Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Blue Screen/Shut Down


  • Please log in to reply

#1
mwright1000

mwright1000

    Member

  • Member
  • PipPip
  • 82 posts
My laptop shut it's self down and the Blue Screen that says your computer has shut down to save it from damage or something like that came up.
Can someone please give me a hand fixing this? Thank you!
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
It's not clear from your post if the PC will boot to windows or not. If not, can you boot into Safe Mode (with or without Networking) or perhaps into Last Known Good?


(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking, Safe Mode, or Last Known Good. Login with your usual login or it's XP you can also try the hidden Administrator login. (no password required.)) If you get on can you download OTL and run a scan:

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#3
mwright1000

mwright1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
OTL logfile created on: 8/27/2012 6:56:30 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Marty\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 75.46% Memory free
5.09 Gb Paging File | 4.44 Gb Available in Paging File | 87.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 200.01 Gb Total Space | 54.46 Gb Free Space | 27.23% Space Free | Partition Type: NTFS

Computer Name: MARTYSLAPTOP | User Name: Marty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/27 18:54:23 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marty\Desktop\OTL.exe
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/21 05:12:23 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/08/17 21:33:15 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\Marty\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2012/08/06 18:20:04 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/08/06 17:40:32 | 006,156,696 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2012/07/17 15:18:00 | 000,562,688 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
PRC - [2012/07/11 10:50:32 | 001,810,016 | ---- | M] (We-Care.com) -- C:\Documents and Settings\All Users\Application Data\WeCareReminder\ReminderHelper.exe
PRC - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/07/04 12:40:58 | 003,921,432 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/07/04 12:40:20 | 001,395,736 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/07/04 12:40:18 | 001,188,896 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/05/10 15:10:14 | 000,211,256 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe
PRC - [2012/03/22 08:38:06 | 000,606,608 | ---- | M] (WinZip Computing, S.L. (WinZip Computing)) -- C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
PRC - [2011/09/23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011/02/03 02:46:26 | 000,284,016 | ---- | M] (Driver-Soft Inc.) -- C:\Program Files\Driver-Soft\DriverPerformer\TaskTray.exe
PRC - [2010/05/19 12:02:28 | 001,843,200 | ---- | M] () -- C:\Program Files\HeavyWeatherWV5\Backend.exe
PRC - [2009/06/18 16:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/05/01 10:34:00 | 000,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/27 04:23:01 | 001,803,264 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12082700\algo.dll
MOD - [2012/08/17 21:33:15 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\Marty\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
MOD - [2012/07/17 15:18:00 | 000,562,688 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
MOD - [2012/07/04 12:39:50 | 000,051,200 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/07/04 12:39:48 | 000,517,632 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/07/04 12:39:48 | 000,410,112 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/03/11 14:55:40 | 000,088,656 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/20 12:39:12 | 000,565,827 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2007/10/09 20:17:36 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2006/05/01 10:38:06 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006/05/01 10:38:06 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/05/01 10:38:06 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/08/21 05:12:23 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/08/17 21:33:15 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\Marty\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/08/14 21:04:22 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/17 15:18:00 | 000,562,688 | ---- | M] () [Auto | Running] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/22 08:38:06 | 000,606,608 | ---- | M] (WinZip Computing, S.L. (WinZip Computing)) [Auto | Running] -- C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe -- (WINZIPSSDiskOptimizer)
SRV - [2011/09/23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/11/12 15:24:12 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_B91CB6D3)
SRV - [2010/05/19 12:02:28 | 001,843,200 | ---- | M] () [Auto | Running] -- C:\Program Files\HeavyWeatherWV5\Backend.exe -- (WV5Communication)
SRV - [2010/04/16 10:03:12 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/06/18 16:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/14 06:42:04 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 06:41:56 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/05/01 10:34:00 | 000,262,217 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SDDMI2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NgWfp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NgVpn)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NgLog)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NgFilter)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,202,928 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/08/21 05:13:14 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/08/21 05:13:13 | 000,113,776 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/08/08 20:33:06 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uzu4odm1.sys -- (uzu4odm1)
DRV - [2012/08/06 17:47:37 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/06 18:44:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2011/12/01 11:40:16 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NBVol.sys -- (NBVol)
DRV - [2011/12/01 11:40:16 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2011/02/16 18:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/01/07 13:08:13 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/10/20 18:23:22 | 000,154,368 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\CLBUDFR.sys -- (CLBUDFR)
DRV - [2008/10/20 18:23:22 | 000,010,368 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2007/12/04 18:10:30 | 000,016,640 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/10/09 20:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/31 14:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/03/31 14:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/03/23 11:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/03/23 11:50:36 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/03/23 11:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/23 11:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/03/23 11:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/11/21 05:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/07/05 08:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01a.sys -- (sfdrv01a)
DRV - [2006/06/14 10:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2006/05/01 10:52:02 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/04/27 08:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/07/22 12:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 12:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 12:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=26-11-2011
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6785D267-BFCC-4651-893F-7E12CDCECA5F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...s}&locale=en_US
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=26-11-2011
IE - HKCU\..\SearchScopes\{6785D267-BFCC-4651-893F-7E12CDCECA5F}: "URL" = http://search.yahoo....833,19213,0,8,0
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-05-26 22:25:40&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKCU\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.c...on=1.1.1000.4(B)
IE - HKCU\..\SearchScopes\{BB211D29-0016-42AF-901A-746056451211}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....&fr=chr-offrhap
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin: C:\Program Files\Skyhook Wireless\Loki Browser Plugin\versions\3.4.2.20\nploki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Marty\Local Settings\Application Data\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/06 18:21:17 | 000,000,000 | ---D | M]

[2010/01/08 12:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marty\Application Data\Mozilla\Extensions
[2010/01/08 12:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marty\Application Data\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - homepage: http://isearch.avg.c...sa&d=2012-05-26 22:25:40&v=11.1.0.7&sap=hp
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.c...sa&d=2012-05-26 22:25:40&v=11.1.0.7&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.goog...outputEncoding}
CHR - homepage: http://us.yhs4.searc...833,19226,0,8,0
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Marty\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Marty\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Marty\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Marty\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\Marty\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/22 00:31:02 | 000,884,516 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15221 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files\Vid-Saver\Vid-Saver.dll (215 Apps)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Marty\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [TaskTray] C:\Program Files\Driver-Soft\DriverPerformer\TaskTray.exe (Driver-Soft Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn...reqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1262838412234 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1344287442687 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEC91795-4E81-4FBD-B1E8-3A51E0162CE8}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDA73690-36FC-4A78-B01A-64889AC20C95}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/06 21:50:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:946ac8ee9b)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Quick View.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Marty^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: BDRegion - hkey= - key= - C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink)
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: H/PC Connection Agent - hkey= - key= - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: NBAgent - hkey= - key= - C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: Power2GoExpress - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl10 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: SprtListen - Service
SafeBootNet: SprtListenPush - Service
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SupportSoft RemoteAssist - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Office Communicator 2007
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/27 18:54:21 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marty\Desktop\OTL.exe
[2012/08/20 13:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2012/08/18 21:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marty\Application Data\FreeFileViewer
[2012/08/17 21:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marty\Local Settings\Application Data\FileTypeAssistant
[2012/08/17 21:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
[2012/08/17 21:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FreeFileViewer
[2012/08/17 21:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileViewer
[2012/08/17 21:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2012/08/17 21:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\DefaultTab
[2012/08/17 21:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marty\Application Data\DefaultTab
[2012/08/17 21:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\Surf Canyon
[2012/08/17 21:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2012/08/12 01:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marty\Application Data\ElevatedDiagnostics
[2012/08/07 04:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marty\Application Data\PCFix
[2012/08/07 00:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marty\Local Settings\Application Data\Sun
[2012/08/06 18:53:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/08/06 18:52:59 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2012/08/06 18:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012/08/06 18:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2012/08/06 18:29:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2012/08/06 18:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/08/06 18:20:53 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/08/06 18:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012/08/06 18:20:11 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/08/06 18:20:11 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/08/06 18:20:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2012/08/06 18:20:07 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/08/06 18:06:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/08/06 17:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2012/08/06 17:47:37 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012/08/06 17:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012/08/06 17:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marty\Local Settings\Application Data\Vid-Saver
[2012/08/06 17:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\Vid-Saver
[2012/08/06 17:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012/08/06 17:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/06 17:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/08/06 17:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marty\Application Data\Oracle
[2012/08/06 17:33:13 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/08/06 17:33:13 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/08/06 17:32:57 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/08/06 17:32:57 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/08/06 17:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/08/05 19:55:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/08/05 19:51:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/08/05 19:27:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/05 14:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marty\Desktop\avast! Security Center_files
[2012/08/02 13:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marty\Application Data\Malwarebytes
[2012/08/02 13:51:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/02 13:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/02 13:51:27 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/02 13:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/02 13:50:51 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marty\Desktop\mbam-setup-1.62.0.1300.exe
[2011/10/21 18:32:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Marty\Application Data\pcouffin.sys
[1 C:\Documents and Settings\Marty\*.tmp files -> C:\Documents and Settings\Marty\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/27 19:05:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E3EF2B52-C932-40AA-8281-83873EAA673C}.job
[2012/08/27 19:04:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/27 18:57:00 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/08/27 18:54:23 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marty\Desktop\OTL.exe
[2012/08/27 18:52:12 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2012/08/27 18:51:41 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2012/08/27 18:49:22 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\Marty\Desktop\SafeZone Browser.lnk
[2012/08/27 18:49:22 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/08/27 18:49:07 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-343818398-725345543-1003.job
[2012/08/27 18:48:59 | 000,202,011 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/08/27 18:48:57 | 000,060,275 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/08/27 18:48:40 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/27 18:48:33 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-343818398-725345543-1003.job
[2012/08/27 18:48:29 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/27 18:48:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/27 18:48:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/27 18:46:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/27 05:30:50 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/08/27 04:30:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\PCFix.job
[2012/08/22 05:13:35 | 000,000,536 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/08/22 00:33:15 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/08/22 00:31:03 | 000,000,618 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/08/22 00:31:02 | 000,884,516 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/08/21 05:13:14 | 000,202,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/08/21 05:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/08/21 05:13:14 | 000,018,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/08/21 05:13:13 | 000,113,776 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/08/21 05:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/08/21 05:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/08/20 13:31:43 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\Marty\Application Data\mcs.rma
[2012/08/20 13:31:43 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Marty\Application Data\A04D32
[2012/08/20 13:00:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/19 05:09:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/17 21:35:04 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Marty\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2012/08/17 21:35:04 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Marty\Desktop\FreeFileViewer.lnk
[2012/08/17 21:33:11 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\Marty\Desktop\ARO 2012.lnk
[2012/08/15 20:32:46 | 000,506,198 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/15 20:32:46 | 000,088,056 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/15 20:27:52 | 000,278,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/15 05:13:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/14 21:04:21 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/14 21:04:21 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/11 18:14:22 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120822-003101.backup
[2012/08/09 05:23:48 | 000,027,082 | ---- | M] () -- C:\Documents and Settings\Marty\Desktop\avptool_sysinfo.zip
[2012/08/08 20:33:06 | 000,011,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\uzu4odm1.sys
[2012/08/07 15:47:30 | 141,732,152 | ---- | M] () -- C:\Documents and Settings\Marty\Desktop\setup_11.0.0.1245.x01_2012_08_07_21_11.exe
[2012/08/06 20:30:22 | 000,001,920 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero BurnLite 10.lnk
[2012/08/06 18:53:08 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012/08/06 18:29:56 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Marty\Application Data\winscp.rnd
[2012/08/06 18:29:39 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\Marty\Desktop\WinSCP.lnk
[2012/08/06 18:20:53 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/08/06 18:20:11 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/08/06 18:20:11 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/08/06 18:20:07 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/08/06 18:01:50 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/08/06 17:51:26 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Marty\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/08/06 17:51:26 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2012/08/06 17:47:37 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012/08/06 17:40:32 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Marty\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/08/06 17:40:32 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2012/08/06 17:35:28 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Marty\Desktop\Update Checker.lnk
[2012/08/06 17:34:52 | 000,264,271 | ---- | M] () -- C:\Documents and Settings\Marty\My Documents\FileHippoSetup.exe
[2012/08/06 17:32:43 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/08/06 17:32:43 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/08/05 19:55:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/08/05 14:24:28 | 000,033,690 | ---- | M] () -- C:\Documents and Settings\Marty\Desktop\avast! Security Center.htm
[2012/08/04 23:20:18 | 000,060,275 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012/08/02 13:51:30 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Marty\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/02 13:51:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/02 11:11:32 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marty\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/02 01:08:41 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[1 C:\Documents and Settings\Marty\*.tmp files -> C:\Documents and Settings\Marty\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/20 13:31:43 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\A04D32
[2012/08/17 21:36:06 | 000,000,394 | ---- | C] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2012/08/17 21:35:34 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2012/08/17 21:35:04 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2012/08/17 21:35:04 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Marty\Desktop\FreeFileViewer.lnk
[2012/08/17 21:33:10 | 000,001,633 | ---- | C] () -- C:\Documents and Settings\Marty\Desktop\ARO 2012.lnk
[2012/08/08 20:33:06 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uzu4odm1.sys
[2012/08/07 20:58:03 | 000,027,082 | ---- | C] () -- C:\Documents and Settings\Marty\Desktop\avptool_sysinfo.zip
[2012/08/07 15:47:26 | 141,732,152 | ---- | C] () -- C:\Documents and Settings\Marty\Desktop\setup_11.0.0.1245.x01_2012_08_07_21_11.exe
[2012/08/06 20:30:22 | 000,001,920 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero BurnLite 10.lnk
[2012/08/06 18:53:18 | 000,000,618 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/08/06 18:53:18 | 000,000,448 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/08/06 18:53:17 | 000,000,620 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/08/06 18:53:08 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/08/06 18:53:08 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012/08/06 17:35:28 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Marty\Desktop\Update Checker.lnk
[2012/08/06 17:34:51 | 000,264,271 | ---- | C] () -- C:\Documents and Settings\Marty\My Documents\FileHippoSetup.exe
[2012/08/05 19:55:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/08/05 19:55:26 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/08/05 14:24:27 | 000,033,690 | ---- | C] () -- C:\Documents and Settings\Marty\Desktop\avast! Security Center.htm
[2012/08/05 12:11:40 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\Marty\Desktop\SafeZone Browser.lnk
[2012/08/03 16:13:01 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\PCFix.job
[2012/08/02 13:51:30 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/02 13:51:30 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/14 15:58:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/18 05:56:22 | 000,016,882 | -HS- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\0k70uw8h77s060
[2011/12/18 05:56:22 | 000,016,882 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0k70uw8h77s060
[2011/12/12 00:01:39 | 000,014,866 | -HS- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\2y30ou3s74e850
[2011/12/12 00:01:39 | 000,014,866 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2y30ou3s74e850
[2011/12/03 19:42:04 | 000,000,536 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/11/16 20:24:50 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/11/16 20:24:48 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/11/16 20:24:48 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/11/16 19:43:16 | 000,002,217 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2011/11/16 19:24:54 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/10/28 06:03:12 | 000,550,584 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1202660629-343818398-725345543-1003-0.dat
[2011/10/28 06:03:12 | 000,277,102 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/10/21 18:32:30 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\pcouffin.cat
[2011/10/21 18:32:30 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\pcouffin.inf
[2011/05/16 14:31:44 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2011/04/01 20:54:16 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/02/19 11:10:15 | 000,000,612 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/02/19 11:06:31 | 000,068,577 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2011/02/19 11:06:31 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2011/02/13 14:05:50 | 000,000,294 | ---- | C] () -- C:\Documents and Settings\Marty\WinSCP Key1
[2011/02/12 20:07:13 | 000,294,977 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM21.dll
[2011/02/12 20:07:13 | 000,065,604 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2011/02/12 19:05:44 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\winscp.rnd
[2011/01/29 21:15:46 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\$_hpcst$.hpc
[2010/12/31 17:40:43 | 000,001,042 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\currdat.lst
[2010/12/30 13:24:28 | 010,485,760 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\WV5DataStore
[2010/11/20 17:24:19 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\mcs.rma
[2010/05/24 23:00:52 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\fusioncache.dat
[2010/02/18 20:34:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marty\CUSTOM.DICCUSTOM.DIC
[2010/01/27 19:24:19 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Marty\Application Data\default.rss
[2010/01/07 22:28:57 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST9250410AS
Partitions: 4
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 200.00GB
Starting Offset: 49351680
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 33.00GB
Starting Offset: 214803187200
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/08/06 18:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Adobe
[2010/01/22 07:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\AdobeUM
[2011/11/20 22:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Apple Computer
[2010/01/10 15:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Arcsoft
[2011/04/02 16:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Aventail
[2012/08/27 19:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\BitTorrent
[2010/11/06 12:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\com.w3i.musicoasis
[2011/10/21 18:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\CyberLink
[2011/11/26 18:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\DAEMON Tools Lite
[2012/08/17 21:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\DefaultTab
[2011/11/18 21:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Dell
[2010/01/17 00:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Download Manager
[2012/05/17 07:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Dropbox
[2012/08/10 05:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\DVD Flick
[2012/08/12 01:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\ElevatedDiagnostics
[2012/05/26 22:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\FixCleaner
[2012/08/18 21:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\FreeFileViewer
[2010/11/06 11:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\FrostWire
[2010/01/16 23:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\GARMIN
[2011/03/16 21:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Google
[2010/03/10 23:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\GTek
[2011/02/13 14:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Help
[2010/01/07 18:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\HotSync
[2011/08/20 09:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\HpUpdate
[2010/01/06 21:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Identities
[2011/11/25 20:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\ImgBurn
[2011/10/31 21:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\ImTOO
[2010/01/07 18:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\InstallShield
[2010/01/07 00:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Intel
[2011/11/16 19:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\iolo
[2010/01/07 18:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Leadertech
[2010/01/07 11:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Macromedia
[2012/08/02 13:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Malwarebytes
[2011/10/29 16:10:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Marty\Application Data\Microsoft
[2010/01/08 12:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Mozilla
[2011/10/26 18:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Nero
[2011/10/26 19:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\NeroDigital
[2010/01/24 11:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Office Genuine Advantage
[2011/11/26 18:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\OpenCandy
[2012/08/06 17:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Oracle
[2011/11/18 21:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\PCDr
[2012/08/07 15:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\PCFix
[2012/08/06 18:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Real
[2010/01/08 12:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Sun
[2011/10/21 18:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Vso
[2011/11/26 20:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\WinBatch
[2011/02/01 22:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Windows Desktop Search
[2011/02/01 23:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Windows Search
[2012/05/03 20:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\WinZip
[2010/11/06 12:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marty\Application Data\Yahoo!

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Marty\My Documents\DriverPerformer\Backup\Driver Backup 12-28-2011-22188\Intel® 82801GBM GHM (ICH7-M Family) Serial ATA Storage Controller - 27C4\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Marty\My Documents\DriverPerformer\Backup\Driver Backup 12-28-2011-22188\Primary IDE Channel\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Marty\My Documents\DriverPerformer\Backup\Driver Backup 12-28-2011-22188\Secondary IDE Channel\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/04/14 06:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008/04/14 06:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2012/07/04 12:40:46 | 003,702,808 | ---- | M] (Safer-Networking Ltd.) MD5=9A79C35AD6643E13ABD64562992671BB -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\erdnt\cache\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 06:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/14 06:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2008/04/14 06:42:04 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\ServicePackFiles\i386\nwprovau.dll
[2008/04/14 06:42:04 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\dllcache\nwprovau.dll
[2008/04/14 06:42:04 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2008/04/14 06:42:04 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\ServicePackFiles\i386\pnrpnsp.dll
[2008/04/14 06:42:04 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 06:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 06:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\erdnt\cache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USER32.DLL >
[2008/04/14 06:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\erdnt\cache\user32.dll
[2008/04/14 06:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/14 06:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINRNR.DLL >
[2008/04/14 06:42:10 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\ServicePackFiles\i386\winrnr.dll
[2008/04/14 06:42:10 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/07/02 08:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/07/02 08:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/07/02 08:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/07/02 08:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/07/02 08:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/07/02 08:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< >

< End of report >
  • 0

#4
mwright1000

mwright1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
OTL Extras logfile created on: 8/27/2012 6:56:30 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Marty\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 75.46% Memory free
5.09 Gb Paging File | 4.44 Gb Available in Paging File | 87.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 200.01 Gb Total Space | 54.46 Gb Free Space | 27.23% Space Free | Partition Type: NTFS

Computer Name: MARTYSLAPTOP | User Name: Marty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 -- (Microsoft Corporation)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
"C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe" = C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe:*:Enabled:CyberLink PowerDVD 10.0 -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\Marty\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Marty\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player
"C:\Program Files\Palm\Hotsync.exe" = C:\Program Files\Palm\Hotsync.exe:*:Enabled:HotSync® Manager Application -- (PalmSource, Inc)
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe" = C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe:*:Enabled:CyberLink PowerDVD 10.0 -- (CyberLink Corp.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe" = C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe:*:Enabled:FreeFileViewerUpdateChecker -- (Bitberry Software)
"C:\Program Files\File Type Assistant\tsassist.exe" = C:\Program Files\File Type Assistant\tsassist.exe:*:Enabled:ProgramUpdateCheck -- (Trusted Software ApS)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{22D90DD2-8654-4E8A-B2F1-B6B86A2BF390}" = CyberLink UDF Reader 5.0
"{23024465-0C00-4B7B-AA72-9DF136E53B89}" = Statware Basketball v6.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3754D55C-585E-4BC5-A182-4B70FABBFDB7}" = LightScribe Diagnostic Utility
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3ad630fd-4277-4354-b1d2-453df251d948}" = Nero 9 Essentials
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C74828C-0D2A-416A-959B-C19CC441F167}" = CLICK Programming Software Version 1.20
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5D6EC6F7-9B38-4a02-B063-97C2048B56A2}" = 7200_Help
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision Help
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{725F0ABA-808A-4256-885C-1E60245521D0}" = LightScribe Template Designs - Sports Pack 1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73370408-B80E-4509-B9AF-957E2E0F512F}_is1" = WinZip System Utilities Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}" = LightScribe Applications
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7ABBD4-A617-4AE8-9C6D-1510DE46EC35}" = Nero 11
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A7391302-FADF-4314-80DC-C757DAE45178}" = 7200
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AC966B90-53CA-4710-8EEE-57ED25387872}" = 7200Trb
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{B00D2907-8093-4C89-8D0B-90F5126FCC40}" = Statware Basketball v6.0
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}" = CWA Reminder by We-Care.com v4.1.18.3
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C7DACB79-D0BE-477B-B63F-4BBF33F39B7A}" = TWC Client ActiveX Controls
"{C82C515A-CAE3-44B3-B5CC-81C5E4A92E8F}" = Nero Prerequisite Installer 1.0
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB807EB6-5179-48B7-98D4-7B4934A57A81}" = Documents To Go
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1F50F1B-BD00-4161-A2FD-FC08A6E8240F}" = HandySCOPE303
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{F8C7F1F2-EF8A-4019-89A8-77C5667F75C7}" = LightScribe Template Designs - Animal Pack 1
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"7-Zip" = 7-Zip 9.22beta
"7-Zip 9.20" = 7-Zip 9.20
"841F246A60607D129BAE7F771CB55E7B3EF8BCF8" = Windows Driver Package - Intel net (11/01/2006 9.1.0.111)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Internet Security
"BassBox 6 Pro" = BassBox 6 Pro
"BitTorrent" = BitTorrent
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"C805F03D733C5C658A973935646FBB5296D72B14" = Windows Driver Package - Intel net (10/30/2006 10.6.0.29)
"Cisco Connect" = Cisco Connect
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 3.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"DefaultTab" = DefaultTab
"DefaultTab Chrome" = DefaultTab Chrome
"Dell Support Center" = Dell Support Center
"Driver Performer_is1" = Driver Performer
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVDFab 8 Qt_is1" = DVDFab 8.1.3.2 (31/10/2011) Qt
"DVDFab 8_is1" = DVDFab 8.0.5.0 (18/11/2010)
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FileHippo.com" = FileHippo.com Update Checker
"FreeFileViewer_is1" = Free File Viewer 2012
"Google Chrome" = Google Chrome
"Heavy Weather Pro WS 2800_is1" = Heavy Weather Pro WS 2800 US
"HP Photo & Imaging" = HP Image Zone 4.7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Loki Browser Plugin" = Loki Browser Plugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel® PROSet/Wireless Software
"PSIM-in-DOSBox PLC Simulator_is1" = PSIM-in-DOSBox ver: 1.2
"Python 2.1 combined Win32 extensions" = Python 2.1 combined Win32 extensions
"Rhapsody" = Rhapsody
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"Surf Canyon" = Fast Search
"SystemRequirementsLab" = System Requirements Lab
"Trusted Software Assistant_is1" = File Type Assistant
"Vid-Saver" = Vid-Saver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinISD beta" = WinISD beta
"WinISD Pro [alpha]" = WinISD Pro [alpha]
"winscp3_is1" = WinSCP 4.3.9
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"WUHU" = WUHU
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"c4a06a33ee490fa7" = Statware Basketball On-Line
"f031ef6ac137efc5" = Dell Driver Download Manager
"GoToMeeting" = GoToMeeting 4.0.0.320
"MapQuest Toolbar" = MapQuest Toolbar
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/27/2012 12:30:06 AM | Computer Name = MARTYSLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11334297

Error - 8/27/2012 12:30:09 AM | Computer Name = MARTYSLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/27/2012 12:30:09 AM | Computer Name = MARTYSLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11337438

Error - 8/27/2012 12:30:09 AM | Computer Name = MARTYSLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11337438

Error - 8/27/2012 4:35:26 PM | Computer Name = MARTYSLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/27/2012 4:35:26 PM | Computer Name = MARTYSLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17622781

Error - 8/27/2012 4:35:26 PM | Computer Name = MARTYSLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17622781

Error - 8/27/2012 4:35:42 PM | Computer Name = MARTYSLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/27/2012 4:35:42 PM | Computer Name = MARTYSLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17639141

Error - 8/27/2012 4:35:42 PM | Computer Name = MARTYSLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17639141

[ System Events ]
Error - 8/27/2012 6:35:27 PM | Computer Name = MARTYSLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 8/27/2012 6:35:27 PM | Computer Name = MARTYSLAPTOP | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 8/27/2012 6:35:27 PM | Computer Name = MARTYSLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Simple TCP/IP Services service depends on the AFD service which
failed to start because of the following error: %%31

Error - 8/27/2012 6:35:27 PM | Computer Name = MARTYSLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswFW AswRdr aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd
Rdbss
Tcpip
Tcpip6
WS2IFSL

Error - 8/27/2012 6:38:22 PM | Computer Name = MARTYSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/27/2012 6:38:47 PM | Computer Name = MARTYSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/27/2012 6:41:37 PM | Computer Name = MARTYSLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSnx aswSP aswTdi Fips intelppm

Error - 8/27/2012 6:42:28 PM | Computer Name = MARTYSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/27/2012 6:45:30 PM | Computer Name = MARTYSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/27/2012 6:46:41 PM | Computer Name = MARTYSLAPTOP | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2


< End of report >
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 23


Uninstall:
BitTorrent
DAEMON Tools Lite (you can reinstall it later. It interferes with some of our scans)
Fast Search
Loki Browser Plugin
Vid-Saver
Yahoo! Toolbar
Yahoo! Software Update
MapQuest Toolbar

Copy the text in the code box by highlighting and Ctrl + c


:OTL
IE - HKLM\..\URLSearchHook: {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=26-11-2011
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6785D267-BFCC-4651-893F-7E12CDCECA5F}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...s}&locale=en_US
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=26-11-2011
IE - HKCU\..\SearchScopes\{6785D267-BFCC-4651-893F-7E12CDCECA5F}: "URL" = http://search.yahoo....833,19213,0,8,0
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-05-26 22:25:40&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKCU\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.c...on=1.1.1000.4(B)
IE - HKCU\..\SearchScopes\{BB211D29-0016-42AF-901A-746056451211}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....&fr=chr-offrhap
[2011/12/18 05:56:22 | 000,016,882 | -HS- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\0k70uw8h77s060
[2011/12/18 05:56:22 | 000,016,882 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0k70uw8h77s060
[2011/12/12 00:01:39 | 000,014,866 | -HS- | C] () -- C:\Documents and Settings\Marty\Local Settings\Application Data\2y30ou3s74e850
[2011/12/12 00:01:39 | 000,014,866 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2y30ou3s74e850
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files\Vid-Saver\Vid-Saver.dll (215 Apps)
O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Marty\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
net start afd /c
net start ipsec /c
net start /c
ipconfig /all /c
     
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


Download, Save and Run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Double click aswMBR.exe
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe and to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron
  • 0

#6
mwright1000

mwright1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Farbar Service Scanner Version: 06-08-2012
Ran by Marty (administrator) on 28-08-2012 at 20:01:54
Running from "C:\Documents and Settings\Marty\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) aswFW(13) aswTdi(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) s24trans(8) Tcpip(4) Tcpip6(11)
0x0D00000005000000010000000200000003000000040000000D0000000A0000000B0000000C00000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#7
mwright1000

mwright1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
==================================================
Dump File : Mini082612-01.dmp
Crash Time : 8/26/2012 11:37:34 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x0000000c
Parameter 2 : 0x00000005
Parameter 3 : 0x00000001
Parameter 4 : 0xb7f135f7
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+85f7
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : atapi.sys+85f7
Stack Address 1 : atapi.sys+3b93
Stack Address 2 : atapi.sys+614b
Stack Address 3 : ntoskrnl.exe+6e4c1
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini082612-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini122111-09.dmp
Crash Time : 12/21/2011 7:18:14 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0xb1186e6c
Parameter 2 : 0x00000002
Parameter 3 : 0x00000008
Parameter 4 : 0xb1186e6c
Caused By Driver : aswNdis2.sys
Caused By Address : aswNdis2.sys+ea05
File Description : avast! Filtering NDIS driver
Product Name : avast! Antivirus
Company : AVAST Software
File Version : 7.0.1466.549
Processor : 32-bit
Crash Address :
Stack Address 1 : aswNdis2.sys+3e43
Stack Address 2 : ntoskrnl.exe+2b20f
Stack Address 3 : ntoskrnl.exe+2b32b
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini122111-09.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini122111-08.dmp
Crash Time : 12/21/2011 6:59:41 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x1000007f
Parameter 1 : 0x00000008
Parameter 2 : 0x80042000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : netbt.sys
Caused By Address : netbt.sys+fe75
File Description : MBT Transport driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Processor : 32-bit
Crash Address : netbt.sys+fe75
Stack Address 1 : aswNdis2.sys+3e43
Stack Address 2 : ntoskrnl.exe+2b20f
Stack Address 3 : ntoskrnl.exe+2b32b
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini122111-08.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini122111-07.dmp
Crash Time : 12/21/2011 6:52:23 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x0000001c
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xb0f9ce93
Caused By Driver : btwusb.sys
Caused By Address : btwusb.sys+7e93
File Description : Driver for Bluetooth USB Devices
Product Name : Bluetooth Software
Company : Broadcom Corporation.
File Version : 5.1.0.2900
Processor : 32-bit
Crash Address : btwusb.sys+7e93
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini122111-07.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini122111-06.dmp
Crash Time : 12/21/2011 2:25:44 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x1000007f
Parameter 1 : 0x00000008
Parameter 2 : 0x80042000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : netbt.sys
Caused By Address : netbt.sys+fe75
File Description : MBT Transport driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Processor : 32-bit
Crash Address : netbt.sys+fe75
Stack Address 1 : aswNdis2.sys+3e43
Stack Address 2 : ntoskrnl.exe+2b20f
Stack Address 3 : ntoskrnl.exe+2b32b
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini122111-06.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini122111-05.dmp
Crash Time : 12/21/2011 2:17:24 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x1000007f
Parameter 1 : 0x00000008
Parameter 2 : 0x80042000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : netbt.sys
Caused By Address : netbt.sys+fe75
File Description : MBT Transport driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Processor : 32-bit
Crash Address : netbt.sys+fe75
Stack Address 1 : aswNdis2.sys+3e43
Stack Address 2 : ntoskrnl.exe+2b20f
Stack Address 3 : ntoskrnl.exe+2b32b
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini122111-05.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini122111-04.dmp
Crash Time : 12/21/2011 2:11:05 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x1000007f
Parameter 1 : 0x00000008
Parameter 2 : 0x80042000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : netbt.sys
Caused By Address : netbt.sys+fe75
File Description : MBT Transport driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Processor : 32-bit
Crash Address : netbt.sys+fe75
Stack Address 1 : aswNdis2.sys+3e43
Stack Address 2 : ntoskrnl.exe+2b20f
Stack Address 3 : ntoskrnl.exe+2b32b
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini122111-04.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini122111-03.dmp
Crash Time : 12/21/2011 2:05:39 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x1000007f
Parameter 1 : 0x00000008
Parameter 2 : 0x80042000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : netbt.sys
Caused By Address : netbt.sys+fe75
File Description : MBT Transport driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Processor : 32-bit
Crash Address : netbt.sys+fe75
Stack Address 1 : aswNdis2.sys+3e43
Stack Address 2 : ntoskrnl.exe+2b20f
Stack Address 3 : ntoskrnl.exe+2b32b
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini122111-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini122111-02.dmp
Crash Time : 12/21/2011 2:00:20 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x1000007f
Parameter 1 : 0x00000008
Parameter 2 : 0x80042000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : netbt.sys
Caused By Address : netbt.sys+fe75
File Description : MBT Transport driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Processor : 32-bit
Crash Address : netbt.sys+fe75
Stack Address 1 : aswNdis2.sys+3e43
Stack Address 2 : ntoskrnl.exe+2b20f
Stack Address 3 : ntoskrnl.exe+2b32b
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini122111-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini122111-01.dmp
Crash Time : 12/21/2011 1:50:58 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x1000007f
Parameter 1 : 0x00000008
Parameter 2 : 0x80042000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : netbt.sys
Caused By Address : netbt.sys+fe75
File Description : MBT Transport driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Processor : 32-bit
Crash Address : netbt.sys+fe75
Stack Address 1 : aswNdis2.sys+3e43
Stack Address 2 : ntoskrnl.exe+2b20f
Stack Address 3 : ntoskrnl.exe+2b32b
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini122111-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini112711-01.dmp
Crash Time : 11/27/2011 8:29:14 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000046
Parameter 2 : 0x804fc8f5
Parameter 3 : 0xacb8a76c
Parameter 4 : 0x00000000
Caused By Driver : aswSP.SYS
Caused By Address : aswSP.SYS+1e33b
File Description : avast! self protection module
Product Name : avast! Antivirus
Company : AVAST Software
File Version : 7.0.1466.549
Processor : 32-bit
Crash Address : ntoskrnl.exe+258f5
Stack Address 1 : ntoskrnl.exe+2597c
Stack Address 2 : aswSP.SYS+1e33b
Stack Address 3 : aswSP.SYS+1fc45
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini112711-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini111011-01.dmp
Crash Time : 11/10/2011 7:49:30 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000046
Parameter 2 : 0x804fc8f5
Parameter 3 : 0xb140e6b0
Parameter 4 : 0x00000000
Caused By Driver : aswSP.SYS
Caused By Address : aswSP.SYS+1e33b
File Description : avast! self protection module
Product Name : avast! Antivirus
Company : AVAST Software
File Version : 7.0.1466.549
Processor : 32-bit
Crash Address : ntoskrnl.exe+258f5
Stack Address 1 : ntoskrnl.exe+2597c
Stack Address 2 : aswSP.SYS+1e33b
Stack Address 3 : aswSP.SYS+1f87b
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111011-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini102411-01.dmp
Crash Time : 10/24/2011 9:29:27 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0xbec58ffc
Parameter 2 : 0x000000ff
Parameter 3 : 0x00000000
Parameter 4 : 0x80545b7f
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+6eb7f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+6eb7f
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini102411-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini102211-01.dmp
Crash Time : 10/22/2011 11:14:30 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x0000002c
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0xb474ba8c
Caused By Driver : tcpip6.sys
Caused By Address : tcpip6.sys+23a8c
File Description : IPv6 driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5935 (xpsp_sp3_gdr.100211-1404)
Processor : 32-bit
Crash Address : tcpip6.sys+23a8c
Stack Address 1 : tcpip6.sys+252ed
Stack Address 2 : tcpip6.sys+21faa
Stack Address 3 : tcpip6.sys+36be
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini102211-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini092311-01.dmp
Crash Time : 9/23/2011 4:04:00 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x805c0775
Parameter 3 : 0xb360bc94
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+e9775
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+e9775
Stack Address 1 : ntoskrnl.exe+6a67c
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini092311-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini081911-01.dmp
Crash Time : 8/19/2011 6:56:30 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xf000ec62
Parameter 2 : 0x00000008
Parameter 3 : 0xf000ec62
Parameter 4 : 0x00000002
Caused By Driver : aswSnx.SYS
Caused By Address : aswSnx.SYS+376c1
File Description : avast! Virtualization Driver
Product Name : avast! Antivirus
Company : AVAST Software
File Version : 7.0.1466.549
Processor : 32-bit
Crash Address :
Stack Address 1 : ntoskrnl.exe+e5415
Stack Address 2 : ntoskrnl.exe+e554d
Stack Address 3 : aswSP.SYS+11bc9
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini081911-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini080511-01.dmp
Crash Time : 8/5/2011 7:03:48 AM
Bug Check String : DRIVER_CORRUPTED_EXPOOL
Bug Check Code : 0x100000c5
Parameter 1 : 0x98ffd564
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x8054bfd2
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+74fd2
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+74fd2
Stack Address 1 : ntoskrnl.exe+e98bc
Stack Address 2 : ntoskrnl.exe+6a67c
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini080511-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini061311-01.dmp
Crash Time : 6/13/2011 9:45:12 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000046
Parameter 2 : 0x804fc8f5
Parameter 3 : 0xa9eee6b0
Parameter 4 : 0x00000000
Caused By Driver : aswSP.SYS
Caused By Address : aswSP.SYS+1c13f
File Description : avast! self protection module
Product Name : avast! Antivirus
Company : AVAST Software
File Version : 7.0.1466.549
Processor : 32-bit
Crash Address : ntoskrnl.exe+258f5
Stack Address 1 : ntoskrnl.exe+2597c
Stack Address 2 : aswSP.SYS+1c13f
Stack Address 3 : aswSP.SYS+1d704
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini061311-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini021311-01.dmp
Crash Time : 2/13/2011 11:41:00 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00010004
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0xb823a97b
Caused By Driver : HIDCLASS.SYS
Caused By Address : HIDCLASS.SYS+297b
File Description : Hid Class Library
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : HIDCLASS.SYS+297b
Stack Address 1 : HIDCLASS.SYS+1de7
Stack Address 2 : HIDCLASS.SYS+1e79
Stack Address 3 : HIDCLASS.SYS+2094
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini021311-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini011111-01.dmp
Crash Time : 1/11/2011 6:38:06 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0x995969ec
Parameter 2 : 0x00000000
Parameter 3 : 0x8050ed03
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+37d03
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+37d03
Stack Address 1 : ntoskrnl.exe+38ac4
Stack Address 2 : ntoskrnl.exe+d39b
Stack Address 3 : Ntfs.sys+401f3
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini011111-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. DO NOT Allow it to install the Recovery Console as that is temporarily not working. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:
  • 0

#9
mwright1000

mwright1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-28 20:20:55
-----------------------------
20:20:55.578 OS Version: Windows 5.1.2600 Service Pack 3
20:20:55.578 Number of processors: 2 586 0xF06
20:20:55.578 ComputerName: MARTYSLAPTOP UserName: Marty
20:20:57.093 Initialize success
20:20:57.250 AVAST engine defs: 12082803
20:21:15.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:21:15.187 Disk 0 Vendor: ST9250410AS 0002SDM1 Size: 238475MB BusType: 3
20:21:15.203 Disk 0 MBR read successfully
20:21:15.203 Disk 0 MBR scan
20:21:15.203 Disk 0 Windows XP default MBR code
20:21:15.218 Disk 0 Partition 1 00 DE Dell Utility Dell 8.1 47 MB offset 63
20:21:15.218 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 204805 MB offset 96390
20:21:15.218 Disk 0 Partition - 00 0F Extended LBA 33620 MB offset 419537475
20:21:15.250 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 31565 MB offset 419537538
20:21:15.250 Disk 0 Partition - 00 05 Extended 2055 MB offset 484183035
20:21:15.265 Disk 0 Partition 4 00 DD MSDOS5.0 2055 MB offset 484183098
20:21:15.265 Disk 0 scanning sectors +488392065
20:21:15.328 Disk 0 scanning C:\WINDOWS\system32\drivers
20:21:25.890 Service scanning
20:21:41.421 Modules scanning
20:21:48.328 AVAST engine scan C:\WINDOWS
20:22:02.015 AVAST engine scan C:\WINDOWS\system32
20:24:30.437 AVAST engine scan C:\WINDOWS\system32\drivers
20:24:47.078 AVAST engine scan C:\Documents and Settings\Marty
21:36:11.015 AVAST engine scan C:\Documents and Settings\All Users
21:39:03.031 Scan finished successfully
05:09:57.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Marty\Desktop\MBR.dat"
05:09:57.265 The log file has been saved successfully to "C:\Documents and Settings\Marty\Desktop\aswMBR.txt"
  • 0

#10
mwright1000

mwright1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
17:54:03.0703 2236 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
17:54:04.0453 2236 ============================================================
17:54:04.0453 2236 Current date / time: 2012/08/29 17:54:04.0453
17:54:04.0453 2236 SystemInfo:
17:54:04.0453 2236
17:54:04.0453 2236 OS Version: 5.1.2600 ServicePack: 3.0
17:54:04.0453 2236 Product type: Workstation
17:54:04.0453 2236 ComputerName: MARTYSLAPTOP
17:54:04.0453 2236 UserName: Marty
17:54:04.0453 2236 Windows directory: C:\WINDOWS
17:54:04.0453 2236 System windows directory: C:\WINDOWS
17:54:04.0453 2236 Processor architecture: Intel x86
17:54:04.0453 2236 Number of processors: 2
17:54:04.0453 2236 Page size: 0x1000
17:54:04.0453 2236 Boot type: Normal boot
17:54:04.0453 2236 ============================================================
17:54:06.0546 2236 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:54:06.0609 2236 ============================================================
17:54:06.0609 2236 \Device\Harddisk0\DR0:
17:54:06.0609 2236 MBR partitions:
17:54:06.0609 2236 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x190029BD
17:54:06.0625 2236 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1901A282, BlocksNum 0x3DA6979
17:54:06.0640 2236 ============================================================
17:54:06.0718 2236 C: <-> \Device\Harddisk0\DR0\Partition1
17:54:06.0718 2236 ============================================================
17:54:06.0718 2236 Initialize success
17:54:06.0718 2236 ============================================================
17:55:18.0515 4388 ============================================================
17:55:18.0515 4388 Scan started
17:55:18.0515 4388 Mode: Manual; SigCheck; TDLFS;
17:55:18.0515 4388 ============================================================
17:55:19.0093 4388 ================ Scan system memory ========================
17:55:21.0859 4388 System memory - ok
17:55:21.0859 4388 ================ Scan services =============================
17:55:22.0062 4388 [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883 C:\WINDOWS\system32\DRIVERS\61883.sys
17:55:22.0656 4388 61883 - ok
17:55:22.0687 4388 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
17:55:22.0750 4388 6to4 - ok
17:55:22.0781 4388 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
17:55:22.0890 4388 Aavmker4 - ok
17:55:22.0890 4388 Abiosdsk - ok
17:55:22.0906 4388 abp480n5 - ok
17:55:22.0953 4388 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:55:23.0156 4388 ACPI - ok
17:55:23.0203 4388 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:55:23.0390 4388 ACPIEC - ok
17:55:23.0484 4388 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:55:23.0515 4388 AdobeFlashPlayerUpdateSvc - ok
17:55:23.0515 4388 adpu160m - ok
17:55:23.0546 4388 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:55:23.0750 4388 aec - ok
17:55:23.0812 4388 [ 91F3DF93F40A74D222CD166FE95DB633 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:55:23.0828 4388 AegisP ( UnsignedFile.Multi.Generic ) - warning
17:55:23.0828 4388 AegisP - detected UnsignedFile.Multi.Generic (1)
17:55:23.0875 4388 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:55:23.0921 4388 AFD - ok
17:55:23.0921 4388 Aha154x - ok
17:55:23.0937 4388 aic78u2 - ok
17:55:23.0937 4388 aic78xx - ok
17:55:23.0984 4388 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:55:24.0187 4388 Alerter - ok
17:55:24.0218 4388 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:55:24.0421 4388 ALG - ok
17:55:24.0437 4388 AliIde - ok
17:55:24.0437 4388 amsint - ok
17:55:24.0546 4388 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:55:24.0578 4388 Apple Mobile Device - ok
17:55:24.0609 4388 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:55:24.0828 4388 AppMgmt - ok
17:55:24.0875 4388 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:55:25.0281 4388 Arp1394 - ok
17:55:25.0281 4388 asc - ok
17:55:25.0281 4388 asc3350p - ok
17:55:25.0296 4388 asc3550 - ok
17:55:25.0390 4388 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:55:25.0421 4388 aspnet_state - ok
17:55:25.0453 4388 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:55:25.0484 4388 aswFsBlk - ok
17:55:25.0546 4388 [ 09678587C5C70F91720631EF048B4744 ] aswFW C:\WINDOWS\system32\drivers\aswFW.sys
17:55:25.0578 4388 aswFW - ok
17:55:25.0625 4388 [ 31E0D16EB06D09A248AFF20C76F9091B ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
17:55:25.0656 4388 aswKbd - ok
17:55:25.0671 4388 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
17:55:25.0703 4388 aswMon2 - ok
17:55:25.0718 4388 [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis C:\WINDOWS\system32\DRIVERS\aswNdis.sys
17:55:25.0750 4388 aswNdis - ok
17:55:25.0750 4388 [ C6E5E1E0FB3827B2359F4D394ECAA070 ] aswNdis2 C:\WINDOWS\system32\drivers\aswNdis2.sys
17:55:25.0796 4388 aswNdis2 - ok
17:55:25.0812 4388 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
17:55:25.0843 4388 AswRdr - ok
17:55:25.0875 4388 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
17:55:25.0968 4388 aswSnx - ok
17:55:26.0015 4388 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
17:55:26.0062 4388 aswSP - ok
17:55:26.0078 4388 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
17:55:26.0109 4388 aswTdi - ok
17:55:26.0156 4388 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:55:26.0343 4388 AsyncMac - ok
17:55:26.0359 4388 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:55:26.0578 4388 atapi - ok
17:55:26.0578 4388 Atdisk - ok
17:55:26.0609 4388 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:55:26.0812 4388 Atmarpc - ok
17:55:26.0875 4388 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:55:27.0078 4388 AudioSrv - ok
17:55:27.0140 4388 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:55:27.0328 4388 audstub - ok
17:55:27.0437 4388 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:55:27.0468 4388 avast! Antivirus - ok
17:55:27.0468 4388 [ DD4C61CB3CDBC8B0A7D2107C6944DC71 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
17:55:27.0515 4388 avast! Firewall - ok
17:55:27.0546 4388 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys
17:55:27.0750 4388 Avc - ok
17:55:27.0828 4388 [ E9EA635B8432D68F0005B3F6CEBAB837 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:55:27.0953 4388 BCM43XX - ok
17:55:27.0968 4388 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
17:55:28.0000 4388 bcm4sbxp - ok
17:55:28.0046 4388 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:55:28.0265 4388 Beep - ok
17:55:28.0312 4388 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:55:28.0546 4388 BITS - ok
17:55:28.0640 4388 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:55:28.0687 4388 Bonjour Service - ok
17:55:28.0734 4388 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
17:55:28.0781 4388 Browser - ok
17:55:28.0859 4388 [ ECDC40CC54603C711E1A7A1C9255184A ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
17:55:28.0921 4388 btaudio - ok
17:55:28.0937 4388 [ 58A49BD10E08D3D4333A60DEDCB1CED8 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
17:55:28.0968 4388 BTDriver - ok
17:55:29.0000 4388 [ 885B6D0F826A216EEE4C3AD883809012 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
17:55:29.0093 4388 BTKRNL - ok
17:55:29.0203 4388 [ 467BC618DEBA4F8DB5A1A5E87510C335 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
17:55:29.0234 4388 btwdins - ok
17:55:29.0250 4388 [ B1D350F3F13CF340FCE93912D2BA1EBF ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
17:55:29.0312 4388 BTWDNDIS - ok
17:55:29.0343 4388 [ E48668B4A6A5CF68B33AECAD18EE8E1E ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys
17:55:29.0375 4388 btwhid - ok
17:55:29.0390 4388 [ 8BCD7BFE9C70A8FF7444263435B18AA1 ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys
17:55:29.0406 4388 btwmodem - ok
17:55:29.0437 4388 [ 57E91E9925976BBC98984EEBAAF1D84C ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
17:55:29.0468 4388 BTWUSB - ok
17:55:29.0515 4388 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:55:29.0734 4388 cbidf2k - ok
17:55:29.0734 4388 cd20xrnt - ok
17:55:29.0781 4388 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:55:29.0984 4388 Cdaudio - ok
17:55:30.0031 4388 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:55:30.0234 4388 Cdfs - ok
17:55:30.0265 4388 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:55:30.0468 4388 Cdrom - ok
17:55:30.0515 4388 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
17:55:30.0546 4388 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
17:55:30.0546 4388 cercsr6 - detected UnsignedFile.Multi.Generic (1)
17:55:30.0546 4388 Changer - ok
17:55:30.0578 4388 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:55:30.0796 4388 CiSvc - ok
17:55:30.0812 4388 [ CC82215750723D839DBC5D2D625FC130 ] CLBStor C:\WINDOWS\system32\drivers\CLBStor.sys
17:55:30.0828 4388 CLBStor ( UnsignedFile.Multi.Generic ) - warning
17:55:30.0828 4388 CLBStor - detected UnsignedFile.Multi.Generic (1)
17:55:30.0843 4388 [ C002F79E6EE9BDF442514435C3D2BCB6 ] CLBUDFR C:\WINDOWS\system32\drivers\CLBUDFR.sys
17:55:30.0843 4388 CLBUDFR ( UnsignedFile.Multi.Generic ) - warning
17:55:30.0843 4388 CLBUDFR - detected UnsignedFile.Multi.Generic (1)
17:55:30.0875 4388 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:55:31.0062 4388 ClipSrv - ok
17:55:31.0156 4388 [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_B91CB6D3 C:\Program Files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
17:55:31.0187 4388 CLKMSVC10_B91CB6D3 - ok
17:55:31.0234 4388 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:55:31.0265 4388 clr_optimization_v2.0.50727_32 - ok
17:55:31.0359 4388 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:55:31.0390 4388 clr_optimization_v4.0.30319_32 - ok
17:55:31.0437 4388 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:55:31.0625 4388 CmBatt - ok
17:55:31.0640 4388 CmdIde - ok
17:55:31.0671 4388 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:55:31.0859 4388 Compbatt - ok
17:55:31.0859 4388 COMSysApp - ok
17:55:31.0859 4388 Cpqarray - ok
17:55:31.0890 4388 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:55:32.0093 4388 CryptSvc - ok
17:55:32.0093 4388 dac2w2k - ok
17:55:32.0093 4388 dac960nt - ok
17:55:32.0156 4388 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:55:32.0218 4388 DcomLaunch - ok
17:55:32.0296 4388 [ 2AB40D0F2C34549604C75DC0B54451E7 ] DefaultTabSearch C:\Program Files\DefaultTab\DefaultTabSearch.exe
17:55:32.0359 4388 DefaultTabSearch ( UnsignedFile.Multi.Generic ) - warning
17:55:32.0359 4388 DefaultTabSearch - detected UnsignedFile.Multi.Generic (1)
17:55:32.0500 4388 [ 34AE0DFA3EE3B5B9975042D87332D0B7 ] DefaultTabUpdate C:\Documents and Settings\Marty\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
17:55:32.0515 4388 DefaultTabUpdate ( UnsignedFile.Multi.Generic ) - warning
17:55:32.0515 4388 DefaultTabUpdate - detected UnsignedFile.Multi.Generic (1)
17:55:32.0562 4388 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:55:32.0796 4388 Dhcp - ok
17:55:32.0796 4388 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:55:33.0000 4388 Disk - ok
17:55:33.0015 4388 dmadmin - ok
17:55:33.0062 4388 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:55:33.0343 4388 dmboot - ok
17:55:33.0359 4388 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:55:33.0562 4388 dmio - ok
17:55:33.0593 4388 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:55:33.0781 4388 dmload - ok
17:55:33.0812 4388 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:55:34.0000 4388 dmserver - ok
17:55:34.0031 4388 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:55:34.0234 4388 DMusic - ok
17:55:34.0265 4388 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:55:34.0296 4388 Dnscache - ok
17:55:34.0375 4388 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:55:34.0562 4388 Dot3svc - ok
17:55:34.0562 4388 dpti2o - ok
17:55:34.0625 4388 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:55:34.0812 4388 drmkaud - ok
17:55:34.0843 4388 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:55:35.0046 4388 EapHost - ok
17:55:35.0046 4388 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:55:35.0265 4388 ERSvc - ok
17:55:35.0312 4388 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:55:35.0375 4388 Eventlog - ok
17:55:35.0406 4388 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
17:55:35.0453 4388 EventSystem - ok
17:55:35.0531 4388 [ F96E450937BAD69FE4804D46829AA5C7 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
17:55:35.0531 4388 EvtEng ( UnsignedFile.Multi.Generic ) - warning
17:55:35.0531 4388 EvtEng - detected UnsignedFile.Multi.Generic (1)
17:55:35.0578 4388 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:55:35.0781 4388 Fastfat - ok
17:55:35.0843 4388 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:55:35.0906 4388 FastUserSwitchingCompatibility - ok
17:55:35.0921 4388 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
17:55:36.0109 4388 Fdc - ok
17:55:36.0140 4388 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:55:36.0375 4388 Fips - ok
17:55:36.0375 4388 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
17:55:36.0562 4388 Flpydisk - ok
17:55:36.0593 4388 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:55:36.0796 4388 FltMgr - ok
17:55:36.0843 4388 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:55:36.0875 4388 FontCache3.0.0.0 - ok
17:55:36.0875 4388 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:55:37.0078 4388 Fs_Rec - ok
17:55:37.0109 4388 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:55:37.0359 4388 Ftdisk - ok
17:55:37.0375 4388 [ C6E3105B8C68C35CC1EB26A00FD1A8C6 ] gdrv C:\WINDOWS\gdrv.sys
17:55:37.0406 4388 gdrv - ok
17:55:37.0437 4388 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:55:37.0468 4388 GEARAspiWDM - ok
17:55:37.0484 4388 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:55:37.0671 4388 Gpc - ok
17:55:37.0781 4388 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:55:37.0796 4388 gupdate - ok
17:55:37.0812 4388 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:55:37.0859 4388 gupdatem - ok
17:55:37.0921 4388 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:55:37.0953 4388 gusvc - ok
17:55:37.0984 4388 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:55:38.0187 4388 HDAudBus - ok
17:55:38.0265 4388 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:55:38.0468 4388 helpsvc - ok
17:55:38.0500 4388 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:55:38.0703 4388 HidServ - ok
17:55:38.0750 4388 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:55:38.0937 4388 HidUsb - ok
17:55:38.0984 4388 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:55:39.0187 4388 hkmsvc - ok
17:55:39.0203 4388 hpn - ok
17:55:39.0218 4388 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:55:39.0265 4388 HPZius12 - ok
17:55:39.0312 4388 [ 1C8CAA80E91FB71864E9426F9EED048D ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
17:55:39.0359 4388 HSFHWAZL - ok
17:55:39.0390 4388 [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
17:55:39.0484 4388 HSF_DPV - ok
17:55:39.0546 4388 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:55:39.0593 4388 HTTP - ok
17:55:39.0656 4388 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:55:39.0875 4388 HTTPFilter - ok
17:55:39.0875 4388 i2omgmt - ok
17:55:39.0875 4388 i2omp - ok
17:55:39.0921 4388 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:55:40.0125 4388 i8042prt - ok
17:55:40.0156 4388 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:55:40.0171 4388 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:55:40.0171 4388 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:55:40.0218 4388 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:55:40.0328 4388 idsvc - ok
17:55:40.0328 4388 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:55:40.0515 4388 Imapi - ok
17:55:40.0562 4388 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:55:40.0765 4388 ImapiService - ok
17:55:40.0765 4388 ini910u - ok
17:55:40.0781 4388 IntelIde - ok
17:55:40.0796 4388 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:55:40.0984 4388 intelppm - ok
17:55:41.0000 4388 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:55:41.0187 4388 Ip6Fw - ok
17:55:41.0218 4388 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:55:41.0421 4388 IpFilterDriver - ok
17:55:41.0437 4388 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:55:41.0640 4388 IpInIp - ok
17:55:41.0656 4388 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:55:41.0859 4388 IpNat - ok
17:55:41.0953 4388 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:55:42.0015 4388 iPod Service - ok
17:55:42.0062 4388 [ F08D74EC300B8BA60CA953C58A24D19E ] Iprip C:\WINDOWS\System32\iprip.dll
17:55:42.0250 4388 Iprip - ok
17:55:42.0296 4388 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:55:42.0484 4388 IPSec - ok
17:55:42.0515 4388 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:55:42.0734 4388 IRENUM - ok
17:55:42.0765 4388 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:55:42.0953 4388 isapnp - ok
17:55:42.0968 4388 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:55:43.0156 4388 Kbdclass - ok
17:55:43.0203 4388 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:55:43.0390 4388 kbdhid - ok
17:55:43.0421 4388 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:55:43.0625 4388 kmixer - ok
17:55:43.0656 4388 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:55:43.0718 4388 KSecDD - ok
17:55:43.0765 4388 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:55:43.0828 4388 lanmanserver - ok
17:55:43.0890 4388 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:55:43.0937 4388 lanmanworkstation - ok
17:55:43.0953 4388 lbrtfdc - ok
17:55:44.0031 4388 [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:55:44.0046 4388 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:55:44.0046 4388 LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:55:44.0078 4388 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:55:44.0281 4388 LmHosts - ok
17:55:44.0296 4388 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
17:55:44.0328 4388 MBAMProtector - ok
17:55:44.0390 4388 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:55:44.0437 4388 MBAMService - ok
17:55:44.0437 4388 MCSTRM - ok
17:55:44.0484 4388 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:55:44.0515 4388 mdmxsdk - ok
17:55:44.0546 4388 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:55:44.0781 4388 Messenger - ok
17:55:44.0875 4388 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:55:44.0906 4388 Microsoft Office Groove Audit Service - ok
17:55:44.0937 4388 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:55:45.0140 4388 mnmdd - ok
17:55:45.0171 4388 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:55:45.0390 4388 mnmsrvc - ok
17:55:45.0421 4388 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:55:45.0609 4388 Modem - ok
17:55:45.0625 4388 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:55:45.0812 4388 Mouclass - ok
17:55:45.0859 4388 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:55:46.0062 4388 mouhid - ok
17:55:46.0078 4388 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:55:46.0250 4388 MountMgr - ok
17:55:46.0265 4388 mraid35x - ok
17:55:46.0265 4388 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:55:46.0484 4388 MRxDAV - ok
17:55:46.0515 4388 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:55:46.0578 4388 MRxSmb - ok
17:55:46.0593 4388 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:55:46.0812 4388 MSDTC - ok
17:55:46.0828 4388 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:55:47.0000 4388 Msfs - ok
17:55:47.0015 4388 MSIServer - ok
17:55:47.0031 4388 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:55:47.0234 4388 MSKSSRV - ok
17:55:47.0250 4388 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:55:47.0437 4388 MSPCLOCK - ok
17:55:47.0453 4388 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:55:47.0640 4388 MSPQM - ok
17:55:47.0671 4388 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:55:47.0859 4388 mssmbios - ok
17:55:47.0875 4388 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:55:47.0906 4388 Mup - ok
17:55:47.0968 4388 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:55:48.0171 4388 napagent - ok
17:55:48.0281 4388 [ 1BBBF640BC0E0B750537BAECE8D66C18 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
17:55:48.0328 4388 NAUpdate - ok
17:55:48.0343 4388 [ 0AE25530894A934C6CA600865C6E9D7C ] NBVol C:\WINDOWS\system32\DRIVERS\NBVol.sys
17:55:48.0375 4388 NBVol - ok
17:55:48.0390 4388 [ 1DDCEF3039C9D90AF3529DEE6699967D ] NBVolUp C:\WINDOWS\system32\DRIVERS\NBVolUp.sys
17:55:48.0406 4388 NBVolUp - ok
17:55:48.0437 4388 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:55:48.0640 4388 NDIS - ok
17:55:48.0687 4388 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:55:48.0734 4388 NdisTapi - ok
17:55:48.0796 4388 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:55:48.0984 4388 Ndisuio - ok
17:55:48.0984 4388 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:55:49.0187 4388 NdisWan - ok
17:55:49.0218 4388 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:55:49.0250 4388 NDProxy - ok
17:55:49.0312 4388 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
17:55:49.0421 4388 Nero BackItUp Scheduler 4.0 - ok
17:55:49.0453 4388 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:55:49.0656 4388 NetBIOS - ok
17:55:49.0718 4388 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:55:49.0906 4388 NetBT - ok
17:55:49.0953 4388 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:55:50.0171 4388 NetDDE - ok
17:55:50.0187 4388 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:55:50.0375 4388 NetDDEdsdm - ok
17:55:50.0421 4388 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:55:50.0609 4388 Netlogon - ok
17:55:50.0671 4388 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:55:50.0875 4388 Netman - ok
17:55:50.0921 4388 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:55:50.0953 4388 NetTcpPortSharing - ok
17:55:50.0953 4388 NgFilter - ok
17:55:50.0968 4388 NgLog - ok
17:55:50.0968 4388 NgVpn - ok
17:55:50.0968 4388 NgWfp - ok
17:55:51.0000 4388 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:55:51.0203 4388 NIC1394 - ok
17:55:51.0234 4388 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:55:51.0296 4388 Nla - ok
17:55:51.0343 4388 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:55:51.0546 4388 Npfs - ok
17:55:51.0562 4388 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:55:51.0765 4388 Ntfs - ok
17:55:51.0796 4388 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:55:51.0984 4388 NtLmSsp - ok
17:55:52.0015 4388 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:55:52.0234 4388 NtmsSvc - ok
17:55:52.0265 4388 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:55:52.0453 4388 Null - ok
17:55:52.0656 4388 [ D42FB8615E810901779294F5627364FE ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:55:53.0031 4388 nv - ok
17:55:53.0046 4388 [ 755D3A2DE4B05024F90430FE32FF26A5 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
17:55:53.0109 4388 NVSvc - ok
17:55:53.0140 4388 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:55:53.0359 4388 NwlnkFlt - ok
17:55:53.0390 4388 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:55:53.0609 4388 NwlnkFwd - ok
17:55:53.0718 4388 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:55:53.0781 4388 odserv - ok
17:55:53.0812 4388 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:55:54.0000 4388 ohci1394 - ok
17:55:54.0046 4388 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:55:54.0078 4388 ose - ok
17:55:54.0109 4388 [ 937A02981F11B2CE96B1D493C95AED2B ] p2pgasvc C:\WINDOWS\system32\p2pgasvc.dll
17:55:54.0343 4388 p2pgasvc - ok
17:55:54.0375 4388 [ 4A1035CB8F0D57BE41873B5183D96CF4 ] p2pimsvc C:\WINDOWS\system32\p2psvc.dll
17:55:54.0625 4388 p2pimsvc - ok
17:55:54.0671 4388 [ 4A1035CB8F0D57BE41873B5183D96CF4 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
17:55:54.0875 4388 p2psvc - ok
17:55:54.0906 4388 [ DC450992EBA6F914080C1F7FBEEED72C ] PalmUSBD C:\WINDOWS\system32\drivers\PalmUSBD.sys
17:55:54.0968 4388 PalmUSBD - ok
17:55:55.0015 4388 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
17:55:55.0218 4388 Parport - ok
17:55:55.0250 4388 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:55:55.0421 4388 PartMgr - ok
17:55:55.0453 4388 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:55:55.0656 4388 ParVdm - ok
17:55:55.0671 4388 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:55:55.0859 4388 PCI - ok
17:55:55.0859 4388 PCIDump - ok
17:55:55.0890 4388 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:55:56.0078 4388 PCIIde - ok
17:55:56.0125 4388 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:55:56.0328 4388 Pcmcia - ok
17:55:56.0375 4388 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
17:55:56.0390 4388 pcouffin ( UnsignedFile.Multi.Generic ) - warning
17:55:56.0390 4388 pcouffin - detected UnsignedFile.Multi.Generic (1)
17:55:56.0390 4388 PDCOMP - ok
17:55:56.0390 4388 PDFRAME - ok
17:55:56.0406 4388 PDRELI - ok
17:55:56.0406 4388 PDRFRAME - ok
17:55:56.0421 4388 perc2 - ok
17:55:56.0421 4388 perc2hib - ok
17:55:56.0453 4388 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:55:56.0500 4388 PlugPlay - ok
17:55:56.0546 4388 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
17:55:56.0578 4388 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:55:56.0578 4388 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:55:56.0609 4388 [ 4A1035CB8F0D57BE41873B5183D96CF4 ] PNRPSvc C:\WINDOWS\system32\p2psvc.dll
17:55:56.0812 4388 PNRPSvc - ok
17:55:56.0828 4388 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:55:57.0015 4388 PolicyAgent - ok
17:55:57.0046 4388 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:55:57.0234 4388 PptpMiniport - ok
17:55:57.0250 4388 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:55:57.0437 4388 ProtectedStorage - ok
17:55:57.0437 4388 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:55:57.0640 4388 PSched - ok
17:55:57.0671 4388 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:55:57.0875 4388 Ptilink - ok
17:55:57.0875 4388 ql1080 - ok
17:55:57.0890 4388 Ql10wnt - ok
17:55:57.0890 4388 ql12160 - ok
17:55:57.0890 4388 ql1240 - ok
17:55:57.0906 4388 ql1280 - ok
17:55:57.0937 4388 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:55:58.0125 4388 RasAcd - ok
17:55:58.0140 4388 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:55:58.0343 4388 RasAuto - ok
17:55:58.0359 4388 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:55:58.0546 4388 Rasl2tp - ok
17:55:58.0578 4388 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:55:58.0781 4388 RasMan - ok
17:55:58.0781 4388 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:55:58.0984 4388 RasPppoe - ok
17:55:58.0984 4388 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:55:59.0187 4388 Raspti - ok
17:55:59.0218 4388 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:55:59.0406 4388 Rdbss - ok
17:55:59.0406 4388 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:55:59.0640 4388 RDPCDD - ok
17:55:59.0656 4388 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:55:59.0843 4388 rdpdr - ok
17:55:59.0906 4388 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:55:59.0953 4388 RDPWD - ok
17:55:59.0984 4388 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:56:00.0187 4388 RDSessMgr - ok
17:56:00.0218 4388 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:56:00.0390 4388 redbook - ok
17:56:00.0406 4388 [ 6210679582240D54CC7FCC6278CA8B04 ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
17:56:00.0421 4388 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
17:56:00.0421 4388 RegSrvc - detected UnsignedFile.Multi.Generic (1)
17:56:00.0468 4388 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:56:00.0687 4388 RemoteAccess - ok
17:56:00.0703 4388 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:56:00.0921 4388 RemoteRegistry - ok
17:56:00.0968 4388 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
17:56:01.0015 4388 RichVideo - ok
17:56:01.0062 4388 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
17:56:01.0093 4388 rimmptsk - ok
17:56:01.0109 4388 [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
17:56:01.0156 4388 rimsptsk - ok
17:56:01.0203 4388 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
17:56:01.0234 4388 rismxdp - ok
17:56:01.0265 4388 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:56:01.0453 4388 RpcLocator - ok
17:56:01.0500 4388 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
17:56:01.0546 4388 RpcSs - ok
17:56:01.0593 4388 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:56:01.0843 4388 RSVP - ok
17:56:01.0906 4388 [ 99647323602BE0E77A9737E6EADA65BA ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
17:56:01.0937 4388 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
17:56:01.0937 4388 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
17:56:01.0968 4388 [ 2C0E9E777AB1849B43494626C1F308B5 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
17:56:02.0000 4388 s24trans ( UnsignedFile.Multi.Generic ) - warning
17:56:02.0000 4388 s24trans - detected UnsignedFile.Multi.Generic (1)
17:56:02.0015 4388 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:56:02.0234 4388 SamSs - ok
17:56:02.0265 4388 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:56:02.0484 4388 SCardSvr - ok
17:56:02.0515 4388 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:56:02.0734 4388 Schedule - ok
17:56:02.0750 4388 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:56:02.0937 4388 sdbus - ok
17:56:02.0937 4388 SDDMI2 - ok
17:56:03.0078 4388 [ 43D29ECB8137EEAE30B0970BBC7A5500 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
17:56:03.0171 4388 SDScannerService - ok
17:56:03.0265 4388 [ 6B859B122E85C2C833E6D8C5DC4B07F3 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
17:56:03.0406 4388 SDUpdateService - ok
17:56:03.0421 4388 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:56:03.0625 4388 Secdrv - ok
17:56:03.0640 4388 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:56:03.0859 4388 seclogon - ok
17:56:03.0859 4388 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:56:04.0062 4388 SENS - ok
17:56:04.0093 4388 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
17:56:04.0281 4388 Serial - ok
17:56:04.0328 4388 [ 4D0CE0FADCA29E7DA68CE597AC9010BD ] sfdrv01a C:\WINDOWS\system32\drivers\sfdrv01a.sys
17:56:04.0359 4388 sfdrv01a - ok
17:56:04.0375 4388 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
17:56:04.0562 4388 sffdisk - ok
17:56:04.0578 4388 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
17:56:04.0781 4388 sffp_sd - ok
17:56:04.0812 4388 [ DAAD4C099EBF5094D32C373AC1AC0F3C ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
17:56:04.0843 4388 sfhlp02 - ok
17:56:04.0875 4388 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:56:05.0062 4388 Sfloppy - ok
17:56:05.0125 4388 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:56:05.0343 4388 SharedAccess - ok
17:56:05.0375 4388 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:56:05.0421 4388 ShellHWDetection - ok
17:56:05.0421 4388 Simbad - ok
17:56:05.0484 4388 [ 32933B07FC16D9F778BEE12545FA1B1A ] SimpTcp C:\WINDOWS\system32\tcpsvcs.exe
17:56:05.0687 4388 SimpTcp - ok
17:56:05.0703 4388 Sparrow - ok
17:56:05.0765 4388 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:56:05.0937 4388 splitter - ok
17:56:05.0968 4388 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:56:06.0015 4388 Spooler - ok
17:56:06.0031 4388 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:56:06.0218 4388 sr - ok
17:56:06.0234 4388 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:56:06.0437 4388 srservice - ok
17:56:06.0453 4388 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:56:06.0531 4388 Srv - ok
17:56:06.0562 4388 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:56:06.0765 4388 SSDPSRV - ok
17:56:06.0828 4388 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
17:56:06.0953 4388 STHDA - ok
17:56:07.0015 4388 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
17:56:07.0218 4388 StillCam - ok
17:56:07.0234 4388 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:56:07.0437 4388 stisvc - ok
17:56:07.0515 4388 [ 78B58486A5CB4F418D06EA2D6E961DB0 ] SupportSoft RemoteAssist C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
17:56:07.0562 4388 SupportSoft RemoteAssist - ok
17:56:07.0593 4388 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:56:07.0781 4388 swenum - ok
17:56:07.0812 4388 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:56:08.0015 4388 swmidi - ok
17:56:08.0015 4388 SwPrv - ok
17:56:08.0015 4388 symc810 - ok
17:56:08.0031 4388 symc8xx - ok
17:56:08.0031 4388 sym_hi - ok
17:56:08.0046 4388 sym_u3 - ok
17:56:08.0062 4388 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:56:08.0250 4388 sysaudio - ok
17:56:08.0265 4388 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:56:08.0468 4388 SysmonLog - ok
17:56:08.0484 4388 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:56:08.0687 4388 TapiSrv - ok
17:56:08.0734 4388 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:56:08.0781 4388 Tcpip - ok
17:56:08.0828 4388 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
17:56:08.0906 4388 Tcpip6 - ok
17:56:08.0953 4388 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:56:09.0140 4388 TDPIPE - ok
17:56:09.0156 4388 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:56:09.0328 4388 TDTCP - ok
17:56:09.0343 4388 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:56:09.0515 4388 TermDD - ok
17:56:09.0546 4388 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:56:09.0765 4388 TermService - ok
17:56:09.0781 4388 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:56:09.0828 4388 Themes - ok
17:56:09.0859 4388 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:56:10.0062 4388 TlntSvr - ok
17:56:10.0062 4388 TosIde - ok
17:56:10.0078 4388 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:56:10.0312 4388 TrkWks - ok
17:56:10.0375 4388 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
17:56:10.0562 4388 tunmp - ok
17:56:10.0593 4388 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:56:10.0781 4388 Udfs - ok
17:56:10.0781 4388 ultra - ok
17:56:10.0828 4388 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:56:11.0031 4388 Update - ok
17:56:11.0062 4388 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:56:11.0281 4388 upnphost - ok
17:56:11.0296 4388 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:56:11.0500 4388 UPS - ok
17:56:11.0531 4388 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
17:56:11.0562 4388 USBAAPL - ok
17:56:11.0593 4388 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:56:11.0796 4388 usbccgp - ok
17:56:11.0812 4388 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:56:12.0000 4388 usbehci - ok
17:56:12.0062 4388 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:56:12.0265 4388 usbhub - ok
17:56:12.0296 4388 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:56:12.0500 4388 usbprint - ok
17:56:12.0546 4388 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:56:12.0765 4388 usbscan - ok
17:56:12.0796 4388 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:56:13.0000 4388 USBSTOR - ok
17:56:13.0031 4388 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:56:13.0218 4388 usbuhci - ok
17:56:13.0234 4388 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
17:56:13.0421 4388 usb_rndisx - ok
17:56:13.0453 4388 [ D565AD44C6C4D934AFAD3CA4196B09AA ] uzu4odm1 C:\WINDOWS\system32\Drivers\uzu4odm1.sys
17:56:13.0484 4388 uzu4odm1 ( UnsignedFile.Multi.Generic ) - warning
17:56:13.0484 4388 uzu4odm1 - detected UnsignedFile.Multi.Generic (1)
17:56:13.0484 4388 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:56:13.0671 4388 VgaSave - ok
17:56:13.0671 4388 ViaIde - ok
17:56:13.0687 4388 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:56:13.0890 4388 VolSnap - ok
17:56:13.0921 4388 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:56:14.0125 4388 VSS - ok
17:56:14.0171 4388 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
17:56:14.0375 4388 W32Time - ok
17:56:14.0421 4388 [ 95C7421F8BAFC85BA09D33364058937D ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
17:56:14.0515 4388 w39n51 - ok
17:56:14.0546 4388 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:56:14.0734 4388 Wanarp - ok
17:56:14.0781 4388 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
17:56:14.0828 4388 WDC_SAM - ok
17:56:14.0843 4388 WDICA - ok
17:56:14.0859 4388 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:56:15.0062 4388 wdmaud - ok
17:56:15.0078 4388 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:56:15.0312 4388 WebClient - ok
17:56:15.0375 4388 [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:56:15.0468 4388 winachsf - ok
17:56:15.0578 4388 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:56:15.0750 4388 winmgmt - ok
17:56:15.0812 4388 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
17:56:15.0968 4388 WinRM - ok
17:56:16.0062 4388 [ 8F8D1405BABEE64F5023DD638D3B7E13 ] WINZIPSSDiskOptimizer C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
17:56:16.0140 4388 WINZIPSSDiskOptimizer - ok
17:56:16.0171 4388 [ E876C33293AA5FFA81A1AA28D594712E ] WLANKEEPER C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
17:56:16.0203 4388 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning
17:56:16.0203 4388 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)
17:56:16.0218 4388 wltrysvc - ok
17:56:16.0265 4388 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:56:16.0312 4388 WmdmPmSN - ok
17:56:16.0359 4388 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:56:16.0484 4388 Wmi - ok
17:56:16.0515 4388 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:56:16.0718 4388 WmiAcpi - ok
17:56:16.0937 4388 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:56:17.0156 4388 WmiApSrv - ok
17:56:17.0234 4388 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:56:17.0359 4388 WMPNetworkSvc - ok
17:56:17.0390 4388 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:56:17.0421 4388 WpdUsb - ok
17:56:17.0484 4388 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:56:17.0578 4388 WPFFontCache_v0400 - ok
17:56:17.0625 4388 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:56:17.0828 4388 WS2IFSL - ok
17:56:17.0875 4388 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:56:18.0093 4388 wscsvc - ok
17:56:18.0109 4388 WSearch - ok
17:56:18.0140 4388 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:56:18.0390 4388 wuauserv - ok
17:56:18.0421 4388 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:56:18.0468 4388 WudfPf - ok
17:56:18.0500 4388 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:56:18.0546 4388 WudfRd - ok
17:56:18.0562 4388 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:56:18.0625 4388 WudfSvc - ok
17:56:18.0718 4388 [ 9800840BB0AFD68C04F108FF7B1BF54E ] WV5Communication C:\Program Files\HeavyWeatherWV5\BackEnd.exe
17:56:18.0828 4388 WV5Communication ( UnsignedFile.Multi.Generic ) - warning
17:56:18.0828 4388 WV5Communication - detected UnsignedFile.Multi.Generic (1)
17:56:18.0906 4388 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:56:19.0125 4388 WZCSVC - ok
17:56:19.0156 4388 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:56:19.0359 4388 xmlprov - ok
17:56:19.0375 4388 ================ Scan global ===============================
17:56:19.0406 4388 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:56:19.0468 4388 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:56:19.0515 4388 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:56:19.0546 4388 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:56:19.0578 4388 [Global] - ok
17:56:19.0578 4388 ================ Scan MBR ==================================
17:56:19.0593 4388 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:56:20.0062 4388 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:56:20.0062 4388 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:56:20.0062 4388 ================ Scan VBR ==================================
17:56:20.0062 4388 [ 727B6B871C31E356F1B01444F0BE5744 ] \Device\Harddisk0\DR0\Partition1
17:56:20.0062 4388 \Device\Harddisk0\DR0\Partition1 - ok
17:56:20.0078 4388 [ E107C1BE25F238102F79687D0549003B ] \Device\Harddisk0\DR0\Partition2
17:56:20.0093 4388 \Device\Harddisk0\DR0\Partition2 - ok
17:56:20.0093 4388 ============================================================
17:56:20.0093 4388 Scan finished
17:56:20.0093 4388 ============================================================
17:56:20.0218 6068 Detected object count: 18
17:56:20.0218 6068 Actual detected object count: 18
17:57:03.0671 6068 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:03.0671 6068 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:03.0671 6068 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:03.0671 6068 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:03.0671 6068 CLBStor ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:03.0671 6068 CLBStor ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:03.0671 6068 CLBUDFR ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:03.0671 6068 CLBUDFR ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:03.0671 6068 DefaultTabSearch ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:03.0671 6068 DefaultTabSearch ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:03.0671 6068 DefaultTabUpdate ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:03.0671 6068 DefaultTabUpdate ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:03.0671 6068 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:03.0671 6068 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:03.0671 6068 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:03.0671 6068 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:03.0671 6068 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:03.0671 6068 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:03.0671 6068 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:03.0671 6068 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:03.0671 6068 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:03.0671 6068 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:03.0671 6068 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:03.0671 6068 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:03.0687 6068 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:03.0687 6068 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:03.0687 6068 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:03.0687 6068 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:03.0687 6068 uzu4odm1 ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:03.0687 6068 uzu4odm1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:03.0687 6068 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:03.0687 6068 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:03.0687 6068 WV5Communication ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:03.0687 6068 WV5Communication ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:03.0687 6068 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:57:03.0687 6068 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • 0

Advertisements


#11
mwright1000

mwright1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
The newest one is dated 10/21/11 there are 4 more that are 2009, 2008,and two are 2006
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Rerun TDSSKiller. Have it DELETE (not SKIP)

\Device\Harddisk0\DR0 ( TDSS File System ) -
  • 0

#13
mwright1000

mwright1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 29/08/2012 6:14:38 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/08/2012 6:04:08 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/08/2012 6:04:39 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001C264F7C74. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
  • 0

#14
mwright1000

mwright1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 29/08/2012 6:15:54 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/08/2012 5:46:21 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 28501032

Log: 'Application' Date/Time: 29/08/2012 5:46:21 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 28501032

Log: 'Application' Date/Time: 29/08/2012 5:46:21 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 29/08/2012 5:46:18 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 28498750

Log: 'Application' Date/Time: 29/08/2012 5:46:18 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 28498750

Log: 'Application' Date/Time: 29/08/2012 5:46:18 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 29/08/2012 5:46:16 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 28496297

Log: 'Application' Date/Time: 29/08/2012 5:46:16 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 28496297

Log: 'Application' Date/Time: 29/08/2012 5:46:16 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 29/08/2012 9:51:22 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 2032

Log: 'Application' Date/Time: 29/08/2012 9:51:22 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 2032

Log: 'Application' Date/Time: 29/08/2012 9:51:22 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 28/08/2012 7:33:38 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application SDWelcome.exe, version 2.0.9.123, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 27/08/2012 4:35:42 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 17639141

Log: 'Application' Date/Time: 27/08/2012 4:35:42 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 17639141

Log: 'Application' Date/Time: 27/08/2012 4:35:42 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 27/08/2012 4:35:26 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 17622781

Log: 'Application' Date/Time: 27/08/2012 4:35:26 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 17622781

Log: 'Application' Date/Time: 27/08/2012 4:35:26 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 27/08/2012 12:30:09 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 11337438

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/08/2012 6:03:01 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user MARTYSLAPTOP\Marty registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
  • 0

#15
mwright1000

mwright1000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
18:23:16.0359 0676 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:23:16.0406 0676 ============================================================
18:23:16.0406 0676 Current date / time: 2012/08/29 18:23:16.0406
18:23:16.0406 0676 SystemInfo:
18:23:16.0406 0676
18:23:16.0406 0676 OS Version: 5.1.2600 ServicePack: 3.0
18:23:16.0406 0676 Product type: Workstation
18:23:16.0406 0676 ComputerName: MARTYSLAPTOP
18:23:16.0406 0676 UserName: Marty
18:23:16.0406 0676 Windows directory: C:\WINDOWS
18:23:16.0406 0676 System windows directory: C:\WINDOWS
18:23:16.0406 0676 Processor architecture: Intel x86
18:23:16.0406 0676 Number of processors: 2
18:23:16.0406 0676 Page size: 0x1000
18:23:16.0406 0676 Boot type: Normal boot
18:23:16.0406 0676 ============================================================
18:23:20.0859 0676 BG loaded
18:23:22.0546 0676 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:23:24.0796 0676 ============================================================
18:23:24.0796 0676 \Device\Harddisk0\DR0:
18:23:25.0812 0676 MBR partitions:
18:23:25.0812 0676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x190029BD
18:23:25.0859 0676 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1901A282, BlocksNum 0x3DA6979
18:23:25.0890 0676 ============================================================
18:23:27.0437 0676 C: <-> \Device\Harddisk0\DR0\Partition1
18:23:27.0781 0676 ============================================================
18:23:27.0781 0676 Initialize success
18:23:27.0781 0676 ============================================================
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP