
16:44:37.0640 2696 wuauserv - ok
16:44:37.0671 2696 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINXP\system32\DRIVERS\WudfPf.sys
16:44:37.0734 2696 WudfPf - ok
16:44:37.0765 2696 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINXP\system32\DRIVERS\wudfrd.sys
16:44:37.0781 2696 WudfRd - ok
16:44:37.0812 2696 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINXP\System32\WUDFSvc.dll
16:44:37.0843 2696 WudfSvc - ok
16:44:37.0906 2696 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINXP\System32\wzcsvc.dll
16:44:38.0140 2696 WZCSVC - ok
16:44:38.0187 2696 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINXP\System32\xmlprov.dll
16:44:38.0343 2696 xmlprov - ok
16:44:38.0390 2696 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:44:38.0937 2696 \Device\Harddisk0\DR0 - ok
16:44:38.0937 2696 Boot (0x1200) (dbb9dcd9e45fc2791b0a31ac5366cc95) \Device\Harddisk0\DR0\Partition0
16:44:38.0937 2696 \Device\Harddisk0\DR0\Partition0 - ok
16:44:38.0953 2696 ============================================================
16:44:38.0953 2696 Scan finished
16:44:38.0953 2696 ============================================================
16:44:39.0093 2124 Detected object count: 6
16:44:39.0093 2124 Actual detected object count: 6
16:45:13.0750 2124 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:13.0750 2124 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:45:13.0750 2124 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:13.0750 2124 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:45:13.0750 2124 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:13.0750 2124 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:45:13.0750 2124 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:13.0750 2124 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:45:13.0750 2124 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:45:13.0750 2124 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:45:13.0750 2124 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:13.0750 2124 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:50:33.0296 2392 ============================================================
16:50:33.0296 2392 Scan started
16:50:33.0296 2392 Mode: Manual; SigCheck; TDLFS;
16:50:33.0296 2392 ============================================================
16:50:33.0593 2392 Abiosdsk - ok
16:50:33.0593 2392 abp480n5 - ok
16:50:33.0671 2392 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINXP\system32\DRIVERS\ACPI.sys
16:50:33.0921 2392 ACPI - ok
16:50:33.0953 2392 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINXP\system32\drivers\ACPIEC.sys
16:50:34.0125 2392 ACPIEC - ok
16:50:34.0250 2392 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:50:34.0265 2392 AdobeFlashPlayerUpdateSvc - ok
16:50:34.0281 2392 adpu160m - ok
16:50:34.0343 2392 aec (8bed39e3c35d6a489438b8141717a557) C:\WINXP\system32\drivers\aec.sys
16:50:34.0515 2392 aec - ok
16:50:34.0578 2392 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINXP\System32\drivers\afd.sys
16:50:34.0609 2392 AFD - ok
16:50:34.0609 2392 Aha154x - ok
16:50:34.0625 2392 aic78u2 - ok
16:50:34.0625 2392 aic78xx - ok
16:50:34.0671 2392 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINXP\system32\alrsvc.dll
16:50:34.0843 2392 Alerter - ok
16:50:34.0859 2392 ALG (8c515081584a38aa007909cd02020b3d) C:\WINXP\System32\alg.exe
16:50:34.0921 2392 ALG - ok
16:50:34.0937 2392 AliIde - ok
16:50:34.0937 2392 amsint - ok
16:50:35.0000 2392 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINXP\system32\DRIVERS\Apfiltr.sys
16:50:35.0015 2392 ApfiltrService - ok
16:50:35.0140 2392 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:50:35.0156 2392 Apple Mobile Device - ok
16:50:35.0203 2392 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINXP\System32\appmgmts.dll
16:50:35.0265 2392 AppMgmt - ok
16:50:35.0265 2392 asc - ok
16:50:35.0281 2392 asc3350p - ok
16:50:35.0296 2392 asc3550 - ok
16:50:35.0328 2392 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINXP\system32\DRIVERS\asyncmac.sys
16:50:35.0484 2392 AsyncMac - ok
16:50:35.0515 2392 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINXP\system32\DRIVERS\atapi.sys
16:50:35.0656 2392 atapi - ok
16:50:35.0656 2392 Atdisk - ok
16:50:35.0703 2392 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINXP\system32\DRIVERS\atmarpc.sys
16:50:35.0843 2392 Atmarpc - ok
16:50:35.0875 2392 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINXP\System32\audiosrv.dll
16:50:36.0031 2392 AudioSrv - ok
16:50:36.0078 2392 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINXP\system32\DRIVERS\audstub.sys
16:50:36.0234 2392 audstub - ok
16:50:36.0296 2392 b57w2k (6f7911f3e674363a91541e097f49b633) C:\WINXP\system32\DRIVERS\b57xp32.sys
16:50:36.0328 2392 b57w2k - ok
16:50:36.0375 2392 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINXP\system32\drivers\Beep.sys
16:50:36.0531 2392 Beep - ok
16:50:36.0625 2392 BITS (574738f61fca2935f5265dc4e5691314) C:\WINXP\system32\qmgr.dll
16:50:36.0828 2392 BITS - ok
16:50:37.0109 2392 Bluetooth Device Manager (b32c5d84e9a52372327c6b033c3d59b6) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
16:50:37.0312 2392 Bluetooth Device Manager - ok
16:50:37.0453 2392 Bluetooth Low Energy Service (54a84bc363f697785b54f990960d68d8) C:\Program Files\Motorola\Bluetooth\LEsrv.exe
16:50:37.0484 2392 Bluetooth Low Energy Service - ok
16:50:37.0593 2392 Bluetooth Media Service (12dea7dbdb89ba39b4d0a86a7c4ae3fe) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
16:50:37.0640 2392 Bluetooth Media Service - ok
16:50:37.0718 2392 Bluetooth OBEX Service (e9d366d4365ea9775a03aa569a151bfe) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
16:50:37.0750 2392 Bluetooth OBEX Service - ok
16:50:37.0875 2392 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINXP\System32\browser.dll
16:50:38.0031 2392 Browser - ok
16:50:38.0078 2392 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINXP\system32\DRIVERS\BthEnum.sys
16:50:38.0218 2392 BthEnum - ok
16:50:38.0265 2392 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINXP\system32\DRIVERS\bthpan.sys
16:50:38.0390 2392 BthPan - ok
16:50:38.0437 2392 BTHPORT (51d05d5a8a7d93ab0b1a8d6a38db3ca4) C:\WINXP\system32\Drivers\BTHport.sys
16:50:38.0468 2392 BTHPORT - ok
16:50:38.0500 2392 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINXP\System32\bthserv.dll
16:50:38.0656 2392 BthServ - ok
16:50:38.0671 2392 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINXP\system32\Drivers\BTHUSB.sys
16:50:38.0828 2392 BTHUSB - ok
16:50:38.0875 2392 BTMCOM (daee018ea8d4faf49a7c90698865dc53) C:\WINXP\system32\Drivers\btmcom.sys
16:50:38.0906 2392 BTMCOM - ok
16:50:38.0968 2392 BTMUSB (843770815cbde9ebe03d9a0d741524b7) C:\WINXP\system32\Drivers\btmusb.sys
16:50:39.0031 2392 BTMUSB - ok
16:50:39.0140 2392 catchme - ok
16:50:39.0187 2392 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINXP\system32\drivers\cbidf2k.sys
16:50:39.0359 2392 cbidf2k - ok
16:50:39.0359 2392 cd20xrnt - ok
16:50:39.0406 2392 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINXP\system32\drivers\Cdaudio.sys
16:50:39.0562 2392 Cdaudio - ok
16:50:39.0625 2392 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINXP\system32\drivers\Cdfs.sys
16:50:39.0750 2392 Cdfs - ok
16:50:39.0781 2392 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINXP\system32\DRIVERS\cdrom.sys
16:50:39.0937 2392 Cdrom - ok
16:50:39.0937 2392 Changer - ok
16:50:39.0968 2392 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINXP\system32\cisvc.exe
16:50:40.0125 2392 CiSvc - ok
16:50:40.0171 2392 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINXP\system32\clipsrv.exe
16:50:40.0343 2392 ClipSrv - ok
16:50:40.0359 2392 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINXP\system32\DRIVERS\CmBatt.sys
16:50:40.0515 2392 CmBatt - ok
16:50:40.0515 2392 CmdIde - ok
16:50:40.0531 2392 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINXP\system32\DRIVERS\compbatt.sys
16:50:40.0671 2392 Compbatt - ok
16:50:40.0687 2392 COMSysApp - ok
16:50:40.0703 2392 Cpqarray - ok
16:50:40.0734 2392 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINXP\System32\cryptsvc.dll
16:50:40.0890 2392 CryptSvc - ok
16:50:40.0890 2392 dac2w2k - ok
16:50:40.0906 2392 dac960nt - ok
16:50:40.0984 2392 DcomLaunch (9222562d44021b988b9f9f62207fb6f2) C:\WINXP\system32\rpcss.dll
16:50:41.0046 2392 DcomLaunch - ok
16:50:41.0078 2392 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINXP\System32\dhcpcsvc.dll
16:50:41.0234 2392 Dhcp - ok
16:50:41.0234 2392 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINXP\system32\DRIVERS\disk.sys
16:50:41.0375 2392 Disk - ok
16:50:41.0375 2392 dmadmin - ok
16:50:41.0468 2392 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINXP\system32\drivers\dmboot.sys
16:50:41.0671 2392 dmboot - ok
16:50:41.0703 2392 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINXP\system32\drivers\dmio.sys
16:50:41.0875 2392 dmio - ok
16:50:41.0921 2392 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINXP\system32\drivers\dmload.sys
16:50:42.0046 2392 dmload - ok
16:50:42.0062 2392 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINXP\System32\dmserver.dll
16:50:42.0203 2392 dmserver - ok
16:50:42.0250 2392 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINXP\system32\drivers\DMusic.sys
16:50:42.0406 2392 DMusic - ok
16:50:42.0437 2392 Dnscache (d977659ae4d8ece5286d99d1ed34614d) C:\WINXP\System32\dnsrslvr.dll
16:50:42.0484 2392 Dnscache - ok
16:50:42.0515 2392 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINXP\System32\dot3svc.dll
16:50:42.0687 2392 Dot3svc - ok
16:50:42.0718 2392 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINXP\system32\DRIVERS\Dot4.sys
16:50:42.0875 2392 dot4 - ok
16:50:42.0906 2392 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINXP\system32\DRIVERS\Dot4Prt.sys
16:50:43.0062 2392 Dot4Print - ok
16:50:43.0093 2392 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINXP\system32\DRIVERS\dot4usb.sys
16:50:43.0234 2392 dot4usb - ok
16:50:43.0234 2392 dpti2o - ok
16:50:43.0281 2392 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINXP\system32\drivers\drmkaud.sys
16:50:43.0406 2392 drmkaud - ok
16:50:43.0453 2392 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINXP\System32\eapsvc.dll
16:50:43.0609 2392 EapHost - ok
16:50:43.0640 2392 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINXP\System32\ersvc.dll
16:50:43.0781 2392 ERSvc - ok
16:50:43.0843 2392 Eventlog (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINXP\system32\services.exe
16:50:43.0875 2392 Eventlog - ok
16:50:43.0921 2392 EventSystem (f17f6226bdc0cd5f0bef0daf84d29bec) C:\WINXP\system32\es.dll
16:50:43.0953 2392 EventSystem - ok
16:50:44.0171 2392 EvtEng (c37b83b51cdf10e5bb6f78a7e4fed11a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:50:44.0265 2392 EvtEng - ok
16:50:44.0343 2392 Fastfat (38d332a6d56af32635675f132548343e) C:\WINXP\system32\drivers\Fastfat.sys
16:50:44.0515 2392 Fastfat - ok
16:50:44.0531 2392 FastUserSwitchingCompatibility (888cd7b39c37e13a2419becfaaf0a28c) C:\WINXP\System32\shsvcs.dll
16:50:44.0546 2392 FastUserSwitchingCompatibility - ok
16:50:44.0578 2392 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINXP\system32\drivers\Fdc.sys
16:50:44.0718 2392 Fdc - ok
16:50:44.0765 2392 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINXP\system32\drivers\Fips.sys
16:50:44.0921 2392 Fips - ok
16:50:45.0000 2392 FLEXnet Licensing Service (3d9b36631032fde0ffea0dc0260e4e35) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:50:45.0031 2392 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
16:50:45.0031 2392 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
16:50:45.0031 2392 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINXP\system32\drivers\Flpydisk.sys
16:50:45.0203 2392 Flpydisk - ok
16:50:45.0250 2392 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINXP\system32\DRIVERS\fltMgr.sys
16:50:45.0375 2392 FltMgr - ok
16:50:45.0421 2392 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINXP\system32\drivers\Fs_Rec.sys
16:50:45.0578 2392 Fs_Rec - ok
16:50:45.0593 2392 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINXP\system32\DRIVERS\ftdisk.sys
16:50:45.0734 2392 Ftdisk - ok
16:50:45.0796 2392 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINXP\system32\DRIVERS\GEARAspiWDM.sys
16:50:45.0812 2392 GEARAspiWDM - ok
16:50:45.0859 2392 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINXP\system32\DRIVERS\msgpc.sys
16:50:46.0015 2392 Gpc - ok
16:50:46.0062 2392 GTIPCI21 (ca835331825599b938e37525796d3549) C:\WINXP\system32\DRIVERS\gtipci21.sys
16:50:46.0078 2392 GTIPCI21 - ok
16:50:46.0187 2392 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
16:50:46.0203 2392 gupdate - ok
16:50:46.0203 2392 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
16:50:46.0218 2392 gupdatem - ok
16:50:46.0281 2392 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:50:46.0437 2392 helpsvc - ok
16:50:46.0500 2392 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINXP\System32\hidserv.dll
16:50:46.0640 2392 HidServ - ok
16:50:46.0687 2392 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINXP\system32\DRIVERS\hidusb.sys
16:50:46.0843 2392 HidUsb - ok
16:50:46.0890 2392 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINXP\System32\kmsvc.dll
16:50:47.0046 2392 hkmsvc - ok
16:50:47.0062 2392 hpn - ok
16:50:47.0109 2392 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINXP\system32\DRIVERS\HSFHWICH.sys
16:50:47.0156 2392 HSFHWICH - ok
16:50:47.0250 2392 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINXP\system32\DRIVERS\HSF_DPV.SYS
16:50:47.0312 2392 HSF_DPV - ok
16:50:47.0390 2392 HTTP (937031c085718c1c04a9c0864625ec6b) C:\WINXP\system32\Drivers\HTTP.sys
16:50:47.0406 2392 HTTP - ok
16:50:47.0468 2392 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINXP\System32\w3ssl.dll
16:50:47.0640 2392 HTTPFilter - ok
16:50:47.0640 2392 i2omgmt - ok
16:50:47.0656 2392 i2omp - ok
16:50:47.0687 2392 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINXP\system32\DRIVERS\i8042prt.sys
16:50:47.0843 2392 i8042prt - ok
16:50:47.0953 2392 ialm (643162fbc619e35d3f1a90a095a5bb42) C:\WINXP\system32\DRIVERS\ialmnt5.sys
16:50:48.0031 2392 ialm - ok
16:50:48.0046 2392 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINXP\system32\DRIVERS\imapi.sys
16:50:48.0171 2392 Imapi - ok
16:50:48.0218 2392 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINXP\system32\imapi.exe
16:50:48.0343 2392 ImapiService - ok
16:50:48.0359 2392 ini910u - ok
16:50:48.0421 2392 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINXP\system32\DRIVERS\intelide.sys
16:50:48.0562 2392 IntelIde - ok
16:50:48.0609 2392 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINXP\system32\DRIVERS\intelppm.sys
16:50:48.0750 2392 intelppm - ok
16:50:48.0781 2392 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINXP\system32\DRIVERS\Ip6Fw.sys
16:50:48.0953 2392 Ip6Fw - ok
16:50:48.0984 2392 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINXP\system32\DRIVERS\ipfltdrv.sys
16:50:49.0156 2392 IpFilterDriver - ok
16:50:49.0187 2392 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINXP\system32\DRIVERS\ipinip.sys
16:50:49.0312 2392 IpInIp - ok
16:50:49.0359 2392 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINXP\system32\DRIVERS\ipnat.sys
16:50:49.0484 2392 IpNat - ok
16:50:49.0640 2392 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
16:50:49.0687 2392 iPod Service - ok
16:50:49.0734 2392 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINXP\system32\DRIVERS\ipsec.sys
16:50:49.0875 2392 IPSec - ok
16:50:49.0890 2392 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINXP\system32\DRIVERS\irenum.sys
16:50:49.0968 2392 IRENUM - ok
16:50:50.0015 2392 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINXP\system32\DRIVERS\isapnp.sys
16:50:50.0171 2392 isapnp - ok
16:50:50.0296 2392 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
16:50:50.0312 2392 JavaQuickStarterService - ok
16:50:50.0328 2392 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINXP\system32\DRIVERS\kbdclass.sys
16:50:50.0484 2392 Kbdclass - ok
16:50:50.0531 2392 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINXP\system32\DRIVERS\kbdhid.sys
16:50:50.0671 2392 kbdhid - ok
16:50:50.0765 2392 kmixer (692bcf44383d056aed41b045a323d378) C:\WINXP\system32\drivers\kmixer.sys
16:50:50.0921 2392 kmixer - ok
16:50:50.0953 2392 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINXP\system32\drivers\KSecDD.sys
16:50:50.0984 2392 KSecDD - ok
16:50:51.0031 2392 LanmanServer (3695b8d03745b2f8022b161238347a9d) C:\WINXP\System32\srvsvc.dll
16:50:51.0046 2392 LanmanServer - ok
16:50:51.0078 2392 lanmanworkstation (3b9324d60dd321bab7bf6f77931d3fd1) C:\WINXP\System32\wkssvc.dll
16:50:51.0093 2392 lanmanworkstation - ok
16:50:51.0109 2392 lbrtfdc - ok
16:50:51.0156 2392 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINXP\System32\lmhsvc.dll
16:50:51.0281 2392 LmHosts - ok
16:50:51.0343 2392 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINXP\system32\DRIVERS\mdmxsdk.sys
16:50:51.0359 2392 mdmxsdk - ok
16:50:51.0390 2392 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINXP\System32\msgsvc.dll
16:50:51.0562 2392 Messenger - ok
16:50:51.0671 2392 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
16:50:51.0687 2392 Microsoft Office Groove Audit Service - ok
16:50:51.0734 2392 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINXP\system32\drivers\mnmdd.sys
16:50:51.0890 2392 mnmdd - ok
16:50:51.0937 2392 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINXP\system32\mnmsrvc.exe
16:50:52.0062 2392 mnmsrvc - ok
16:50:52.0125 2392 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINXP\system32\drivers\Modem.sys
16:50:52.0265 2392 Modem - ok
16:50:52.0312 2392 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINXP\system32\DRIVERS\motodrv.sys
16:50:52.0343 2392 MotDev - ok
16:50:52.0359 2392 motmodem (11b8118f538b579488e7645b2578e544) C:\WINXP\system32\DRIVERS\motmodem.sys
16:50:52.0406 2392 motmodem - ok
16:50:52.0484 2392 MotoHelper (290750346f5937b02f62594b8eb03215) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
16:50:52.0515 2392 MotoHelper - ok
16:50:52.0562 2392 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINXP\system32\DRIVERS\mouclass.sys
16:50:52.0718 2392 Mouclass - ok
16:50:52.0750 2392 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINXP\system32\DRIVERS\mouhid.sys
16:50:52.0906 2392 mouhid - ok
16:50:52.0937 2392 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINXP\system32\drivers\MountMgr.sys
16:50:53.0093 2392 MountMgr - ok
16:50:53.0171 2392 MozillaMaintenance (864c02d08f2f641491fe5b4c004f8980) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:50:53.0187 2392 MozillaMaintenance - ok
16:50:53.0187 2392 mraid35x - ok
16:50:53.0234 2392 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINXP\system32\DRIVERS\mrxdav.sys
16:50:53.0375 2392 MRxDAV - ok
16:50:53.0453 2392 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINXP\system32\DRIVERS\mrxsmb.sys
16:50:53.0531 2392 MRxSmb - ok
16:50:53.0562 2392 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINXP\system32\msdtc.exe
16:50:53.0734 2392 MSDTC - ok
16:50:53.0734 2392 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINXP\system32\drivers\Msfs.sys
16:50:53.0906 2392 Msfs - ok
16:50:53.0906 2392 MSIServer - ok
16:50:53.0968 2392 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINXP\system32\drivers\MSKSSRV.sys
16:50:54.0109 2392 MSKSSRV - ok
16:50:54.0156 2392 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINXP\system32\drivers\MSPCLOCK.sys
16:50:54.0281 2392 MSPCLOCK - ok
16:50:54.0296 2392 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINXP\system32\drivers\MSPQM.sys
16:50:54.0421 2392 MSPQM - ok
16:50:54.0453 2392 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINXP\system32\DRIVERS\mssmbios.sys
16:50:54.0609 2392 mssmbios - ok
16:50:54.0625 2392 Mup (f7b1ad991491f02af6da70b00b8bf114) C:\WINXP\system32\drivers\Mup.sys
16:50:54.0656 2392 Mup - ok
16:50:54.0718 2392 napagent (0102140028fad045756796e1c685d695) C:\WINXP\System32\qagentrt.dll
16:50:54.0859 2392 napagent - ok
16:50:54.0906 2392 NDIS (1df7f42665c94b825322fae71721130d) C:\WINXP\system32\drivers\NDIS.sys
16:50:55.0046 2392 NDIS - ok
16:50:55.0093 2392 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINXP\system32\DRIVERS\ndistapi.sys
16:50:55.0156 2392 NdisTapi - ok
16:50:55.0171 2392 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINXP\system32\DRIVERS\ndisuio.sys
16:50:55.0312 2392 Ndisuio - ok
16:50:55.0359 2392 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINXP\system32\DRIVERS\ndiswan.sys
16:50:55.0484 2392 NdisWan - ok
16:50:55.0500 2392 NDProxy (816460bd4b4acd27937d1d0813e2e9e9) C:\WINXP\system32\drivers\NDProxy.sys
16:50:55.0515 2392 NDProxy - ok
16:50:55.0562 2392 Net Driver HPZ12 (f7c14f5077bf2bc476c348b88a7f74e2) C:\WINXP\system32\HPZinw12.dll
16:50:55.0562 2392 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:50:55.0562 2392 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:50:55.0578 2392 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINXP\system32\DRIVERS\netbios.sys
16:50:55.0718 2392 NetBIOS - ok
16:50:55.0750 2392 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINXP\system32\DRIVERS\netbt.sys
16:50:55.0890 2392 NetBT - ok
16:50:55.0937 2392 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINXP\system32\netdde.exe
16:50:56.0093 2392 NetDDE - ok
16:50:56.0093 2392 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINXP\system32\netdde.exe
16:50:56.0250 2392 NetDDEdsdm - ok
16:50:56.0296 2392 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINXP\system32\lsass.exe
16:50:56.0437 2392 Netlogon - ok
16:50:56.0500 2392 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINXP\System32\netman.dll
16:50:56.0640 2392 Netman - ok
16:50:56.0703 2392 Nla (fcee5fcb99f7c724593365c706d28388) C:\WINXP\System32\mswsock.dll
16:50:56.0750 2392 Nla - ok
16:50:56.0765 2392 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINXP\system32\drivers\Npfs.sys
16:50:56.0906 2392 Npfs - ok
16:50:56.0953 2392 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINXP\system32\drivers\Ntfs.sys
16:50:57.0125 2392 Ntfs - ok
16:50:57.0140 2392 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINXP\system32\lsass.exe
16:50:57.0281 2392 NtLmSsp - ok
16:50:57.0359 2392 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINXP\system32\ntmssvc.dll
16:50:57.0515 2392 NtmsSvc - ok
16:50:57.0578 2392 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINXP\system32\drivers\Null.sys
16:50:57.0718 2392 Null - ok
16:50:57.0750 2392 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINXP\system32\DRIVERS\nwlnkflt.sys
16:50:57.0890 2392 NwlnkFlt - ok
16:50:57.0890 2392 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINXP\system32\DRIVERS\nwlnkfwd.sys
16:50:58.0031 2392 NwlnkFwd - ok
16:50:58.0203 2392 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:50:58.0234 2392 odserv - ok
16:50:58.0281 2392 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:50:58.0296 2392 ose - ok
16:50:58.0343 2392 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINXP\system32\DRIVERS\parport.sys
16:50:58.0500 2392 Parport - ok
16:50:58.0531 2392 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINXP\system32\drivers\PartMgr.sys
16:50:58.0687 2392 PartMgr - ok
16:50:58.0734 2392 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINXP\system32\drivers\ParVdm.sys
16:50:58.0890 2392 ParVdm - ok
16:50:58.0921 2392 PCI (a219903ccf74233761d92bef471a07b1) C:\WINXP\system32\DRIVERS\pci.sys
16:50:59.0078 2392 PCI - ok
16:50:59.0078 2392 PCIDump - ok
16:50:59.0109 2392 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINXP\system32\drivers\PCIIde.sys
16:50:59.0250 2392 PCIIde - ok
16:50:59.0265 2392 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINXP\system32\DRIVERS\pcmcia.sys
16:50:59.0406 2392 Pcmcia - ok
16:50:59.0406 2392 PDCOMP - ok
16:50:59.0421 2392 PDFRAME - ok
16:50:59.0421 2392 PDRELI - ok
16:50:59.0437 2392 PDRFRAME - ok
16:50:59.0437 2392 perc2 - ok
16:50:59.0453 2392 perc2hib - ok
16:50:59.0500 2392 PlugPlay (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINXP\system32\services.exe
16:50:59.0515 2392 PlugPlay - ok
16:50:59.0578 2392 Pml Driver HPZ12 (e638656001c52a1faa34f92e6d3a086b) C:\WINXP\system32\HPZipm12.dll
16:50:59.0578 2392 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:50:59.0578 2392 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:50:59.0640 2392 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINXP\system32\lsass.exe
16:50:59.0781 2392 PolicyAgent - ok
16:50:59.0843 2392 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINXP\system32\DRIVERS\raspptp.sys
16:50:59.0968 2392 PptpMiniport - ok
16:50:59.0984 2392 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINXP\system32\lsass.exe
16:51:00.0125 2392 ProtectedStorage - ok
16:51:00.0171 2392 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINXP\system32\DRIVERS\psched.sys
16:51:00.0328 2392 PSched - ok
16:51:00.0375 2392 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINXP\system32\DRIVERS\ptilink.sys
16:51:00.0531 2392 Ptilink - ok
16:51:00.0593 2392 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINXP\system32\Drivers\PxHelp20.sys
16:51:00.0609 2392 PxHelp20 - ok
16:51:00.0609 2392 ql1080 - ok
16:51:00.0625 2392 Ql10wnt - ok
16:51:00.0625 2392 ql12160 - ok
16:51:00.0640 2392 ql1240 - ok
16:51:00.0640 2392 ql1280 - ok
16:51:00.0656 2392 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINXP\system32\DRIVERS\rasacd.sys
16:51:00.0796 2392 RasAcd - ok
16:51:00.0828 2392 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINXP\System32\rasauto.dll
16:51:00.0968 2392 RasAuto - ok
16:51:01.0000 2392 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINXP\system32\DRIVERS\rasl2tp.sys
16:51:01.0140 2392 Rasl2tp - ok
16:51:01.0187 2392 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINXP\System32\rasmans.dll
16:51:01.0328 2392 RasMan - ok
16:51:01.0343 2392 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINXP\system32\DRIVERS\raspppoe.sys
16:51:01.0500 2392 RasPppoe - ok
16:51:01.0515 2392 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINXP\system32\DRIVERS\raspti.sys
16:51:01.0671 2392 Raspti - ok
16:51:01.0703 2392 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINXP\system32\DRIVERS\rdbss.sys
16:51:01.0859 2392 Rdbss - ok
16:51:01.0890 2392 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINXP\system32\DRIVERS\RDPCDD.sys
16:51:02.0015 2392 RDPCDD - ok
16:51:02.0078 2392 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINXP\system32\DRIVERS\rdpdr.sys
16:51:02.0203 2392 rdpdr - ok
16:51:02.0281 2392 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINXP\system32\drivers\RDPWD.sys
16:51:02.0281 2392 RDPWD - ok
16:51:02.0343 2392 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINXP\system32\sessmgr.exe
16:51:02.0500 2392 RDSessMgr - ok
16:51:02.0531 2392 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINXP\system32\DRIVERS\redbook.sys
16:51:02.0687 2392 redbook - ok
16:51:02.0859 2392 RegSrvc (c96980cccf84329824623b0b50383703) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:51:02.0890 2392 RegSrvc - ok
16:51:02.0937 2392 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINXP\System32\mprdim.dll
16:51:03.0093 2392 RemoteAccess - ok
16:51:03.0187 2392 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINXP\system32\regsvc.dll
16:51:03.0328 2392 RemoteRegistry - ok
16:51:03.0375 2392 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINXP\system32\DRIVERS\rfcomm.sys
16:51:03.0500 2392 RFCOMM - ok
16:51:03.0531 2392 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINXP\system32\locator.exe
16:51:03.0671 2392 RpcLocator - ok
16:51:03.0718 2392 RpcSs (9222562d44021b988b9f9f62207fb6f2) C:\WINXP\system32\rpcss.dll
16:51:03.0750 2392 RpcSs - ok
16:51:03.0796 2392 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINXP\system32\rsvp.exe
16:51:03.0968 2392 RSVP - ok
16:51:04.0187 2392 S24EventMonitor (0fcb7eeb0e81a777735a5af185f56c2b) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
16:51:04.0218 2392 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
16:51:04.0218 2392 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
16:51:04.0296 2392 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINXP\system32\DRIVERS\s24trans.sys
16:51:04.0312 2392 s24trans - ok
16:51:04.0375 2392 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINXP\system32\lsass.exe
16:51:04.0515 2392 SamSs - ok
16:51:04.0578 2392 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINXP\System32\SCardSvr.exe
16:51:04.0718 2392 SCardSvr - ok
16:51:04.0796 2392 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINXP\system32\schedsvc.dll
16:51:04.0937 2392 Schedule - ok
16:51:04.0968 2392 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINXP\system32\DRIVERS\secdrv.sys
16:51:05.0062 2392 Secdrv - ok
16:51:05.0093 2392 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINXP\System32\seclogon.dll
16:51:05.0234 2392 seclogon - ok
16:51:05.0265 2392 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINXP\system32\sens.dll
16:51:05.0421 2392 SENS - ok
16:51:05.0437 2392 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINXP\system32\DRIVERS\serenum.sys
16:51:05.0578 2392 serenum - ok
16:51:05.0593 2392 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINXP\system32\DRIVERS\serial.sys
16:51:05.0734 2392 Serial - ok
16:51:05.0750 2392 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINXP\system32\drivers\Sfloppy.sys
16:51:05.0906 2392 Sfloppy - ok
16:51:05.0953 2392 ShellHWDetection (888cd7b39c37e13a2419becfaaf0a28c) C:\WINXP\System32\shsvcs.dll
16:51:05.0968 2392 ShellHWDetection - ok
16:51:05.0968 2392 Simbad - ok
16:51:05.0968 2392 Sparrow - ok
16:51:06.0046 2392 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINXP\system32\drivers\splitter.sys
16:51:06.0171 2392 splitter - ok
16:51:06.0218 2392 Spooler (258dd5d4283fd9f9a7166be9ae45ce73) C:\WINXP\system32\spoolsv.exe
16:51:06.0250 2392 Spooler - ok
16:51:06.0359 2392 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINXP\system32\Drivers\sptd.sys
16:51:06.0359 2392 Suspicious file (NoAccess): C:\WINXP\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
16:51:06.0359 2392 sptd ( LockedFile.Multi.Generic ) - warning
16:51:06.0359 2392 sptd - detected LockedFile.Multi.Generic (1)
16:51:06.0406 2392 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINXP\system32\DRIVERS\sr.sys
16:51:06.0500 2392 sr - ok
16:51:06.0546 2392 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINXP\system32\srsvc.dll
16:51:06.0625 2392 srservice - ok
16:51:06.0671 2392 Srv (9b390283569ea58d43d2586032b892f5) C:\WINXP\system32\DRIVERS\srv.sys
16:51:06.0718 2392 Srv - ok
16:51:06.0765 2392 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINXP\System32\ssdpsrv.dll
16:51:06.0828 2392 SSDPSRV - ok
16:51:06.0859 2392 STAC97 (305cc42945a713347f978d78566113f3) C:\WINXP\system32\drivers\STAC97.sys
16:51:06.0906 2392 STAC97 - ok
16:51:06.0953 2392 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINXP\system32\wiaservc.dll
16:51:07.0093 2392 stisvc - ok
16:51:07.0109 2392 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINXP\system32\DRIVERS\swenum.sys
16:51:07.0250 2392 swenum - ok
16:51:07.0312 2392 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINXP\system32\drivers\swmidi.sys
16:51:07.0453 2392 swmidi - ok
16:51:07.0468 2392 SwPrv - ok
16:51:07.0468 2392 symc810 - ok
16:51:07.0484 2392 symc8xx - ok
16:51:07.0484 2392 sym_hi - ok
16:51:07.0500 2392 sym_u3 - ok
16:51:07.0562 2392 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINXP\system32\drivers\sysaudio.sys
16:51:07.0703 2392 sysaudio - ok
16:51:07.0750 2392 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINXP\system32\smlogsvc.exe
16:51:07.0890 2392 SysmonLog - ok
16:51:07.0906 2392 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINXP\System32\tapisrv.dll
16:51:08.0046 2392 TapiSrv - ok
16:51:08.0093 2392 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINXP\system32\DRIVERS\tcpip.sys
16:51:08.0156 2392 Tcpip - ok
16:51:08.0203 2392 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINXP\system32\drivers\TDPIPE.sys
16:51:08.0359 2392 TDPIPE - ok
16:51:08.0421 2392 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINXP\system32\drivers\TDTCP.sys
16:51:08.0578 2392 TDTCP - ok
16:51:08.0640 2392 TermDD (88155247177638048422893737429d9e) C:\WINXP\system32\DRIVERS\termdd.sys
16:51:08.0765 2392 TermDD - ok
16:51:08.0796 2392 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINXP\System32\termsrv.dll
16:51:08.0953 2392 TermService - ok
16:51:08.0984 2392 Themes (888cd7b39c37e13a2419becfaaf0a28c) C:\WINXP\System32\shsvcs.dll
16:51:09.0000 2392 Themes - ok
16:51:09.0046 2392 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINXP\system32\tlntsvr.exe
16:51:09.0109 2392 TlntSvr - ok
16:51:09.0125 2392 TosIde - ok
16:51:09.0156 2392 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINXP\system32\trkwks.dll
16:51:09.0296 2392 TrkWks - ok
16:51:09.0375 2392 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINXP\system32\drivers\Udfs.sys
16:51:09.0500 2392 Udfs - ok
16:51:09.0500 2392 UIUSys - ok
16:51:09.0515 2392 ultra - ok
16:51:09.0609 2392 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINXP\system32\DRIVERS\update.sys
16:51:09.0796 2392 Update - ok
16:51:09.0843 2392 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINXP\System32\upnphost.dll
16:51:09.0937 2392 upnphost - ok
16:51:09.0968 2392 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINXP\System32\ups.exe
16:51:10.0109 2392 UPS - ok
16:51:10.0187 2392 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINXP\system32\Drivers\usbaapl.sys
16:51:10.0218 2392 USBAAPL - ok
16:51:10.0265 2392 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINXP\system32\DRIVERS\usbccgp.sys
16:51:10.0437 2392 usbccgp - ok
16:51:10.0468 2392 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINXP\system32\DRIVERS\usbehci.sys
16:51:10.0625 2392 usbehci - ok
16:51:10.0656 2392 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINXP\system32\DRIVERS\usbhub.sys
16:51:10.0781 2392 usbhub - ok
16:51:10.0843 2392 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINXP\system32\DRIVERS\usbscan.sys
16:51:10.0968 2392 usbscan - ok
16:51:11.0000 2392 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINXP\system32\DRIVERS\USBSTOR.SYS
16:51:11.0140 2392 USBSTOR - ok
16:51:11.0203 2392 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINXP\system32\DRIVERS\usbuhci.sys
16:51:11.0343 2392 usbuhci - ok
16:51:11.0375 2392 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINXP\System32\drivers\vga.sys
16:51:11.0500 2392 VgaSave - ok
16:51:11.0515 2392 ViaIde - ok
16:51:11.0546 2392 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINXP\system32\drivers\VolSnap.sys
16:51:11.0703 2392 VolSnap - ok
16:51:11.0750 2392 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINXP\System32\vssvc.exe
16:51:11.0843 2392 VSS - ok
16:51:12.0015 2392 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINXP\system32\DRIVERS\w29n51.sys
16:51:12.0171 2392 w29n51 - ok
16:51:12.0343 2392 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINXP\system32\w32time.dll
16:51:12.0500 2392 W32Time - ok
16:51:12.0546 2392 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINXP\system32\DRIVERS\wanarp.sys
16:51:12.0703 2392 Wanarp - ok
16:51:12.0781 2392 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINXP\system32\Drivers\wdf01000.sys
16:51:12.0796 2392 Wdf01000 - ok
16:51:12.0812 2392 WDICA - ok
16:51:12.0859 2392 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINXP\system32\drivers\wdmaud.sys
16:51:13.0000 2392 wdmaud - ok
16:51:13.0046 2392 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINXP\System32\webclnt.dll
16:51:13.0203 2392 WebClient - ok
16:51:13.0312 2392 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINXP\system32\DRIVERS\HSF_CNXT.sys
16:51:13.0343 2392 winachsf - ok
16:51:13.0437 2392 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINXP\system32\wbem\WMIsvc.dll
16:51:13.0593 2392 winmgmt - ok
16:51:13.0781 2392 WLANKEEPER (c9b9942eeca0b82e35d60627e365510a) C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
16:51:13.0828 2392 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning
16:51:13.0828 2392 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)
16:51:13.0859 2392 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINXP\system32\mspmsnsv.dll
16:51:13.0875 2392 WmdmPmSN - ok
16:51:13.0968 2392 Wmi (c8a6c82f90b055149925dc7526b2d78c) C:\WINXP\System32\advapi32.dll
16:51:14.0015 2392 Wmi - ok
16:51:14.0078 2392 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINXP\system32\wbem\wmiapsrv.exe
16:51:14.0234 2392 WmiApSrv - ok
16:51:14.0406 2392 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
16:51:14.0515 2392 WMPNetworkSvc - ok
16:51:14.0578 2392 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINXP\system32\DRIVERS\wpdusb.sys
16:51:14.0593 2392 WpdUsb - ok
16:51:14.0625 2392 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINXP\System32\drivers\ws2ifsl.sys
16:51:14.0765 2392 WS2IFSL - ok
16:51:14.0796 2392 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINXP\system32\wscsvc.dll
16:51:14.0921 2392 wscsvc - ok
16:51:14.0921 2392 wuauserv - ok
16:51:14.0953 2392 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINXP\system32\DRIVERS\WudfPf.sys
16:51:14.0984 2392 WudfPf - ok
16:51:15.0000 2392 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINXP\system32\DRIVERS\wudfrd.sys
16:51:15.0015 2392 WudfRd - ok
16:51:15.0062 2392 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINXP\System32\WUDFSvc.dll
16:51:15.0093 2392 WudfSvc - ok
16:51:15.0140 2392 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINXP\System32\wzcsvc.dll
16:51:15.0312 2392 WZCSVC - ok
16:51:15.0343 2392 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINXP\System32\xmlprov.dll
16:51:15.0484 2392 xmlprov - ok
16:51:15.0515 2392 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:51:16.0109 2392 \Device\Harddisk0\DR0 - ok
16:51:16.0109 2392 Boot (0x1200) (dbb9dcd9e45fc2791b0a31ac5366cc95) \Device\Harddisk0\DR0\Partition0
16:51:16.0109 2392 \Device\Harddisk0\DR0\Partition0 - ok
16:51:16.0109 2392 ============================================================
16:51:16.0109 2392 Scan finished
16:51:16.0109 2392 ============================================================
16:51:16.0125 2684 Detected object count: 6
16:51:16.0125 2684 Actual detected object count: 6
16:51:28.0500 2684 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:51:28.0500 2684 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:51:28.0500 2684 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:51:28.0500 2684 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:51:28.0515 2684 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:51:28.0515 2684 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:51:28.0515 2684 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
16:51:28.0515 2684 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:51:28.0515 2684 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:51:28.0515 2684 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:51:28.0515 2684 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user
16:51:28.0515 2684 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:52:26.0687 2732 Deinitialize success
  • 0

#7
liquidjo

liquidjo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Also ran Combofix the way you told me to, but it did the same thing, nothing, just got stuck.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try something different

Could you download the following programme to your C drive i.e C:\FRST.exe

[*]Download Farbar Recovery Scan Tool


Could you reboot the computer pressing F8 repeatedly as it starts to achieve the safe mode menu..

Is there an option for recovery console ?



If the recovery console is present then use that option

At the command prompt type CD..
So the the Prompt reads C>

Then type FRST.exe
  • The tool will start to run.
    Posted Image
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


If the recovery console option is not present then from the safe mode menu select Command Prompt

At the command prompt type CD..
So the the Prompt reads C>

Then type FRST.exe
  • The tool will start to run.
    Posted Image
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

  • 0

#9
liquidjo

liquidjo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I ran the recovery console but couldnt get it to run. When I first run the Recovery Console it showed this:

1:C:\WINXP
Which windows installation would you like to log onto
<To cancel, press ENTER>?

I pressed 1 then enter. Then it showed C:\WINXP>. I tried typing in what you asked me to type in, but to no avail. But I finally just did it in the safe mode with command prompt, and heres the log:




Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-07-2012
Ran by Daci at 20-07-2012 11:47:38
Running from C:\
Service Pack 3 (X86) OS Language: English(US)
Attention: Could not load system hive.
Error: The system was unable to find the specified registry key or value
Attention: System hive is missing.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-07-20 11:47 - 2012-07-20 11:47 - 00000000 ____D C:\FRST
2012-07-20 10:33 - 2012-07-20 10:33 - 00892154 ____A (Farbar) C:\FRST.exe
2012-07-19 17:11 - 2012-07-19 17:12 - 00000000 ___SD C:\Gotcha
2012-07-19 17:11 - 2012-07-19 17:11 - 00000000 ____D C:\Qoobox
2012-07-19 17:10 - 2012-07-19 17:10 - 04582475 ____R (Swearware) C:\Documents and Settings\Daci\Desktop\Gotcha.exe
2012-07-19 16:55 - 2012-07-19 16:56 - 02136664 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Daci\Desktop\tdsskiller.exe
2012-07-18 16:58 - 2009-06-29 14:45 - 00000000 ____D C:\Documents and Settings\Daci\Desktop\Misery Signals [EP] [2003]
2012-07-18 12:07 - 2012-07-18 12:07 - 00000000 ____D C:\_OTL
2012-07-17 18:37 - 2012-07-17 18:37 - 00000933 ____A C:\Documents and Settings\Daci\Desktop\Spybot - Search & Destroy.lnk
2012-07-17 18:36 - 2012-07-17 19:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2012-07-17 18:36 - 2012-07-17 18:39 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-07-17 18:28 - 2012-07-17 18:28 - 00002445 ____A C:\Documents and Settings\Daci\Desktop\HiJackThis.lnk
2012-07-17 18:28 - 2012-07-17 18:28 - 00000000 ____D C:\Program Files\Trend Micro
2012-07-16 16:38 - 2012-07-16 16:38 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2012-07-16 16:37 - 2012-07-16 16:37 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2012-07-16 10:11 - 2012-07-16 10:11 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2012-07-16 10:10 - 2012-07-16 10:10 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2012-07-13 14:15 - 2012-07-13 14:15 - 00000703 ____A C:\Documents and Settings\Daci\Desktop\Magic APE FLAC CD Burner.lnk
2012-07-13 14:15 - 2012-07-13 14:15 - 00000000 ____D C:\Program Files\Magic APE FLAC CD Burner
2012-07-12 18:37 - 2012-07-12 18:37 - 00000000 ____D C:\Documents and Settings\Daci\Desktop\Mongol
2012-07-11 09:08 - 2012-07-11 09:08 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
2012-07-08 14:05 - 2012-07-08 14:05 - 00000591 ____A C:\Documents and Settings\Daci\Desktop\Shortcut to Azureus.lnk
2012-07-04 12:56 - 2012-07-04 12:56 - 00000000 ____D C:\Documents and Settings\Daci\My Documents\My Received Files
2012-07-04 12:56 - 2012-07-04 12:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\FLEXnet
2012-07-04 12:55 - 2012-07-04 12:55 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2012-07-04 12:52 - 2012-07-04 12:52 - 00000000 ____D C:\Intel
2012-07-04 12:47 - 2012-07-04 12:51 - 00000000 ____D C:\Documents and Settings\All Users\Documents\DriverGenius
2012-07-04 12:46 - 2012-07-04 12:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DriverGenius
2012-07-04 12:44 - 2012-07-04 12:44 - 00000000 ____D C:\Program Files\Driver-Soft
2012-07-03 22:17 - 2012-07-03 22:17 - 00000000 ____D C:\Documents and Settings\Daci\Application Data\DDMSettings
2012-07-03 21:30 - 2012-07-04 12:06 - 00000000 ____D C:\Documents and Settings\Daci\Application Data\DivX
2012-07-03 21:29 - 2012-07-03 21:30 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2012-07-03 21:24 - 2012-07-03 21:31 - 00000000 ____D C:\Program Files\DivX
2012-07-03 21:23 - 2012-07-03 21:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DivX
2012-07-03 17:56 - 2012-07-03 17:56 - 00000000 ____D C:\Documents and Settings\Daci\Local Settings\Application Data\ESET
2012-06-29 10:52 - 2012-06-29 10:52 - 00000000 ____D C:\Documents and Settings\Daci\Application Data\Google
2012-06-29 10:50 - 2012-06-29 10:51 - 00000000 ____D C:\Program Files\Google
2012-06-25 12:09 - 2012-06-25 12:10 - 00000000 ____D C:\Documents and Settings\Daci\Application Data\Apple Computer
2012-06-25 12:09 - 2012-06-25 12:09 - 00000000 ____D C:\Documents and Settings\Daci\Local Settings\Application Data\Apple Computer
2012-06-25 12:07 - 2012-06-25 12:09 - 00000000 ____D C:\Program Files\iTunes
2012-06-25 12:07 - 2012-06-25 12:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-06-25 12:07 - 2012-06-25 12:07 - 00000000 ____D C:\Program Files\iPod
2012-06-25 12:07 - 2012-06-25 12:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer
2012-06-25 12:06 - 2012-06-25 12:06 - 00000000 ____D C:\Program Files\Apple Software Update
2012-06-25 12:06 - 2012-06-25 12:06 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Apple Computer
2012-06-25 12:06 - 2012-06-25 12:06 - 00000000 ____D C:\Documents and Settings\Daci\Local Settings\Application Data\Apple
2012-06-25 12:05 - 2012-06-25 12:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-06-25 12:05 - 2012-06-25 12:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple

============ 3 Months Modified Files ========================

2012-07-20 11:45 - 2011-09-14 18:31 - 00000062 __ASH C:\Documents and Settings\Daci\Local Settings\desktop.ini
2012-07-20 11:45 - 2011-09-14 18:16 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-07-20 11:43 - 2011-09-14 18:31 - 00000178 ___SH C:\Documents and Settings\Daci\ntuser.ini
2012-07-20 11:37 - 2011-09-14 18:17 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-07-20 10:42 - 2012-02-14 13:44 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2012-07-20 10:41 - 2012-02-14 13:44 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2012-07-20 10:33 - 2012-07-20 10:33 - 00892154 ____A (Farbar) C:\FRST.exe
2012-07-19 17:10 - 2012-07-19 17:10 - 04582475 ____R (Swearware) C:\Documents and Settings\Daci\Desktop\Gotcha.exe
2012-07-19 16:56 - 2012-07-19 16:55 - 02136664 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Daci\Desktop\tdsskiller.exe
2012-07-18 18:30 - 2011-09-14 20:13 - 00041472 ____A C:\Documents and Settings\Daci\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-17 18:37 - 2012-07-17 18:37 - 00000933 ____A C:\Documents and Settings\Daci\Desktop\Spybot - Search & Destroy.lnk
2012-07-17 18:28 - 2012-07-17 18:28 - 00002445 ____A C:\Documents and Settings\Daci\Desktop\HiJackThis.lnk
2012-07-13 14:15 - 2012-07-13 14:15 - 00000703 ____A C:\Documents and Settings\Daci\Desktop\Magic APE FLAC CD Burner.lnk
2012-07-08 14:05 - 2012-07-08 14:05 - 00000591 ____A C:\Documents and Settings\Daci\Desktop\Shortcut to Azureus.lnk
2012-07-04 12:30 - 2012-03-12 18:33 - 00000682 ____A C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2012-06-09 23:53 - 2012-06-09 23:53 - 00013943 ____A C:\Documents and Settings\Daci\hs_err_pid2404.log
2012-05-18 18:58 - 2012-05-18 18:58 - 00000719 ____A C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2012-05-03 07:31 - 2011-09-16 13:42 - 00067368 ____A C:\Documents and Settings\Daci\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

ZeroAccess:
C:\Documents and Settings\Daci\Local Settings\Application Data\{aa5548f4-d0d2-7525-29a9-a3c549fa588d}
C:\Documents and Settings\Daci\Local Settings\Application Data\{aa5548f4-d0d2-7525-29a9-a3c549fa588d}\@
C:\Documents and Settings\Daci\Local Settings\Application Data\{aa5548f4-d0d2-7525-29a9-a3c549fa588d}\L
C:\Documents and Settings\Daci\Local Settings\Application Data\{aa5548f4-d0d2-7525-29a9-a3c549fa588d}\U

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.

==================== Restore Points (XP) =====================


========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 1527.36 MB
Available physical RAM: 1304.5 MB
Total Pagefile: 3426.48 MB
Available Pagefile: 3377.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1997.14 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:55.89 GB) (Free:18.07 GB) NTFS ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 56 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 56 GB 32 KB
==================================================================================

Disk: 0
The disk management services could not complete the operation.

==================================================================================
======================= End Of Log ==========================
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download the attached fixlist.txt to the same location as FRST (c:\Fixlist.txt)
[attachment=59079:fixlist.txt]
Restart the computer as before to the recovery console... Reatogo desktop
Run FRST and click Fix
Posted Image
A log will be generated on the C drive

Reboot to normal windows

post the FRST fix log
  • 0

Advertisements


#11
liquidjo

liquidjo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012
Ran by Daci at 2012-07-20 12:46:02 Run:2
Running from C:\

ATTENTION: THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==============================================

C:\Documents and Settings\Daci\Local Settings\Application Data\{aa5548f4-d0d2-7525-29a9-a3c549fa588d} not found.
C:\Documents and Settings\Daci\Local Settings\Application Data\{aa5548f4-d0d2-7525-29a9-a3c549fa588d}\@ not found.
C:\Documents and Settings\Daci\Local Settings\Application Data\{aa5548f4-d0d2-7525-29a9-a3c549fa588d}\L not found.
C:\Documents and Settings\Daci\Local Settings\Application Data\{aa5548f4-d0d2-7525-29a9-a3c549fa588d}\U not found.

==== End of Fixlog ====


Scan log after fix:











Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-07-2012
Ran by Daci at 20-07-2012 12:46:21
Running from C:\
Service Pack 3 (X86) OS Language: English(US)
Attention: Could not load system hive.
Error: The system was unable to find the specified registry key or value
Attention: System hive is missing.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-07-20 12:33 - 2012-07-20 12:33 - 00000433 ____A C:\fixlist.txt
2012-07-20 11:47 - 2012-07-20 12:46 - 00000000 ____D C:\FRST
2012-07-20 10:33 - 2012-07-20 10:33 - 00892154 ____A (Farbar) C:\FRST.exe
2012-07-19 17:11 - 2012-07-19 17:12 - 00000000 ___SD C:\Gotcha
2012-07-19 17:11 - 2012-07-19 17:11 - 00000000 ____D C:\Qoobox
2012-07-19 17:10 - 2012-07-19 17:10 - 04582475 ____R (Swearware) C:\Documents and Settings\Daci\Desktop\Gotcha.exe
2012-07-19 16:55 - 2012-07-19 16:56 - 02136664 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Daci\Desktop\tdsskiller.exe
2012-07-18 16:58 - 2009-06-29 14:45 - 00000000 ____D C:\Documents and Settings\Daci\Desktop\Misery Signals [EP] [2003]
2012-07-18 12:07 - 2012-07-18 12:07 - 00000000 ____D C:\_OTL
2012-07-17 18:37 - 2012-07-17 18:37 - 00000933 ____A C:\Documents and Settings\Daci\Desktop\Spybot - Search & Destroy.lnk
2012-07-17 18:36 - 2012-07-17 19:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2012-07-17 18:36 - 2012-07-17 18:39 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-07-17 18:28 - 2012-07-17 18:28 - 00002445 ____A C:\Documents and Settings\Daci\Desktop\HiJackThis.lnk
2012-07-17 18:28 - 2012-07-17 18:28 - 00000000 ____D C:\Program Files\Trend Micro
2012-07-16 16:38 - 2012-07-16 16:38 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2012-07-16 16:37 - 2012-07-16 16:37 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2012-07-16 10:11 - 2012-07-16 10:11 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2012-07-16 10:10 - 2012-07-16 10:10 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2012-07-13 14:15 - 2012-07-13 14:15 - 00000703 ____A C:\Documents and Settings\Daci\Desktop\Magic APE FLAC CD Burner.lnk
2012-07-13 14:15 - 2012-07-13 14:15 - 00000000 ____D C:\Program Files\Magic APE FLAC CD Burner
2012-07-12 18:37 - 2012-07-12 18:37 - 00000000 ____D C:\Documents and Settings\Daci\Desktop\Mongol
2012-07-11 09:08 - 2012-07-11 09:08 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
2012-07-08 14:05 - 2012-07-08 14:05 - 00000591 ____A C:\Documents and Settings\Daci\Desktop\Shortcut to Azureus.lnk
2012-07-04 12:56 - 2012-07-04 12:56 - 00000000 ____D C:\Documents and Settings\Daci\My Documents\My Received Files
2012-07-04 12:56 - 2012-07-04 12:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\FLEXnet
2012-07-04 12:55 - 2012-07-04 12:55 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2012-07-04 12:52 - 2012-07-04 12:52 - 00000000 ____D C:\Intel
2012-07-04 12:47 - 2012-07-04 12:51 - 00000000 ____D C:\Documents and Settings\All Users\Documents\DriverGenius
2012-07-04 12:46 - 2012-07-04 12:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DriverGenius
2012-07-04 12:44 - 2012-07-04 12:44 - 00000000 ____D C:\Program Files\Driver-Soft
2012-07-03 22:17 - 2012-07-03 22:17 - 00000000 ____D C:\Documents and Settings\Daci\Application Data\DDMSettings
2012-07-03 21:30 - 2012-07-04 12:06 - 00000000 ____D C:\Documents and Settings\Daci\Application Data\DivX
2012-07-03 21:29 - 2012-07-03 21:30 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2012-07-03 21:24 - 2012-07-03 21:31 - 00000000 ____D C:\Program Files\DivX
2012-07-03 21:23 - 2012-07-03 21:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DivX
2012-07-03 17:56 - 2012-07-03 17:56 - 00000000 ____D C:\Documents and Settings\Daci\Local Settings\Application Data\ESET
2012-06-29 10:52 - 2012-06-29 10:52 - 00000000 ____D C:\Documents and Settings\Daci\Application Data\Google
2012-06-29 10:50 - 2012-06-29 10:51 - 00000000 ____D C:\Program Files\Google
2012-06-25 12:09 - 2012-06-25 12:10 - 00000000 ____D C:\Documents and Settings\Daci\Application Data\Apple Computer
2012-06-25 12:09 - 2012-06-25 12:09 - 00000000 ____D C:\Documents and Settings\Daci\Local Settings\Application Data\Apple Computer
2012-06-25 12:07 - 2012-06-25 12:09 - 00000000 ____D C:\Program Files\iTunes
2012-06-25 12:07 - 2012-06-25 12:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-06-25 12:07 - 2012-06-25 12:07 - 00000000 ____D C:\Program Files\iPod
2012-06-25 12:07 - 2012-06-25 12:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer
2012-06-25 12:06 - 2012-06-25 12:06 - 00000000 ____D C:\Program Files\Apple Software Update
2012-06-25 12:06 - 2012-06-25 12:06 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Apple Computer
2012-06-25 12:06 - 2012-06-25 12:06 - 00000000 ____D C:\Documents and Settings\Daci\Local Settings\Application Data\Apple
2012-06-25 12:05 - 2012-06-25 12:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-06-25 12:05 - 2012-06-25 12:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple

============ 3 Months Modified Files ========================

2012-07-20 12:44 - 2011-09-14 18:31 - 00000062 __ASH C:\Documents and Settings\Daci\Local Settings\desktop.ini
2012-07-20 12:44 - 2011-09-14 18:16 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-07-20 12:43 - 2011-09-14 18:31 - 00000178 ___SH C:\Documents and Settings\Daci\ntuser.ini
2012-07-20 12:40 - 2011-09-14 18:17 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-07-20 12:33 - 2012-07-20 12:33 - 00000433 ____A C:\fixlist.txt
2012-07-20 10:42 - 2012-02-14 13:44 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2012-07-20 10:41 - 2012-02-14 13:44 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2012-07-20 10:33 - 2012-07-20 10:33 - 00892154 ____A (Farbar) C:\FRST.exe
2012-07-19 17:10 - 2012-07-19 17:10 - 04582475 ____R (Swearware) C:\Documents and Settings\Daci\Desktop\Gotcha.exe
2012-07-19 16:56 - 2012-07-19 16:55 - 02136664 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Daci\Desktop\tdsskiller.exe
2012-07-18 18:30 - 2011-09-14 20:13 - 00041472 ____A C:\Documents and Settings\Daci\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-17 18:37 - 2012-07-17 18:37 - 00000933 ____A C:\Documents and Settings\Daci\Desktop\Spybot - Search & Destroy.lnk
2012-07-17 18:28 - 2012-07-17 18:28 - 00002445 ____A C:\Documents and Settings\Daci\Desktop\HiJackThis.lnk
2012-07-13 14:15 - 2012-07-13 14:15 - 00000703 ____A C:\Documents and Settings\Daci\Desktop\Magic APE FLAC CD Burner.lnk
2012-07-08 14:05 - 2012-07-08 14:05 - 00000591 ____A C:\Documents and Settings\Daci\Desktop\Shortcut to Azureus.lnk
2012-07-04 12:30 - 2012-03-12 18:33 - 00000682 ____A C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2012-06-09 23:53 - 2012-06-09 23:53 - 00013943 ____A C:\Documents and Settings\Daci\hs_err_pid2404.log
2012-05-18 18:58 - 2012-05-18 18:58 - 00000719 ____A C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2012-05-03 07:31 - 2011-09-16 13:42 - 00067368 ____A C:\Documents and Settings\Daci\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.

==================== Restore Points (XP) =====================


========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 1527.36 MB
Available physical RAM: 1299.22 MB
Total Pagefile: 3426.48 MB
Available Pagefile: 3374.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1997.03 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:55.89 GB) (Free:18.06 GB) NTFS ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 56 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 56 GB 32 KB
==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 56 GB Healthy System (partition with boot components)
==================================================================================
======================= End Of Log ==========================
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now go back to normal mode and let me know how it is behaving
  • 0

#13
liquidjo

liquidjo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Still cant turn on firewall. Should I run Combofix?
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes retry combofix

Then run the following programme

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#15
liquidjo

liquidjo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Combofix again stalled...Here the log you requested:



Farbar Service Scanner Version: 19-07-2012
Ran by Daci (administrator) on 20-07-2012 at 13:13:12
Running from "C:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINXP\system32\dhcpcsvc.dll => MD5 is legit
C:\WINXP\system32\Drivers\afd.sys => MD5 is legit
C:\WINXP\system32\Drivers\netbt.sys => MD5 is legit
C:\WINXP\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINXP\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINXP\system32\dnsrslvr.dll => MD5 is legit
C:\WINXP\system32\ipnathlp.dll => MD5 is legit
C:\WINXP\system32\netman.dll => MD5 is legit
C:\WINXP\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINXP\system32\srsvc.dll => MD5 is legit
C:\WINXP\system32\Drivers\sr.sys => MD5 is legit
C:\WINXP\system32\wscsvc.dll => MD5 is legit
C:\WINXP\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINXP\system32\wuauserv.dll => MD5 is legit
C:\WINXP\system32\qmgr.dll => MD5 is legit
C:\WINXP\system32\es.dll
[2010-09-16 06:10] - [2010-09-16 06:10] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC

C:\WINXP\system32\cryptsvc.dll => MD5 is legit
C:\WINXP\system32\svchost.exe => MD5 is legit
C:\WINXP\system32\rpcss.dll
[2010-09-16 06:11] - [2010-09-16 06:11] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2

C:\WINXP\system32\services.exe
[2010-09-16 06:11] - [2010-09-16 06:11] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6


Extra List:
=======
Gpc(4) IPSec(6) NetBT(7) PSched(8) RFCOMM(3) Tcpip(5)
0x09000000060000000100000002000000030000000400000005000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP