Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Redirect, computer restarting, etc etc [Closed]

Started by bkasten , Aug 03 2012 02:48 PM

This topic is locked

#1
bkasten

Posted 03 August 2012 - 02:48 PM

Member

Member
32 posts

Be forewarned -- I'm not the most literate computer person in the world!

A couple issues that I'd be grateful for some assistance with:
Firstly, there's something plaguing my computer that's causing all my search-engine clicks to redirect somewhere else.

Also, my computer involuntarily shuts down on occasion, and when it restarts I'm hit with a 'send error report' prompt that says they system has recovered from a serious error.

What should I do first in order to help acquire the necessary information to diagnose Sasha's ills? (Sasha is my computer)

#2
Essexboy

Posted 03 August 2012 - 02:57 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi lets see if we can get Sasha out of intensive care and back on the road

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#3
bkasten

Posted 04 August 2012 - 11:25 PM

Member

Topic Starter
Member
32 posts

I'm grateful there are people like you in the world who help without any expectation of reciprocation.

Here are the logs you've requested:

OTL
OTL logfile created on: 8/4/2012 10:35:47 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.30 Mb Total Physical Memory | 266.43 Mb Available Physical Memory | 52.11% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.60% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.18 Gb Total Space | 9.99 Gb Free Space | 6.93% Space Free | Partition Type: NTFS
Drive D: | 4.85 Gb Total Space | 0.88 Gb Free Space | 18.05% Space Free | Partition Type: FAT32
Drive K: | 465.65 Gb Total Space | 315.83 Gb Free Space | 67.83% Space Free | Partition Type: FAT32

Computer Name: ROHAN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/04 22:29:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/07/26 19:52:04 | 001,095,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012/07/26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2010/11/11 14:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneBusEnum.exe
PRC - [2010/11/11 14:55:46 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2010/09/14 18:09:52 | 001,213,848 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/07/25 21:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/05/12 05:59:33 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/05/12 05:59:33 | 000,057,389 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
PRC - [2003/08/21 05:15:48 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003/08/18 01:34:02 | 000,158,376 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton AntiVirus\navapsvc.exe
PRC - [2003/08/15 02:59:56 | 000,234,656 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2003/08/15 02:59:50 | 000,255,136 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/05/26 14:57:18 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/11/11 14:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 14:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 14:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/11 14:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/08/18 01:34:02 | 000,158,376 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2003/08/15 02:59:56 | 000,234,656 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2003/08/15 02:59:54 | 000,087,200 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2003/08/15 02:59:50 | 000,255,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2003/08/10 02:26:24 | 000,193,816 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton AntiVirus\SAVScan.exe -- (SAVScan)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (mrtRate)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/04/01 05:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011/04/01 05:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2007/01/31 06:45:00 | 001,050,784 | ---- | M] (D-Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5416.sys -- (AR5416)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/06/29 09:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/05/12 04:36:50 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/03/04 10:00:00 | 000,598,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040304.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2004/03/04 10:00:00 | 000,067,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040304.008\NAVENG.SYS -- (NAVENG)
DRV - [2004/01/02 22:05:48 | 000,011,520 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/01/02 21:20:40 | 000,432,000 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/12/12 08:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/02 20:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/11/07 21:00:00 | 000,035,328 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/10/29 21:02:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/08/16 03:07:58 | 000,015,176 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2003/08/16 03:05:30 | 000,176,963 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2003/08/16 02:22:12 | 000,082,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2003/08/07 01:02:12 | 000,035,008 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- c:\Program Files\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2003/08/07 01:02:06 | 000,300,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- c:\Program Files\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2003/07/18 18:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2003/07/02 13:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2003/04/21 23:18:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 15:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3823566890-3238526298-2123976588-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-3823566890-3238526298-2123976588-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-3823566890-3238526298-2123976588-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-3823566890-3238526298-2123976588-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-3823566890-3238526298-2123976588-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3823566890-3238526298-2123976588-1003\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3823566890-3238526298-2123976588-1003\..\SearchScopes,DefaultScope = {5D81C564-BE79-415B-B827-995A6D8174F7}
IE - HKU\S-1-5-21-3823566890-3238526298-2123976588-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3823566890-3238526298-2123976588-1003\..\SearchScopes\{5D81C564-BE79-415B-B827-995A6D8174F7}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-3823566890-3238526298-2123976588-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3823566890-3238526298-2123976588-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {e2fda1a4-762b-4020-b5ad-a41df1933103}:1.0b2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/31 02:58:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/02/29 19:52:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/05/15 21:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/05/15 21:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/04 11:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/15 21:21:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll
CHR - plugin: RealOne Player Version Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/04/30 15:56:09 | 000,001,798 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-3823566890-3238526298-2123976588-1003\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-3823566890-3238526298-2123976588-1003\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3823566890-3238526298-2123976588-1003\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VTTimer] VTTimer.exe File not found
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3823566890-3238526298-2123976588-1003..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\BackupNotify.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-3823566890-3238526298-2123976588-1003..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3823566890-3238526298-2123976588-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3823566890-3238526298-2123976588-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add To HP Organize... - C:\Program Files\Hewlett-Packard\HP Organize\bin\core.hp.main\SendTo.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2p...bs/QOLCheck.ocx (QOLCheck Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1305264384281 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93786561-E41E-44B0-8A49-B843CEA9DEA2}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/12 01:25:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{5d5ac8ed-7d6f-11e0-81af-00112f4e84ae}\Shell - "" = AutoRun
O33 - MountPoints2\{5d5ac8ed-7d6f-11e0-81af-00112f4e84ae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5d5ac8ed-7d6f-11e0-81af-00112f4e84ae}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{6fc2e280-808a-11e0-81b7-00112f4e84ae}\Shell - "" = AutoRun
O33 - MountPoints2\{6fc2e280-808a-11e0-81b7-00112f4e84ae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6fc2e280-808a-11e0-81b7-00112f4e84ae}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\{99a1a60c-9f67-11e1-8203-00112f4e84ae}\Shell - "" = AutoRun
O33 - MountPoints2\{99a1a60c-9f67-11e1-8203-00112f4e84ae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99a1a60c-9f67-11e1-8203-00112f4e84ae}\Shell\AutoRun\command - "" = L:\StartClickFreeBackup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/04 22:29:37 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/07/30 15:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Search Settings
[2012/07/30 15:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012/07/30 15:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\YTD Toolbar
[2012/07/30 15:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012/07/18 12:33:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/18 12:27:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/18 12:27:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2012/07/18 12:26:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/18 12:25:34 | 004,582,182 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/07/13 19:16:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/07/13 19:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/07/11 22:02:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
[2012/07/11 22:02:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2012/07/11 22:02:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2012/07/11 22:01:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2012/07/11 21:58:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJFAX
[2012/07/11 21:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MX360 series User Registration
[2012/07/11 21:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Canon Easy-WebPrint EX
[2012/07/11 21:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2012/07/11 21:53:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012/07/11 21:51:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
[2012/07/11 21:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MX360 series Manual
[2012/07/11 21:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MX360 series
[2012/07/11 21:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012/07/11 21:39:44 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/04 22:29:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/08/04 22:18:47 | 000,000,185 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2012/08/04 22:17:40 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/04 22:17:37 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\LDIBEFVMIV.job
[2012/08/04 22:17:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/04 22:17:26 | 536,203,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/04 18:05:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/03 19:00:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2012/08/02 23:28:26 | 013,161,775 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Flower of Life PDFs.zip
[2012/07/31 19:55:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/31 11:38:26 | 000,017,220 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KIM & TAMMIE.odt
[2012/07/25 22:09:07 | 000,012,531 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Intermittent Fasting Menu.odt
[2012/07/23 21:51:38 | 000,108,267 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tumblr_m31ezx9iwk1qmiyfro1_1280.jpg
[2012/07/19 19:23:28 | 000,154,203 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\socrates.jpg
[2012/07/18 12:25:34 | 004,582,182 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/07/13 19:18:45 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2012/07/13 19:12:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/13 18:11:35 | 000,003,885 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg
[2012/07/11 21:53:27 | 000,001,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu EX.lnk
[2012/07/11 21:51:12 | 000,001,978 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MX360 series On-screen Manual.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/02 23:27:03 | 013,161,775 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Flower of Life PDFs.zip
[2012/07/31 11:38:24 | 000,017,220 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KIM & TAMMIE.odt
[2012/07/25 22:09:07 | 000,012,531 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Intermittent Fasting Menu.odt
[2012/07/23 21:51:38 | 000,108,267 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tumblr_m31ezx9iwk1qmiyfro1_1280.jpg
[2012/07/19 19:23:28 | 000,154,203 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\socrates.jpg
[2012/07/11 21:53:27 | 000,001,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu EX.lnk
[2012/07/11 21:51:13 | 000,001,978 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MX360 series On-screen Manual.lnk
[2012/05/13 10:56:56 | 000,151,552 | RHS- | C] () -- C:\WINDOWS\System32\nvwrsptj.dll
[2011/12/20 21:27:30 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Owner\g2mdlhlpx.exe
[2011/10/12 15:46:49 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\Owner\Eudora.lnk
[2011/09/25 01:54:35 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2011/06/28 14:27:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\nnr.dll
[2011/06/22 12:07:29 | 000,000,230 | ---- | C] () -- C:\WINDOWS\Jakes Alarm Clock.INI
[2011/06/20 16:15:51 | 000,002,142 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2011/06/20 16:15:50 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2011/06/20 16:15:22 | 000,001,181 | ---- | C] () -- C:\WINDOWS\System32\imbrmute.ini
[2011/06/20 16:06:16 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2011/06/20 15:11:04 | 000,000,094 | ---- | C] () -- C:\WINDOWS\awshkwv.ini
[2011/06/20 14:59:25 | 000,068,294 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2011/06/20 14:59:25 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2011/05/28 12:20:01 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/05/28 12:20:01 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/28 12:18:11 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/17 18:26:31 | 000,001,441 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011/05/15 20:54:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/15 20:47:20 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/13 00:52:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/05/13 00:08:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011/05/13 00:08:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011/05/13 00:08:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011/05/13 00:08:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011/05/13 00:08:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011/05/13 00:08:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/04/01 04:56:00 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2004/05/12 07:23:18 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2004/05/12 01:44:45 | 000,015,619 | ---- | C] () -- C:\Documents and Settings\Owner\ml1.srt
[2004/05/12 01:44:45 | 000,015,420 | ---- | C] () -- C:\Documents and Settings\Owner\ml2.srt

========== LOP Check ==========

[2012/06/27 23:58:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/07/11 22:02:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2012/07/11 22:02:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2012/07/11 21:58:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJFAX
[2012/07/11 22:01:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2012/07/04 14:48:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/07/11 22:02:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
[2012/07/11 21:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012/05/17 23:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clickfree
[2011/05/25 00:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/07/31 13:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/11/14 00:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011/10/29 16:37:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{406B889B-377B-4194-B367-FEADF70FF485}
[2004/05/12 07:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2012/07/11 22:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2012/07/11 21:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon Easy-WebPrint EX
[2012/03/14 11:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CompuClever
[2011/10/12 15:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cyrusoft
[2011/07/31 03:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DDMSettings
[2011/10/29 16:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DealerTrack DMS
[2011/05/26 14:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Final Draft
[2011/06/20 16:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterMute
[2011/06/24 01:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iPodder
[2012/03/26 22:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2011/10/29 16:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\looksoftware
[2011/06/05 23:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MusicBrainz
[2011/05/15 21:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2011/05/21 10:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2011/10/12 15:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Qualcomm
[2004/05/12 07:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2012/07/30 15:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Search Settings
[2011/09/25 01:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\spiral
[2011/05/15 20:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird
[2012/08/04 22:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\tixati
[2011/05/20 16:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2012/02/28 00:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YouTube Downloader
[2012/08/04 22:17:37 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\LDIBEFVMIV.job
[2012/08/03 19:00:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES >
[2002/08/29 14:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES._ >
[2002/08/29 07:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\WINDOWS\I386\SERVICES._

< MD5 for: SERVICES.BMP >
[2001/03/14 03:14:56 | 000,005,030 | ---- | M] () MD5=FDBB222415C2E2A4129C60B3133C2E0E -- C:\Program Files\Quicken\hpbiz\services.bmp

< MD5 for: SERVICES.CFG >
[2012/04/04 00:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EX_ >
[2002/08/29 07:00:00 | 000,047,953 | ---- | M] () MD5=78718439FA165A148B2F41A9EB41F488 -- C:\WINDOWS\I386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 12:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 05:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 02:56:55 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SERVICES.EXE.000 >
[2004/08/04 02:56:55 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe.000

< MD5 for: SERVICES.LNK >
[2004/05/12 01:25:38 | 000,001,602 | ---- | M] () MD5=0623BB692136BAF26664198A535B49BE -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2011/11/10 00:38:02 | 000,000,547 | ---- | M] () MD5=5E2FD2A25D4BF4D6A16D7BA18BA4163D -- C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\T97HDUGF\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MS_ >
[2002/08/29 07:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\WINDOWS\I386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2002/08/29 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.RDB >
[2011/01/17 18:52:22 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 18:51:48 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SERVICES.SMARTHINKING.COM.IDX >
[2011/11/14 20:57:11 | 000,000,462 | ---- | M] () MD5=CDD6C6F6FC3990ECA6E1159CCE5458B2 -- C:\Documents and Settings\Owner\Local Settings\Application Data\Opera\Opera\icons\services.smarthinking.com.idx

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 02:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 02:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

EXTRAS
OTL Extras logfile created on: 8/4/2012 10:35:47 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.30 Mb Total Physical Memory | 266.43 Mb Available Physical Memory | 52.11% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.60% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.18 Gb Total Space | 9.99 Gb Free Space | 6.93% Space Free | Partition Type: NTFS
Drive D: | 4.85 Gb Total Space | 0.88 Gb Free Space | 18.05% Space Free | Partition Type: FAT32
Drive K: | 465.65 Gb Total Space | 315.83 Gb Free Space | 67.83% Space Free | Partition Type: FAT32

Computer Name: ROHAN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-3823566890-3238526298-2123976588-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe" = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Enabled:BackWeb-137903 -- ()
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\tixati\tixati.exe" = C:\Program Files\tixati\tixati.exe:*:Enabled:tixati -- ()
"C:\Program Files\MusicBrainz Picard\picard.exe" = C:\Program Files\MusicBrainz Picard\picard.exe:*:Enabled:The next generation MusicBrainz tagger -- ()
"C:\Program Files\InterMute\SpamSubtract\SpamSub.exe" = C:\Program Files\InterMute\SpamSubtract\SpamSub.exe:*:Disabled:SpamSubtract Main Module
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX360_series" = Canon MX360 series MP Drivers
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B46A433-E0A8-46FE-9283-D246A8239D40}" = DealerTrack DMS Web Client
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51E711EF-13DA-41B6-BB7E-BE1CD0823D4D}" = NetObjects Fusion 11.0
"{5469D537-9B44-4c78-BF2D-5F9807564F74}" = HP PSC & OfficeJet 4.7
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcutsP
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A84291F6-3898-40E5-B334-A9E4D9304494}" = Sapi
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BCC315E7-2E8F-4EFD-8A0B-F8F276FE73F2}" = YTD Toolbar v6.2
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2CDB6A0-9E2D-4E4E-8776-2D92F2F0FB3D}_is1" = MKV File Player
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C6C44651-7C66-4b11-92E8-17565D3D22DD}" = HP Image Zone Plus 3.5
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2004
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6414CC7-F215-467F-88B1-546ED863F35B}" = CC_ccStart
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}" = SymNet
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{EB3526D4-4C7C-4F45-8303-340A23E4F950}" = HPIZFix3
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{F247869D-3643-4A9F-821B-3534145928E3}" = HPIZ350
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FC37ABD0-2108-4beb-B010-1254E0662B5A}" = MSRedist
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"36317AE4-57EC-4F3E-B828-009A3DD96BE8" = Polar Bowler from Hewlett-Packard Desktops (remove only)
"62067F4C-84A9-45B9-8573-B90468B0A3EF" = Orbital from Hewlett-Packard Desktops (remove only)
"6723E59E-322A-417A-8E03-27A61E18253C" = Overball from Hewlett-Packard Desktops (remove only)
"8C4E79CC-03E1-43AA-9910-9A5113F24603" = Blasterball 2 from Hewlett-Packard Desktops (remove only)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Alarm Clock_is1" = Alarm Clock v1.0
"B8610D19-E576-4F91-8A2F-07898D9CA301" = Word Symphony from Hewlett-Packard Desktops (remove only)
"BackWeb-137903 Uninstaller" = Updates from HP
"BFBCBAE3-8293-4215-9C4F-C2402C118EDB" = Otto from Hewlett-Packard Desktops (remove only)
"C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A" = Slyder from Hewlett-Packard Desktops (remove only)
"Canon MX360 series User Registration" = Canon MX360 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"D11F7128-8CBD-408B-8BF8-034604DEDD42" = Bounce Symphony from Hewlett-Packard Desktops (remove only)
"DA44615A-C243-46A4-8E47-184CFF33CD38" = Five Card Frenzy from Hewlett-Packard Desktops (remove only)
"DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292" = Crystal Maze from Hewlett-Packard Desktops (remove only)
"DealerTrack DMS Web Client" = DealerTrack DMS Web Client
"DivX Setup.divx.com" = DivX Setup
"E28167F1-3F42-40C7-9119-1D5A97444F10" = Blackhawk Striker from Hewlett-Packard Desktops (remove only)
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"F5215F01-DFC0-475D-A910-6F1AF94E807E" = Tradewinds from Hewlett-Packard Desktops (remove only)
"Google Chrome" = Google Chrome
"HP Instant Support" = HP Instant Support
"HP Photo & Imaging" = HP Image Zone 4.7
"HPTOOLKIT" = Toolkit View(HP)
"ie8" = Windows Internet Explorer 8
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Juice" = Juice 2.2
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.90 (Symantec Corporation)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"MusicBrainz Picard" = MusicBrainz Picard
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Ethernet Driver" = NVIDIA Ethernet Driver
"Opera 12.00.1467" = Opera 12.00
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealOne Player
"Speed Dial Utility" = Canon Speed Dial Utility
"SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2004 (Symantec Corporation)
"tixati" = Tixati
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3823566890-3238526298-2123976588-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/4/2012 11:20:10 PM | Computer Name = ROHAN | Source = nview_info | ID = 11141121
Description =

Error - 8/4/2012 11:20:10 PM | Computer Name = ROHAN | Source = nview_info | ID = 11141121
Description =

Error - 8/4/2012 11:20:10 PM | Computer Name = ROHAN | Source = nview_info | ID = 11141121
Description =

Error - 8/4/2012 11:20:10 PM | Computer Name = ROHAN | Source = nview_info | ID = 11141121
Description =

Error - 8/4/2012 11:20:10 PM | Computer Name = ROHAN | Source = nview_info | ID = 11141121
Description =

Error - 8/4/2012 11:20:10 PM | Computer Name = ROHAN | Source = nview_info | ID = 11141121
Description =

Error - 8/4/2012 11:20:10 PM | Computer Name = ROHAN | Source = nview_info | ID = 11141121
Description =

Error - 8/4/2012 11:20:10 PM | Computer Name = ROHAN | Source = nview_info | ID = 11141121
Description =

Error - 8/4/2012 11:20:10 PM | Computer Name = ROHAN | Source = nview_info | ID = 11141121
Description =

Error - 8/4/2012 11:20:10 PM | Computer Name = ROHAN | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 8/2/2012 3:15:10 PM | Computer Name = ROHAN | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 8/2/2012 3:15:29 PM | Computer Name = ROHAN | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000009, parameter2 00000002, parameter3
00000000, parameter4 f790dbe9.

Error - 8/3/2012 12:21:33 AM | Computer Name = ROHAN | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 8/3/2012 12:21:52 AM | Computer Name = ROHAN | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 f0f11000, parameter2 00000001, parameter3
bf01278b, parameter4 00000000.

Error - 8/3/2012 2:27:49 PM | Computer Name = ROHAN | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 8/3/2012 2:28:06 PM | Computer Name = ROHAN | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 ffd9ff90, parameter2 00000002, parameter3
00000000, parameter4 80502ba0.

Error - 8/4/2012 4:30:50 PM | Computer Name = ROHAN | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 8/4/2012 4:31:39 PM | Computer Name = ROHAN | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 9f97ac6c, parameter2 00000005, parameter3
00000000, parameter4 f790f45c.

Error - 8/4/2012 11:19:20 PM | Computer Name = ROHAN | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 8/4/2012 11:19:51 PM | Computer Name = ROHAN | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000008, parameter2 00000002, parameter3
00000000, parameter4 f8346c00.

< End of report >

aswMBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-05 00:11:17
-----------------------------
00:11:17.093 OS Version: Windows 5.1.2600 Service Pack 3
00:11:17.093 Number of processors: 1 586 0x408
00:11:17.093 ComputerName: ROHAN UserName: Owner
00:11:20.437 Initialize success
00:11:30.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:11:30.890 Disk 0 Vendor: Maxtor_6Y160P0 YAR41BW0 Size: 152627MB BusType: 3
00:11:30.937 Disk 0 MBR read successfully
00:11:30.937 Disk 0 MBR scan
00:11:30.937 Disk 0 unknown MBR code
00:11:30.953 Disk 0 Partition 1 00 0B FAT32 RECOVERY 4975 MB offset 63
00:11:30.968 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147641 MB offset 10190880
00:11:30.984 Disk 0 malicious Win32:MBRoot code @ sector 61 !
00:11:31.015 Disk 0 PE file @ sector 312560640 !
00:11:31.062 Disk 0 scanning C:\WINDOWS\system32\drivers
00:11:36.687 Service scanning
00:11:46.437 Modules scanning
00:11:52.796 Disk 0 trace - called modules:
00:11:52.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
00:11:53.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82d6bab8]
00:11:53.156 3 CLASSPNP.SYS[f8625fd7] -> nt!IofCallDriver -> \Device\00000062[0x82d99a68]
00:11:53.156 5 ACPI.sys[f84bc620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82dcc940]
00:11:53.156 Scan finished successfully
00:12:06.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
00:12:06.218 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

#4
Essexboy

Posted 05 August 2012 - 04:22 AM

GeekU Moderator

Retired Staff
69,964 posts

OK I can see a task running that should not be and there is evidence of an old MBR infection...So lets clear those and see what the outcome is

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2012/08/04 22:17:37 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\LDIBEFVMIV.job
[2012/05/13 10:56:56 | 000,151,552 | RHS- | C] () -- C:\WINDOWS\System32\nvwrsptj.dll

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application
Then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Get the report by selecting Reports
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

#5
bkasten

Posted 05 August 2012 - 02:37 PM

Member

Topic Starter
Member
32 posts

TDSSKiller Log
All the files that came up were labeled as 'suspicious'
15:30:43.0343 1608 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:30:43.0859 1608 ============================================================
15:30:43.0859 1608 Current date / time: 2012/08/05 15:30:43.0859
15:30:43.0859 1608 SystemInfo:
15:30:43.0859 1608
15:30:43.0859 1608 OS Version: 5.1.2600 ServicePack: 3.0
15:30:43.0859 1608 Product type: Workstation
15:30:43.0859 1608 ComputerName: ROHAN
15:30:43.0859 1608 UserName: Owner
15:30:43.0859 1608 Windows directory: C:\WINDOWS
15:30:43.0859 1608 System windows directory: C:\WINDOWS
15:30:43.0859 1608 Processor architecture: Intel x86
15:30:43.0859 1608 Number of processors: 1
15:30:43.0859 1608 Page size: 0x1000
15:30:43.0859 1608 Boot type: Normal boot
15:30:43.0859 1608 ============================================================
15:30:45.0234 1608 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
15:30:45.0296 1608 Drive \Device\Harddisk5\DR7 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:30:45.0296 1608 ============================================================
15:30:45.0296 1608 \Device\Harddisk0\DR0:
15:30:45.0296 1608 MBR partitions:
15:30:45.0296 1608 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x9B7FE1
15:30:45.0296 1608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9B8020, BlocksNum 0x1205CBE0
15:30:45.0296 1608 \Device\Harddisk5\DR7:
15:30:45.0296 1608 MBR partitions:
15:30:45.0296 1608 \Device\Harddisk5\DR7\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
15:30:45.0296 1608 ============================================================
15:30:45.0328 1608 C: <-> \Device\Harddisk0\DR0\Partition1
15:30:45.0328 1608 D: <-> \Device\Harddisk0\DR0\Partition0
15:30:45.0328 1608 K: <-> \Device\Harddisk5\DR7\Partition0
15:30:45.0328 1608 ============================================================
15:30:45.0328 1608 Initialize success
15:30:45.0328 1608 ============================================================
15:30:50.0437 3420 ============================================================
15:30:50.0437 3420 Scan started
15:30:50.0437 3420 Mode: Manual; SigCheck; TDLFS;
15:30:50.0437 3420 ============================================================
15:30:51.0062 3420 Abiosdsk - ok
15:30:51.0078 3420 abp480n5 - ok
15:30:51.0125 3420 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:30:51.0296 3420 ACPI - ok
15:30:51.0343 3420 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:30:51.0468 3420 ACPIEC - ok
15:30:51.0468 3420 adpu160m - ok
15:30:51.0500 3420 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:30:51.0625 3420 aec - ok
15:30:51.0671 3420 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
15:30:51.0687 3420 AFD - ok
15:30:51.0718 3420 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys
15:30:51.0718 3420 AFS2K - ok
15:30:51.0796 3420 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:30:51.0828 3420 AgereSoftModem - ok
15:30:51.0843 3420 Aha154x - ok
15:30:51.0859 3420 aic78u2 - ok
15:30:51.0859 3420 aic78xx - ok
15:30:51.0921 3420 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
15:30:51.0968 3420 ALCXSENS - ok
15:30:52.0093 3420 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
15:30:52.0218 3420 ALCXWDM - ok
15:30:52.0375 3420 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:30:52.0500 3420 Alerter - ok
15:30:52.0531 3420 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:30:52.0640 3420 ALG - ok
15:30:52.0671 3420 AliIde - ok
15:30:52.0687 3420 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
15:30:52.0812 3420 AmdK7 - ok
15:30:52.0843 3420 AmdK8 (d7e6de8f676cf3a387f75e9ab404f7a4) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
15:30:52.0859 3420 AmdK8 - ok
15:30:52.0875 3420 amsint - ok
15:30:52.0968 3420 Application Updater (0805ecf10476a091999e4d59d0db71a2) C:\Program Files\Application Updater\ApplicationUpdater.exe
15:30:53.0000 3420 Application Updater - ok
15:30:53.0015 3420 AppMgmt - ok
15:30:53.0109 3420 AR5416 (7f5f32bf855bf25d8645c375dfd95255) C:\WINDOWS\system32\DRIVERS\ar5416.sys
15:30:53.0187 3420 AR5416 - ok
15:30:53.0234 3420 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:30:53.0375 3420 Arp1394 - ok
15:30:53.0375 3420 asc - ok
15:30:53.0390 3420 asc3350p - ok
15:30:53.0406 3420 asc3550 - ok
15:30:53.0500 3420 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:30:53.0515 3420 aspnet_state - ok
15:30:53.0531 3420 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:30:53.0625 3420 AsyncMac - ok
15:30:53.0656 3420 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:30:53.0796 3420 atapi - ok
15:30:53.0796 3420 Atdisk - ok
15:30:53.0828 3420 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:30:53.0937 3420 Atmarpc - ok
15:30:53.0968 3420 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:30:54.0078 3420 AudioSrv - ok
15:30:54.0125 3420 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:30:54.0250 3420 audstub - ok
15:30:54.0281 3420 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:30:54.0421 3420 Beep - ok
15:30:54.0468 3420 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:30:54.0609 3420 BITS - ok
15:30:54.0671 3420 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files\Bonjour\mDNSResponder.exe
15:30:54.0671 3420 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
15:30:54.0671 3420 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
15:30:54.0703 3420 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:30:54.0828 3420 Browser - ok
15:30:54.0843 3420 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:30:54.0984 3420 cbidf2k - ok
15:30:55.0015 3420 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:30:55.0125 3420 CCDECODE - ok
15:30:55.0187 3420 ccEvtMgr (d2a024a00956566951cf9a76b386ce9f) c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
15:30:55.0203 3420 ccEvtMgr - ok
15:30:55.0218 3420 ccPwdSvc (a685c44ba9be75dd3e137345695b9c71) c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
15:30:55.0234 3420 ccPwdSvc - ok
15:30:55.0250 3420 ccSetMgr (52c446e2c0fef50f22cc110cbb670afe) c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
15:30:55.0265 3420 ccSetMgr - ok
15:30:55.0281 3420 cd20xrnt - ok
15:30:55.0312 3420 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:30:55.0453 3420 Cdaudio - ok
15:30:55.0484 3420 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:30:55.0593 3420 Cdfs - ok
15:30:55.0609 3420 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:30:55.0625 3420 Cdrom - ok
15:30:55.0625 3420 Changer - ok
15:30:55.0656 3420 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:30:55.0781 3420 CiSvc - ok
15:30:55.0796 3420 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:30:55.0906 3420 ClipSrv - ok
15:30:55.0968 3420 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:30:55.0968 3420 clr_optimization_v2.0.50727_32 - ok
15:30:55.0984 3420 CmdIde - ok
15:30:55.0984 3420 COMSysApp - ok
15:30:56.0000 3420 Cpqarray - ok
15:30:56.0031 3420 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:30:56.0125 3420 CryptSvc - ok
15:30:56.0140 3420 dac2w2k - ok
15:30:56.0140 3420 dac960nt - ok
15:30:56.0234 3420 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:30:56.0265 3420 DcomLaunch - ok
15:30:56.0312 3420 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:30:56.0437 3420 Dhcp - ok
15:30:56.0468 3420 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:30:56.0593 3420 Disk - ok
15:30:56.0609 3420 dmadmin - ok
15:30:56.0671 3420 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:30:56.0796 3420 dmboot - ok
15:30:56.0812 3420 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:30:56.0921 3420 dmio - ok
15:30:56.0953 3420 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:30:57.0093 3420 dmload - ok
15:30:57.0125 3420 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:30:57.0234 3420 dmserver - ok
15:30:57.0265 3420 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:30:57.0375 3420 DMusic - ok
15:30:57.0406 3420 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:30:57.0453 3420 Dnscache - ok
15:30:57.0500 3420 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:30:57.0609 3420 Dot3svc - ok
15:30:57.0609 3420 dpti2o - ok
15:30:57.0640 3420 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:30:57.0765 3420 drmkaud - ok
15:30:57.0796 3420 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:30:57.0921 3420 EapHost - ok
15:30:57.0953 3420 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:30:58.0062 3420 ERSvc - ok
15:30:58.0093 3420 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:30:58.0140 3420 Eventlog - ok
15:30:58.0187 3420 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
15:30:58.0187 3420 EventSystem - ok
15:30:58.0234 3420 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:30:58.0328 3420 Fastfat - ok
15:30:58.0343 3420 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
15:30:58.0359 3420 fasttx2k - ok
15:30:58.0406 3420 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:30:58.0406 3420 FastUserSwitchingCompatibility - ok
15:30:58.0437 3420 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
15:30:58.0562 3420 Fax - ok
15:30:58.0593 3420 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:30:58.0687 3420 Fdc - ok
15:30:58.0718 3420 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:30:58.0812 3420 Fips - ok
15:30:58.0921 3420 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:30:58.0984 3420 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
15:30:58.0984 3420 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
15:30:59.0015 3420 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:30:59.0125 3420 Flpydisk - ok
15:30:59.0171 3420 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:30:59.0265 3420 FltMgr - ok
15:30:59.0359 3420 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:30:59.0359 3420 FontCache3.0.0.0 - ok
15:30:59.0390 3420 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:30:59.0531 3420 Fs_Rec - ok
15:30:59.0546 3420 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:30:59.0687 3420 Ftdisk - ok
15:30:59.0718 3420 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:30:59.0812 3420 Gpc - ok
15:30:59.0875 3420 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:30:59.0875 3420 gupdate - ok
15:30:59.0890 3420 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:30:59.0890 3420 gupdatem - ok
15:30:59.0937 3420 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:31:00.0062 3420 helpsvc - ok
15:31:00.0109 3420 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
15:31:00.0203 3420 HidServ - ok
15:31:00.0218 3420 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:31:00.0343 3420 HidUsb - ok
15:31:00.0375 3420 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:31:00.0500 3420 hkmsvc - ok
15:31:00.0500 3420 hpn - ok
15:31:00.0546 3420 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:31:00.0578 3420 HPZid412 - ok
15:31:00.0593 3420 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:31:00.0625 3420 HPZipr12 - ok
15:31:00.0671 3420 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:31:00.0687 3420 HPZius12 - ok
15:31:00.0718 3420 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:31:00.0734 3420 HTTP - ok
15:31:00.0765 3420 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:31:00.0875 3420 HTTPFilter - ok
15:31:00.0875 3420 i2omgmt - ok
15:31:00.0890 3420 i2omp - ok
15:31:00.0921 3420 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:31:01.0031 3420 i8042prt - ok
15:31:01.0093 3420 ialm (31cfdc6d8f9d396fe2f6c20150c764aa) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:31:01.0109 3420 ialm ( UnsignedFile.Multi.Generic ) - warning
15:31:01.0109 3420 ialm - detected UnsignedFile.Multi.Generic (1)
15:31:01.0265 3420 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:31:01.0296 3420 idsvc - ok
15:31:01.0375 3420 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:31:01.0500 3420 Imapi - ok
15:31:01.0546 3420 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:31:01.0640 3420 ImapiService - ok
15:31:01.0656 3420 ini910u - ok
15:31:01.0671 3420 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:31:01.0781 3420 IntelIde - ok
15:31:01.0796 3420 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:31:01.0890 3420 ip6fw - ok
15:31:01.0921 3420 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:31:02.0062 3420 IpFilterDriver - ok
15:31:02.0093 3420 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:31:02.0218 3420 IpInIp - ok
15:31:02.0234 3420 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:31:02.0359 3420 IpNat - ok
15:31:02.0375 3420 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:31:02.0484 3420 IPSec - ok
15:31:02.0500 3420 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:31:02.0609 3420 IRENUM - ok
15:31:02.0625 3420 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:31:02.0734 3420 isapnp - ok
15:31:02.0781 3420 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
15:31:02.0796 3420 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
15:31:02.0796 3420 Iviaspi - detected UnsignedFile.Multi.Generic (1)
15:31:02.0890 3420 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
15:31:02.0890 3420 JavaQuickStarterService - ok
15:31:02.0921 3420 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:31:03.0015 3420 Kbdclass - ok
15:31:03.0031 3420 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:31:03.0140 3420 kbdhid - ok
15:31:03.0171 3420 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:31:03.0265 3420 kmixer - ok
15:31:03.0296 3420 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:31:03.0312 3420 KSecDD - ok
15:31:03.0343 3420 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:31:03.0343 3420 lanmanserver - ok
15:31:03.0390 3420 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:31:03.0421 3420 lanmanworkstation - ok
15:31:03.0421 3420 lbrtfdc - ok
15:31:03.0468 3420 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:31:03.0578 3420 LmHosts - ok
15:31:03.0625 3420 LVRS (b6e1ccd6572984adcae68439afd07011) C:\WINDOWS\system32\DRIVERS\lvrs.sys
15:31:03.0656 3420 LVRS - ok
15:31:03.0859 3420 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
15:31:04.0000 3420 LVUVC - ok
15:31:04.0109 3420 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:31:04.0203 3420 Messenger - ok
15:31:04.0234 3420 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:31:04.0375 3420 mnmdd - ok
15:31:04.0421 3420 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
15:31:04.0515 3420 mnmsrvc - ok
15:31:04.0546 3420 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:31:04.0656 3420 Modem - ok
15:31:04.0687 3420 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:31:04.0796 3420 Mouclass - ok
15:31:04.0828 3420 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:31:04.0984 3420 mouhid - ok
15:31:05.0000 3420 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:31:05.0109 3420 MountMgr - ok
15:31:05.0125 3420 mraid35x - ok
15:31:05.0140 3420 mrtRate - ok
15:31:05.0156 3420 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:31:05.0250 3420 MRxDAV - ok
15:31:05.0296 3420 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:31:05.0359 3420 MRxSmb - ok
15:31:05.0390 3420 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
15:31:05.0484 3420 MSDTC - ok
15:31:05.0500 3420 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:31:05.0609 3420 Msfs - ok
15:31:05.0609 3420 MSIServer - ok
15:31:05.0640 3420 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:31:05.0750 3420 MSKSSRV - ok
15:31:05.0765 3420 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:31:05.0875 3420 MSPCLOCK - ok
15:31:05.0906 3420 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:31:06.0015 3420 MSPQM - ok
15:31:06.0046 3420 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:31:06.0140 3420 mssmbios - ok
15:31:06.0171 3420 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:31:06.0281 3420 MSTEE - ok
15:31:06.0296 3420 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:31:06.0296 3420 Mup - ok
15:31:06.0328 3420 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:31:06.0421 3420 NABTSFEC - ok
15:31:06.0468 3420 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:31:06.0578 3420 napagent - ok
15:31:06.0671 3420 navapsvc (d9f779ac35b8fedb9cbf2d6963d82f63) c:\Program Files\Norton AntiVirus\navapsvc.exe
15:31:06.0671 3420 navapsvc - ok
15:31:06.0859 3420 NAVENG (1a49019b32f3f02d6306bcc9c2624e7d) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040304.008\NAVENG.Sys
15:31:06.0875 3420 NAVENG - ok
15:31:06.0984 3420 NAVEX15 (239db4a94b2ea76fba4974e8d66c7c38) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040304.008\NavEx15.Sys
15:31:07.0015 3420 NAVEX15 - ok
15:31:07.0187 3420 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:31:07.0296 3420 NDIS - ok
15:31:07.0312 3420 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:31:07.0421 3420 NdisIP - ok
15:31:07.0453 3420 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:31:07.0562 3420 NdisTapi - ok
15:31:07.0578 3420 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:31:07.0703 3420 Ndisuio - ok
15:31:07.0718 3420 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:31:07.0828 3420 NdisWan - ok
15:31:07.0859 3420 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:31:07.0859 3420 NDProxy - ok
15:31:07.0890 3420 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:31:08.0000 3420 NetBIOS - ok
15:31:08.0031 3420 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:31:08.0140 3420 NetBT - ok
15:31:08.0218 3420 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:31:08.0312 3420 NetDDE - ok
15:31:08.0328 3420 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:31:08.0421 3420 NetDDEdsdm - ok
15:31:08.0437 3420 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
15:31:08.0531 3420 Netlogon - ok
15:31:08.0578 3420 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:31:08.0687 3420 Netman - ok
15:31:08.0781 3420 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:31:08.0781 3420 NetTcpPortSharing - ok
15:31:08.0812 3420 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:31:08.0921 3420 NIC1394 - ok
15:31:08.0968 3420 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:31:09.0015 3420 Nla - ok
15:31:09.0031 3420 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:31:09.0140 3420 Npfs - ok
15:31:09.0203 3420 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:31:09.0328 3420 Ntfs - ok
15:31:09.0343 3420 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
15:31:09.0437 3420 NtLmSsp - ok
15:31:09.0468 3420 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:31:09.0578 3420 NtmsSvc - ok
15:31:09.0625 3420 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:31:09.0750 3420 Null - ok
15:31:09.0843 3420 nv (5bb61fe2f5a33eda5df9f2ef8db5e969) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:31:09.0937 3420 nv - ok
15:31:10.0046 3420 NVENET (2afa043b0243137d0edc8cfb8305551b) C:\WINDOWS\system32\DRIVERS\NVENET.sys
15:31:10.0046 3420 NVENET ( UnsignedFile.Multi.Generic ) - warning
15:31:10.0046 3420 NVENET - detected UnsignedFile.Multi.Generic (1)
15:31:10.0062 3420 NVSvc (2ca62bc8f42e2690da1eb8ea75ad2d99) C:\WINDOWS\System32\nvsvc32.exe
15:31:10.0093 3420 NVSvc - ok
15:31:10.0140 3420 nv_agp (c0fcd544a1c4eea6d11a0ae6a07dac9d) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
15:31:10.0171 3420 nv_agp - ok
15:31:10.0218 3420 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:31:10.0359 3420 NwlnkFlt - ok
15:31:10.0390 3420 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:31:10.0500 3420 NwlnkFwd - ok
15:31:10.0515 3420 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:31:10.0625 3420 ohci1394 - ok
15:31:10.0703 3420 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:31:10.0718 3420 ose - ok
15:31:10.0750 3420 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:31:10.0843 3420 Parport - ok
15:31:10.0859 3420 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:31:10.0968 3420 PartMgr - ok
15:31:11.0000 3420 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:31:11.0125 3420 ParVdm - ok
15:31:11.0140 3420 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:31:11.0234 3420 PCI - ok
15:31:11.0234 3420 PCIDump - ok
15:31:11.0250 3420 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:31:11.0390 3420 PCIIde - ok
15:31:11.0421 3420 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:31:11.0546 3420 Pcmcia - ok
15:31:11.0546 3420 PDCOMP - ok
15:31:11.0562 3420 PDFRAME - ok
15:31:11.0562 3420 PDRELI - ok
15:31:11.0578 3420 PDRFRAME - ok
15:31:11.0578 3420 perc2 - ok
15:31:11.0593 3420 perc2hib - ok
15:31:11.0656 3420 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
15:31:11.0656 3420 Pfc ( UnsignedFile.Multi.Generic ) - warning
15:31:11.0656 3420 Pfc - detected UnsignedFile.Multi.Generic (1)
15:31:11.0687 3420 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:31:11.0718 3420 PlugPlay - ok
15:31:11.0750 3420 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
15:31:11.0750 3420 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:31:11.0750 3420 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:31:11.0796 3420 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:31:11.0890 3420 PolicyAgent - ok
15:31:11.0906 3420 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:31:12.0000 3420 PptpMiniport - ok
15:31:12.0031 3420 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:31:12.0140 3420 Processor - ok
15:31:12.0156 3420 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:31:12.0250 3420 ProtectedStorage - ok
15:31:12.0281 3420 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
15:31:12.0312 3420 Ps2 - ok
15:31:12.0328 3420 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:31:12.0453 3420 PSched - ok
15:31:12.0468 3420 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:31:12.0625 3420 Ptilink - ok
15:31:12.0656 3420 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
15:31:12.0656 3420 PxHelp20 - ok
15:31:12.0656 3420 ql1080 - ok
15:31:12.0671 3420 Ql10wnt - ok
15:31:12.0671 3420 ql12160 - ok
15:31:12.0687 3420 ql1240 - ok
15:31:12.0703 3420 ql1280 - ok
15:31:12.0703 3420 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:31:12.0828 3420 RasAcd - ok
15:31:12.0859 3420 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:31:12.0968 3420 RasAuto - ok
15:31:13.0000 3420 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:31:13.0109 3420 Rasl2tp - ok
15:31:13.0140 3420 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:31:13.0234 3420 RasMan - ok
15:31:13.0265 3420 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:31:13.0359 3420 RasPppoe - ok
15:31:13.0375 3420 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:31:13.0500 3420 Raspti - ok
15:31:13.0546 3420 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:31:13.0656 3420 Rdbss - ok
15:31:13.0687 3420 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:31:13.0828 3420 RDPCDD - ok
15:31:13.0859 3420 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
15:31:13.0968 3420 RDPWD - ok
15:31:14.0015 3420 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:31:14.0125 3420 RDSessMgr - ok
15:31:14.0156 3420 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:31:14.0250 3420 redbook - ok
15:31:14.0281 3420 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:31:14.0390 3420 RemoteAccess - ok
15:31:14.0406 3420 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
15:31:14.0500 3420 RpcLocator - ok
15:31:14.0546 3420 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:31:14.0593 3420 RpcSs - ok
15:31:14.0640 3420 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
15:31:14.0781 3420 RSVP - ok
15:31:14.0812 3420 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
15:31:14.0843 3420 rtl8139 - ok
15:31:14.0890 3420 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:31:14.0984 3420 SamSs - ok
15:31:15.0078 3420 SAVRT (0c67e81abbe009d074563d86c4457da6) c:\Program Files\Norton AntiVirus\SAVRT.SYS
15:31:15.0093 3420 SAVRT - ok
15:31:15.0109 3420 SAVRTPEL (b51ddbe72d6650658d243b78f157fcf0) c:\Program Files\Norton AntiVirus\SAVRTPEL.SYS
15:31:15.0109 3420 SAVRTPEL - ok
15:31:15.0125 3420 SAVScan (760b4d1d222b534422bb81e5ebbacb57) c:\Program Files\Norton AntiVirus\SAVScan.exe
15:31:15.0125 3420 SAVScan - ok
15:31:15.0171 3420 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:31:15.0281 3420 SCardSvr - ok
15:31:15.0312 3420 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:31:15.0421 3420 Schedule - ok
15:31:15.0484 3420 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:31:15.0593 3420 Secdrv - ok
15:31:15.0640 3420 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:31:15.0734 3420 seclogon - ok
15:31:15.0750 3420 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:31:15.0875 3420 SENS - ok
15:31:15.0906 3420 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:31:16.0015 3420 Serenum - ok
15:31:16.0046 3420 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:31:16.0156 3420 Serial - ok
15:31:16.0171 3420 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:31:16.0265 3420 Sfloppy - ok
15:31:16.0312 3420 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:31:16.0453 3420 SharedAccess - ok
15:31:16.0500 3420 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:31:16.0515 3420 ShellHWDetection - ok
15:31:16.0515 3420 Simbad - ok
15:31:16.0562 3420 SiS315 (94f6eea8a688a37f71bf9c9aeaa42666) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
15:31:16.0640 3420 SiS315 - ok
15:31:16.0656 3420 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
15:31:16.0687 3420 SISAGP - ok
15:31:16.0703 3420 SiSkp (837d26f79a1647066d75c5c811887475) C:\WINDOWS\system32\DRIVERS\srvkp.sys
15:31:16.0718 3420 SiSkp - ok
15:31:16.0734 3420 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:31:16.0828 3420 SLIP - ok
15:31:16.0843 3420 Sparrow - ok
15:31:16.0859 3420 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:31:16.0968 3420 splitter - ok
15:31:17.0015 3420 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:31:17.0015 3420 Spooler - ok
15:31:17.0046 3420 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:31:17.0156 3420 sr - ok
15:31:17.0203 3420 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:31:17.0312 3420 srservice - ok
15:31:17.0359 3420 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:31:17.0375 3420 Srv - ok
15:31:17.0406 3420 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:31:17.0515 3420 SSDPSRV - ok
15:31:17.0546 3420 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:31:17.0671 3420 stisvc - ok
15:31:17.0703 3420 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:31:17.0812 3420 streamip - ok
15:31:17.0843 3420 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:31:17.0953 3420 swenum - ok
15:31:17.0984 3420 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:31:18.0093 3420 swmidi - ok
15:31:18.0093 3420 SwPrv - ok
15:31:18.0109 3420 symc810 - ok
15:31:18.0109 3420 symc8xx - ok
15:31:18.0156 3420 SymEvent (05d9613efe7809e384c10da26958dfa4) C:\Program Files\Symantec\SYMEVENT.SYS
15:31:18.0156 3420 SymEvent - ok
15:31:18.0218 3420 SYMREDRV (5bafb61e41806328502224efdc01a0b3) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
15:31:18.0218 3420 SYMREDRV - ok
15:31:18.0250 3420 SYMTDI (9b944dd054edb7927eca3a2370472d05) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
15:31:18.0265 3420 SYMTDI ( UnsignedFile.Multi.Generic ) - warning
15:31:18.0265 3420 SYMTDI - detected UnsignedFile.Multi.Generic (1)
15:31:18.0265 3420 sym_hi - ok
15:31:18.0281 3420 sym_u3 - ok
15:31:18.0296 3420 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:31:18.0406 3420 sysaudio - ok
15:31:18.0453 3420 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:31:18.0562 3420 SysmonLog - ok
15:31:18.0593 3420 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:31:18.0687 3420 TapiSrv - ok
15:31:18.0734 3420 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:31:18.0765 3420 Tcpip - ok
15:31:18.0796 3420 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:31:18.0906 3420 TDPIPE - ok
15:31:18.0937 3420 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:31:19.0046 3420 TDTCP - ok
15:31:19.0078 3420 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:31:19.0187 3420 TermDD - ok
15:31:19.0218 3420 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:31:19.0343 3420 TermService - ok
15:31:19.0390 3420 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:31:19.0390 3420 Themes - ok
15:31:19.0406 3420 TosIde - ok
15:31:19.0421 3420 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:31:19.0515 3420 TrkWks - ok
15:31:19.0546 3420 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:31:19.0640 3420 Udfs - ok
15:31:19.0656 3420 ultra - ok
15:31:19.0765 3420 UMVPFSrv (8b802b483cbde06f62dbc04dc7afaf8e) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
15:31:19.0796 3420 UMVPFSrv - ok
15:31:19.0875 3420 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:31:20.0015 3420 Update - ok
15:31:20.0046 3420 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:31:20.0171 3420 upnphost - ok
15:31:20.0203 3420 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:31:20.0312 3420 UPS - ok
15:31:20.0359 3420 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:31:20.0468 3420 usbaudio - ok
15:31:20.0500 3420 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:31:20.0609 3420 usbccgp - ok
15:31:20.0625 3420 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:31:20.0734 3420 usbehci - ok
15:31:20.0765 3420 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:31:20.0859 3420 usbhub - ok
15:31:20.0875 3420 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:31:20.0984 3420 usbohci - ok
15:31:21.0015 3420 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:31:21.0125 3420 usbprint - ok
15:31:21.0171 3420 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:31:21.0296 3420 usbscan - ok
15:31:21.0312 3420 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:31:21.0437 3420 USBSTOR - ok
15:31:21.0453 3420 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:31:21.0578 3420 usbuhci - ok
15:31:21.0609 3420 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:31:21.0718 3420 VgaSave - ok
15:31:21.0765 3420 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
15:31:21.0765 3420 viaagp1 - ok
15:31:21.0796 3420 viagfx (0cc705db634a3bc355887e3d478dd386) C:\WINDOWS\system32\DRIVERS\vtmini.sys
15:31:21.0828 3420 viagfx - ok
15:31:21.0828 3420 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:31:21.0937 3420 ViaIde - ok
15:31:21.0953 3420 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:31:22.0046 3420 VolSnap - ok
15:31:22.0093 3420 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:31:22.0218 3420 VSS - ok
15:31:22.0250 3420 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:31:22.0343 3420 W32Time - ok
15:31:22.0359 3420 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:31:22.0453 3420 Wanarp - ok
15:31:22.0500 3420 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
15:31:22.0515 3420 Wdf01000 - ok
15:31:22.0531 3420 WDICA - ok
15:31:22.0562 3420 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:31:22.0656 3420 wdmaud - ok
15:31:22.0671 3420 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:31:22.0781 3420 WebClient - ok
15:31:22.0859 3420 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:31:22.0953 3420 winmgmt - ok
15:31:23.0015 3420 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
15:31:23.0031 3420 WinUSB - ok
15:31:23.0062 3420 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:31:23.0062 3420 WmdmPmSN - ok
15:31:23.0109 3420 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
15:31:23.0234 3420 WmiApSrv - ok
15:31:23.0312 3420 WMZuneComm (a3ba4712ebf768edfbccec09fa120b6f) C:\Program Files\Zune\WMZuneComm.exe
15:31:23.0328 3420 WMZuneComm - ok
15:31:23.0359 3420 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:31:23.0484 3420 WS2IFSL - ok
15:31:23.0515 3420 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:31:23.0625 3420 wscsvc - ok
15:31:23.0656 3420 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:31:23.0765 3420 WSTCODEC - ok
15:31:23.0781 3420 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:31:23.0906 3420 wuauserv - ok
15:31:23.0953 3420 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:31:23.0968 3420 WudfPf - ok
15:31:24.0000 3420 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:31:24.0015 3420 WudfRd - ok
15:31:24.0031 3420 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
15:31:24.0046 3420 WudfSvc - ok
15:31:24.0109 3420 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:31:24.0250 3420 WZCSVC - ok
15:31:24.0281 3420 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:31:24.0375 3420 xmlprov - ok
15:31:24.0406 3420 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
15:31:24.0421 3420 zumbus - ok
15:31:24.0500 3420 ZuneBusEnum (dee869820c3483ec7b92a9fd9ba332a7) C:\Program Files\Zune\ZuneBusEnum.exe
15:31:24.0515 3420 ZuneBusEnum - ok
15:31:24.0765 3420 ZuneNetworkSvc (5bdcacd5b2b0fb972bc570e70f616acf) C:\Program Files\Zune\ZuneNss.exe
15:31:24.0984 3420 ZuneNetworkSvc - ok
15:31:25.0093 3420 ZuneWlanCfgSvc (e22e48654a66aa3e24f4646c6bc1756c) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
15:31:25.0109 3420 ZuneWlanCfgSvc - ok
15:31:25.0156 3420 MBR (0x1B8) (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk0\DR0
15:31:25.0234 3420 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:31:25.0234 3420 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:31:25.0234 3420 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk5\DR7
15:31:25.0296 3420 \Device\Harddisk5\DR7 - ok
15:31:25.0312 3420 Boot (0x1200) (c94ccb065556bfc73924a161b69f7b02) \Device\Harddisk0\DR0\Partition0
15:31:25.0312 3420 \Device\Harddisk0\DR0\Partition0 - ok
15:31:25.0328 3420 Boot (0x1200) (fd6249f997e079209b58e1dda6bf15bc) \Device\Harddisk0\DR0\Partition1
15:31:25.0328 3420 \Device\Harddisk0\DR0\Partition1 - ok
15:31:25.0328 3420 Boot (0x1200) (7c65f131c2e19eed884eee5b434845c4) \Device\Harddisk5\DR7\Partition0
15:31:25.0328 3420 \Device\Harddisk5\DR7\Partition0 - ok
15:31:25.0328 3420 ============================================================
15:31:25.0328 3420 Scan finished
15:31:25.0328 3420 ============================================================
15:31:25.0453 3112 Detected object count: 9
15:31:25.0453 3112 Actual detected object count: 9
15:36:03.0953 3112 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:36:03.0953 3112 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:36:03.0953 3112 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:36:03.0953 3112 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:36:03.0953 3112 ialm ( UnsignedFile.Multi.Generic ) - skipped by user
15:36:03.0953 3112 ialm ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:36:03.0953 3112 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
15:36:03.0953 3112 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:36:03.0953 3112 NVENET ( UnsignedFile.Multi.Generic ) - skipped by user
15:36:03.0953 3112 NVENET ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:36:03.0953 3112 Pfc ( UnsignedFile.Multi.Generic ) - skipped by user
15:36:03.0968 3112 Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:36:03.0968 3112 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:36:03.0968 3112 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:36:03.0968 3112 SYMTDI ( UnsignedFile.Multi.Generic ) - skipped by user
15:36:03.0968 3112 SYMTDI ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:36:03.0968 3112 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:36:03.0968 3112 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

OTL Log
All processes killed
========== OTL ==========
C:\WINDOWS\tasks\LDIBEFVMIV.job moved successfully.
C:\WINDOWS\system32\nvwrsptj.dll moved successfully.
File rity] not found.
File sethosts] not found.
File ptytemp] not found.
File EATERESTOREPOINT] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.56.0 log created on 08052012_132401

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#6
Essexboy

Posted 05 August 2012 - 02:42 PM

GeekU Moderator

Retired Staff
69,964 posts

Re-run TDSSKiller and when the following item appears select delete:

\Device\Harddisk0\DR0 ( TDSS File System )

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#7
bkasten

Posted 05 August 2012 - 05:05 PM

Member

Topic Starter
Member
32 posts

Wow, that took a Loooooong time! About 2 hours!!

No automatic reboot or prompt to reboot. The log popped up.

Computer's running good. No more search engine redirects.

I've no way of telling if the automatic reboot issue is solved. I suppose time will tell.

ComboFix 12-08-05.02 - Owner 08/05/2012 16:50:12.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.269 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\g2mdlhlpx.exe
c:\documents and settings\Owner\WINDOWS
c:\windows\help\wmplayer.bak
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\ps2.bat
c:\windows\system32\SET2A9.tmp
c:\windows\system32\SET2AD.tmp
c:\windows\system32\SET2B5.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 20:59 . 2012-08-05 20:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-05 18:24 . 2012-08-05 18:24 -------- d-----w- C:\_OTL
2012-07-30 20:17 . 2012-07-30 20:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Search Settings
2012-07-30 20:17 . 2012-07-30 20:17 -------- d-----w- c:\program files\Application Updater
2012-07-30 20:17 . 2012-07-30 20:17 -------- d-----w- c:\program files\YTD Toolbar
2012-07-30 20:17 . 2012-07-30 20:17 -------- d-----w- c:\program files\Common Files\Spigot
2012-07-12 03:02 . 2012-07-12 03:02 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX
2012-07-12 03:02 . 2012-07-12 03:02 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2
2012-07-12 03:02 . 2012-07-12 03:02 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP
2012-07-12 03:01 . 2012-07-12 03:01 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter
2012-07-12 02:58 . 2012-07-12 02:58 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJFAX
2012-07-12 02:58 . 2012-07-12 02:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Canon Easy-WebPrint EX
2012-07-12 02:53 . 2012-07-12 02:53 -------- d-----w- c:\program files\Common Files\CANON
2012-07-12 02:53 . 2012-07-12 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt
2012-07-12 02:49 . 2012-07-12 03:05 -------- d-----w- c:\program files\Canon
2012-07-12 02:40 . 2010-09-16 10:00 257024 ----a-w- c:\windows\system32\CNCALAK.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 23:11 . 2004-05-12 12:08 3885 ----a-w- c:\windows\viassary-hp.reg
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 32768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-05-12 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-06-14 233472]
"NAV CfgWiz"="c:\program files\Common Files\Symantec Shared\CfgWiz.exe" [2003-08-16 124096]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-02-24 3026944]
"nwiz"="nwiz.exe" [2004-02-24 753664]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-07-27 1095560]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2003-08-15 07:59 70816 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 15:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\tixati\\tixati.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MusicBrainz Picard\\picard.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
.
S2 mrtRate;mrtRate; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 22934650
*NewlyCreated* - 27870622
*NewlyCreated* - 40120320
*Deregistered* - 22934650
*Deregistered* - 27870622
*Deregistered* - 40120320
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-15 00:24]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-15 00:24]
.
2004-05-13 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-05-13 07:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = localhost;*.local
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-VTTimer - VTTimer.exe
ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - c:\program files\Qualcomm\Eudora\EuShlExt.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-05 17:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-08-05 17:53:45
ComboFix-quarantined-files.txt 2012-08-05 22:52
.
Pre-Run: 12,822,970,368 bytes free
Post-Run: 17,113,071,616 bytes free
.
- - End Of File - - EBA546BCE27BD007D81296819EA74848

#8
Essexboy

Posted 06 August 2012 - 07:04 AM

GeekU Moderator

Retired Staff
69,964 posts

The reboots would have been caused by the MBR infection, so they should now be history

Lets now run a sweep for orphans, once done let me know what problems remain

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

#9
bkasten

Posted 08 August 2012 - 02:05 PM

Member

Topic Starter
Member
32 posts

Some challenges ...

Every time I run MBAB it stalls at 4 minutes and 17 seconds. I'm unable to force it to close, even by ending the process. I have to forcefully shut down Sasha. I'm hoping she doesn't report this as a domestic abuse crime.

One time she shut down automatically and, upon restarting, gave me the 'system as recovered from a serious error' prompt.

Thoughts?

#10
Essexboy

Posted 08 August 2012 - 02:13 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you try MBAM from safe mode please

#11
bkasten

Posted 09 August 2012 - 01:40 PM

Member

Topic Starter
Member
32 posts

That worked.

MBAM Log
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.08.08

Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 8.0.6001.18702
Owner :: ROHAN [administrator]

8/9/2012 11:33:22 AM
mbam-log-2012-08-09 (11-33-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189799
Time elapsed: 7 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12
Essexboy

Posted 09 August 2012 - 01:42 PM

GeekU Moderator

Retired Staff
69,964 posts

How is the computer behaving now any problems ?

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

#13
Essexboy

Posted 13 August 2012 - 07:46 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#14
Essexboy

Posted 16 August 2012 - 04:02 PM

GeekU Moderator

Retired Staff
69,964 posts

User returned

#15
bkasten

Posted 16 August 2012 - 11:29 PM

Member

Topic Starter
Member
32 posts

Farbar Service Scanner Version: 06-08-2012
Ran by Owner (administrator) on 17-08-2012 at 00:27:31
Running from "C:\Documents and Settings\Owner\Desktop\downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****