Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sirefef Rtk AGAIN!

Started by 3mateo , Sep 07 2012 05:55 PM

  • Please log in to reply

#16
3mateo
Posted 10 September 2012 - 04:12 PM

3mateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Sorry about all the posts.
I found the PhysicalMBR.bin, changed ext, here it is.
-M

Attached Files


  • 0

Advertisements

#17
RKinner
Posted 10 September 2012 - 06:40 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
That's an old one. Probably the malware is messing it up. We had better get on with the fixing with gparted.
  • 0

#18
3mateo
Posted 11 September 2012 - 11:50 AM

3mateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I was not able to burn the ISO image on Mac, so I did it on my (Infected) computer.
It was easy, and all went just as described.

""Please take a picture of this screen (camera or phone pictures will work just fine), and post it here for me to see."" See attached JPEG for screen shot w/ Camera.

""IF you are lucky you should be able to reboot into regular mode.""
I was lucky, it booted into regular mode.

Now, as soon it started up in regular mode, "Security Sheild" popped up, looked like it did a scan, listed a bunch of threats, the a red warning popped up, asking to Remove threats, or continue unproteced.
I mentioned this before, and I never installed this, so I have always cliked out of it. It resembles Windows Security, but it's a green shield instead of the Red/Gr/Blu/Yellow sheild.

The only other thing, which has been happening since the virus starting acting up, is this promp:

"Welcome to the Found New Hardware Wizard." ...sofware for: "Unknown"
If you hardware came with an instillation Cd or floppy disk, instern now.
What do you want the wizard to do?
O Install automatically? (recomm)
O Install from list...? (adv)
Clik Next to continue..



In any case, what's my next step.

Thanks as always!
-M

Attached Thumbnails

  • DSCN02501.JPG

  • 0

#19
RKinner
Posted 11 September 2012 - 12:03 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
sda3 is the bad guy we want to kill off. He's not quite the 2 MB that Windows sees.

sda2 is probably the one you want to set it to boot from. 148.96

sda1 is probably the factory restore partition from Dell.

So go back to Post #9 and continue where it says:

According to your logs, the partition that you want to delete is 2M (1.76 MB)

If you have done take another picture of the gparted screen and then boot into Safe Mode with networking and run OTL, quickscan and post the log.
  • 0

#20
3mateo
Posted 11 September 2012 - 01:49 PM

3mateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I think I did that already (deleted the partition that was close to 2M, i.e., the rest of the steps in post 9); then I restarted sucessfully in normal mode (thats how i got lukcy as you put it)... so now, in order to take a picture of the gparted, do I need to boot again from the CD? Or can i access the gparted from elsewhere in order to take a picture of it?
  • 0

#21
RKinner
Posted 11 September 2012 - 02:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Do this one instead:


Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. Make sure that the column with the partition size is visible.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.


Can you get an OTL log from this thing?
  • 0

#22
3mateo
Posted 11 September 2012 - 02:42 PM

3mateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Yes, here's the olt quickscan log from just a few mins ago, and the screen shot is attached.
Thanks for such quick replies!!!
-M


############# OTL QUickscan Log ####################################################

OTL logfile created on: 9/11/2012 1:22:56 PM - Run 6
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Documents and Settings\Jim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 86.54% Memory free
3.85 Gb Paging File | 3.78 Gb Available in Paging File | 98.16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 106.40 Gb Free Space | 71.43% Space Free | Partition Type: NTFS
Drive D: | 127.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BOSS | User Name: Jim | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/07 15:27:19 | 000,599,552 | -H-- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
PRC - [2008/04/13 17:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userinit.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2012/09/10 13:30:53 | 000,254,888 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\msiserv.exe -- (W32Sch)
SRV - [2012/08/21 02:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/08/08 16:05:09 | 000,161,776 | -H-- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/06/25 23:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\GEORGE29377G\pev.3XE -- (PEVSystemStart)
SRV - [2004/08/17 20:00:00 | 000,073,748 | -H-- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\6to4ex.dll -- (6to4)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\GEORGE\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\GEORGE\catchme.sys -- (catchme)
DRV - [2012/08/21 02:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 02:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 02:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 02:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 02:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/08/21 02:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 02:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2007/07/22 14:27:12 | 004,424,704 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/04/21 22:09:00 | 000,120,448 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{02C2FC17-3FA4-475F-9F6F-099E21DA079D}: "URL" = http://www.bing.com/...ferrer:source?}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1E02B687-EA27-4815-A25C-25B51B037734}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{1F397D90-488D-4800-BAEE-F0BCD701E15C}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7DKUS_en
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3201318
IE - HKCU\..\SearchScopes\{C62CFA05-44B5-4B60-917B-9289833B2AD5}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{F1359F9E-D2BE-4403-A7C6-D7B2998237C7}: "URL" = http://search.yahoo....0834,6901,0,8,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll File not found


[2008/10/09 16:42:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Extensions
[2008/10/09 16:42:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2012/09/10 11:38:05 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [syshost32] C:\WINDOWS\Installer\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D}\syshost.exe (Macally)
O4 - HKLM..\Run: [YwqLFybcKWoAhAh.exe] C:\Documents and Settings\All Users\Application Data\YwqLFybcKWoAhAh.exe File not found
O4 - HKCU..\RunOnce: [ynsslpl] C:\Documents and Settings\Jim\Local Settings\Application Data\ynsslpl.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.fcd.maric...mgaxctrl6.5.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1346283026031 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1346283014625 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphot.../HPSWUpdate.ocx (CUpdateCtl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70FC676B-AE41-4E18-B39D-20CB5E48B32C}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/10 15:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\roaming
[2012/09/10 15:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
[2012/09/10 15:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/09/09 20:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/09/09 20:32:57 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/09/09 20:32:57 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/09/09 20:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/09/09 20:32:53 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/09/09 20:32:53 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/09/09 20:32:52 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/09/09 20:32:51 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/09/09 20:32:51 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/09/09 20:32:51 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/09/09 20:32:17 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/09/09 20:32:16 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/09/09 16:49:16 | 000,000,000 | --SD | C] -- C:\GEORGE29377G
[2012/09/09 13:57:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/09/09 11:31:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/09 11:04:46 | 001,629,088 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Jim\Desktop\jimmy.exe
[2012/09/09 11:02:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/09/09 11:02:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/09/09 11:02:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/09/09 11:02:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/09/09 11:01:36 | 000,000,000 | --SD | C] -- C:\GEORGE2
[2012/09/09 10:59:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/09 10:57:43 | 004,747,716 | R--- | C] (Swearware) -- C:\Documents and Settings\Jim\Desktop\GEORGE2.exe
[2012/09/09 01:26:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jim\Recent
[2012/09/08 14:03:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support
[2012/09/08 14:00:53 | 000,138,120 | -H-- | C] (ESET) -- C:\Documents and Settings\Jim\Desktop\ESETSirefefRemover.exe
[2012/09/08 13:41:41 | 001,629,088 | -H-- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Jim\Desktop\rkill.exe
[2012/09/08 10:44:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jim\Desktop\JUST TOO OLD
[2012/09/07 15:48:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2012/09/07 15:47:04 | 000,000,000 | -H-D | C] -- C:\_OTL
[2012/09/07 15:27:18 | 000,599,552 | -H-- | C] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
[2012/09/07 11:16:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jim\Desktop\Pics n Music 2012
[2012/09/06 21:53:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/09/06 21:53:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/09/06 20:51:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/09/06 20:51:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/09/06 19:00:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jim\Recent(2)
[2012/09/04 15:30:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jim\Application Data\ImgBurn
[2012/08/30 20:45:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jim\My Documents\Downloads
[2012/08/23 21:14:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jim\Application Data\Sibelius Software
[2012/08/19 23:51:32 | 000,000,000 | -H-D | C] -- C:\Program Files\WiseConvert

========== Files - Modified Within 30 Days ==========

[2012/09/11 13:22:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/11 13:16:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/11 12:43:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/11 12:42:39 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/09/11 12:42:23 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/11 09:59:33 | 000,821,248 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\FreeISOBurner.exe
[2012/09/10 13:30:53 | 000,254,888 | ---- | M] () -- C:\WINDOWS\msiserv.exe
[2012/09/10 13:26:50 | 000,312,320 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\ynsslpl.exe
[2012/09/10 11:38:05 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/09/09 21:48:53 | 000,088,576 | -H-- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/09 20:43:33 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/09 20:34:52 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/09/09 20:32:57 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Juppiez.exe.lnk
[2012/09/09 19:52:22 | 000,070,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\6b01ed5ec562c3a4.sys
[2012/09/09 11:04:53 | 001,629,088 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Jim\Desktop\jimmy.exe
[2012/09/09 10:57:52 | 004,747,716 | R--- | M] (Swearware) -- C:\Documents and Settings\Jim\Desktop\GEORGE2.exe
[2012/09/08 14:39:15 | 000,002,625 | -H-- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/08 14:35:13 | 000,083,541 | -H-- | M] () -- C:\Documents and Settings\Jim\Desktop\Disk Mg Wind SHOT.JPG
[2012/09/08 14:01:17 | 004,009,167 | -H-- | M] () -- C:\Documents and Settings\Jim\Desktop\ServicesRepair.exe
[2012/09/08 14:00:54 | 000,138,120 | -H-- | M] (ESET) -- C:\Documents and Settings\Jim\Desktop\ESETSirefefRemover.exe
[2012/09/08 14:00:43 | 002,033,481 | -H-- | M] () -- C:\Documents and Settings\Jim\Desktop\EZ_Sirefix.exe
[2012/09/08 13:23:18 | 001,629,088 | -H-- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Jim\Desktop\rkill.exe
[2012/09/07 15:27:19 | 000,599,552 | -H-- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
[2012/09/07 10:27:04 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/09/06 21:34:14 | 000,000,066 | -H-- | M] () -- C:\Documents and Settings\Jim\Application Data\mbam.context.scan
[2012/09/06 20:40:00 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/05 12:44:40 | 221,672,648 | -H-- | M] () -- C:\Documents and Settings\Jim\Desktop\1x15 - So Sorry, My Island Now.avi
[2012/09/04 01:05:54 | 367,155,100 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Alphas.S01E04.HDTV.XviD-FQM.[VTV].Rosetta.avi
[2012/09/04 00:18:22 | 366,223,206 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Alphas.S01E05.HDTV.XviD-LOL.[VTV].Never.Let.Me.Go.avi
[2012/09/01 15:44:00 | 304,582,752 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Copper.S01E02.HDTV.x264-2HD.mp4
[2012/08/28 15:47:45 | 000,000,692 | -H-- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/08/27 09:33:34 | 000,367,304 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/21 02:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/08/21 02:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/08/21 02:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/08/21 02:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/08/21 02:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/08/21 02:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/08/21 02:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/08/21 02:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/08/21 02:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/08/21 02:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

========== Files Created - No Company Name ==========

[2012/09/11 09:59:33 | 000,821,248 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\FreeISOBurner.exe
[2012/09/10 13:30:51 | 000,254,888 | ---- | C] () -- C:\WINDOWS\msiserv.exe
[2012/09/10 13:26:50 | 000,312,320 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\ynsslpl.exe
[2012/09/09 21:49:48 | 366,223,206 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Alphas.S01E05.HDTV.XviD-LOL.[VTV].Never.Let.Me.Go.avi
[2012/09/09 21:49:24 | 367,155,100 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Alphas.S01E04.HDTV.XviD-FQM.[VTV].Rosetta.avi
[2012/09/09 20:34:52 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/09/09 20:34:52 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/09 20:33:02 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/09 20:33:02 | 000,000,876 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/09 20:32:57 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Juppiez.exe.lnk
[2012/09/09 20:32:52 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/09/09 19:53:37 | 304,582,752 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Copper.S01E02.HDTV.x264-2HD.mp4
[2012/09/09 19:52:22 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\6b01ed5ec562c3a4.sys
[2012/09/09 13:36:16 | 000,000,690 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/09/09 13:36:15 | 000,000,609 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/09/09 13:36:14 | 000,001,505 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
[2012/09/09 13:36:13 | 000,002,489 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2012/09/09 13:36:12 | 000,001,978 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Publisher.lnk
[2012/09/09 13:36:11 | 000,002,487 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
[2012/09/09 13:36:10 | 000,001,830 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/09/09 13:36:09 | 000,001,804 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/09/09 11:02:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/09/09 11:02:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/09/09 11:02:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/09/09 11:02:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/09/09 11:02:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/08 14:33:48 | 000,083,541 | -H-- | C] () -- C:\Documents and Settings\Jim\Desktop\Disk Mg Wind SHOT.JPG
[2012/09/08 14:01:10 | 004,009,167 | -H-- | C] () -- C:\Documents and Settings\Jim\Desktop\ServicesRepair.exe
[2012/09/08 14:00:41 | 002,033,481 | -H-- | C] () -- C:\Documents and Settings\Jim\Desktop\EZ_Sirefix.exe
[2012/09/06 20:42:33 | 000,000,066 | -H-- | C] () -- C:\Documents and Settings\Jim\Application Data\mbam.context.scan
[2012/09/05 12:46:00 | 221,672,648 | -H-- | C] () -- C:\Documents and Settings\Jim\Desktop\1x15 - So Sorry, My Island Now.avi
[2012/08/07 23:01:45 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbaapl.sys
[2012/06/01 23:25:57 | 000,184,696 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/31 11:34:25 | 000,000,288 | -H-- | C] () -- C:\Documents and Settings\Jim\Application Data\.backup.dm
[2012/02/28 08:42:14 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/15 21:16:41 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/12 10:29:47 | 000,026,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2010/11/04 16:22:07 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Jim\Application Data\bibstats
[2010/10/14 14:50:36 | 000,001,940 | -H-- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2008/08/20 13:10:43 | 000,000,022 | -H-- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\kodakpcd.ini
[2008/07/21 13:18:42 | 000,088,576 | -H-- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/31 10:15:58 | 000,260,544 | -H-- | C] () -- C:\Documents and Settings\Jim\BD=1

========== LOP Check ==========

[2012/09/09 20:32:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/09 13:28:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/02/10 17:28:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/02/24 12:52:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ChessBase
[2012/05/31 11:45:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2009/12/04 10:15:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/10/27 16:07:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/01/31 10:28:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2012/08/27 09:08:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/02/04 16:55:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2011/07/12 10:29:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/06/22 19:00:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\AnvSoft
[2012/09/06 20:38:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\Azureus
[2012/02/10 17:28:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\Canon
[2008/10/06 16:34:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/27 16:07:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\DriverCure
[2012/08/06 11:26:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\ElevatedDiagnostics
[2009/01/14 13:19:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\Hoyle Casino
[2008/02/01 11:54:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\Hoyle FaceCreator
[2012/09/04 15:30:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\ImgBurn
[2009/09/25 11:11:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\Leadertech
[2011/03/22 15:10:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\MSNInstaller
[2012/08/09 18:18:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\OpenOffice.org
[2012/08/08 16:05:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\Oracle
[2011/04/05 12:41:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\Panasonic
[2012/09/08 10:13:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\Philipp Winterberg
[2012/09/10 15:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\roaming
[2012/09/06 20:39:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\shrink_pic
[2008/07/21 15:23:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\Skinux
[2010/01/29 11:29:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\Smith Micro
[2012/08/27 09:22:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\stickies
[2008/09/17 14:05:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\TomTom
[2012/07/30 11:59:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\Uniblue
[2012/06/22 18:48:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data\Video Converter
[2012/09/11 12:42:39 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

========== Purity Check ==========



< End of report >

Attached Thumbnails

  • Gparted Partitions ETC 9.11.12 140pm.JPG

  • 0

#23
RKinner
Posted 11 September 2012 - 03:25 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
OK it should be easy from here on:

Copy the text in the code box by highlighting and Ctrl + c


:OTL
SRV - [2004/08/17 20:00:00 | 000,073,748 | -H-- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\6to4ex.dll -- (6to4)
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3201318
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [syshost32] C:\WINDOWS\Installer\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D}\syshost.exe (Macally)
O4 - HKLM..\Run: [YwqLFybcKWoAhAh.exe] C:\Documents and Settings\All Users\Application Data\YwqLFybcKWoAhAh.exe File not found
O4 - HKCU..\RunOnce: [ynsslpl] C:\Documents and Settings\Jim\Local Settings\Application Data\ynsslpl.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

:files
C:\WINDOWS\Installer\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D}
C:\Documents and Settings\Jim\Local Settings\Application Data\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Documents and Settings\All Users\Application Data\*.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\*.exe 

:reg
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
""="%systemroot%\system32\wbem\wbemess.dll"
[-HKCU\Software\Classes\clsid\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D}]

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Double on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Double click aswMBR.exe
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Double click on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe and to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#24
3mateo
Posted 11 September 2012 - 07:08 PM

3mateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Overall seemed good. I followed the steps, OTL ran fine, log below; aswMRB ran fine, log below; then the first of three possible issues arroze:

ISSUE 1. After the aswMRB was completd, comp froze on a blue warning screen said Windows has to be shut down; contact admin or store for BIOs update, If this is the first time you've seen this screen,... yadayada, and I couldn't find anything else that worked, so I eventually shut it down.

FYI: on ISSUE 1: I think I might have booted in normal mode after automatic OTL reboot. When I restarted manually, as I had to after blue screen, I went back into Safe w/ Netwk. The blue pages provided some tech info, which I wrote down; mostly in groups of 8 digits and letters: 0xooooo8E,... then more groups of 8 digits and letters, then four more groups of characters in parathesis.
And just under that: "win32k.sys-address" and more 8 character digit/letter groups; I can type it in for you if needed.


ISSUE 2: ComboFix seemed quick, but i waited for a while just to be sure, no blinking lights on comp or screen, and STILL no combofix Log anywhere. I did a search for combofix, and it ran for 10 or 15mins; the search seemed to be on a loop or something cuz it just keept finding more combofix.exe files (and a couple others), but no log, and there was no combofix file under C (and i have it set to view hidden and program? files).


TDSS ran fine, there are 2 logs below.

MBAM ran fine, log below.

ISSUE 3: I wasn't sure what the "Wondows Logs" refered to exactly:
""Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.""

On the screen i took a pic of (see attachment), I right cliked on System, then on the drop down, on "clear all events". It beeped and asked to save "system" bedore clearing it? I cliked no, but it didn't seem like anything was cleared or deleted (e.g., the size didnt change, same result on second attempt, and the same thing happened with Application.) Is that all that happens? OR am i in wrong place? wrong function?? Not sure what to do; so I'll await further instruction.

Thanks!
-M






############ OTL LOG ###############

Error: Unable to interpret < > in the current context!
========== OTL ==========
Service 6to4 stopped successfully!
Service 6to4 deleted successfully!
C:\WINDOWS\system32\6to4ex.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\syshost32 deleted successfully.
File move failed. C:\WINDOWS\Installer\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D}\syshost.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\YwqLFybcKWoAhAh.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ynsslpl deleted successfully.
C:\Documents and Settings\Jim\Local Settings\Application Data\ynsslpl.exe moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {A8F2B9BD-A6A0-486A-9744-18920D898429}
C:\WINDOWS\Downloaded Program Files\SETUP.INF moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== FILES ==========
Folder move failed. C:\WINDOWS\Installer\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D} scheduled to be moved on reboot.
File\Folder C:\Documents and Settings\Jim\Local Settings\Application Data\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D} not found.
File\Folder C:\Windows\assembly\GAC_32\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_64\Desktop.ini not found.
File\Folder C:\Documents and Settings\All Users\Application Data\*.exe not found.
File\Folder C:\Documents and Settings\Jim\Local Settings\Application Data\*.exe not found.
========== REGISTRY ==========
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\""|"%systemroot%\system32\wbem\wbemess.dll" /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Classes\clsid\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D}\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: Administrator.BOSS
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Jim
->Flash cache emptied: 506 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 40252 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: Administrator.BOSS

User: All Users

User: Default User

User: Jim
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.61.1 log created on 09112012_152453

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\Installer\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D}\syshost.exe scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\Installer\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D} scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




########### I COULD NOT FIND ComboFIX LOG!!! ################


############# ansMRB LOG #########################

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-11 15:31:55
-----------------------------
15:31:55.078 OS Version: Windows 5.1.2600 Service Pack 3
15:31:55.078 Number of processors: 2 586 0xF0D
15:31:55.078 ComputerName: BOSS UserName: Jim
15:31:55.781 Initialze error C0000001 - driver not loaded
15:31:57.031 AVAST engine defs: 12082100
15:32:26.109 Service scanning
15:32:26.421 Service 6b01ed5ec562c3a4 C:\WINDOWS\System32\Drivers\6b01ed5ec562c3a4.sys **HIDDEN**
15:32:45.875 Modules scanning
15:32:46.156 AVAST engine scan C:\WINDOWS
15:32:52.953 AVAST engine scan C:\WINDOWS\system32
15:34:27.562 File: C:\WINDOWS\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:34:42.187 AVAST engine scan C:\WINDOWS\system32\drivers
15:34:50.250 AVAST engine scan C:\Documents and Settings\Jim
15:38:33.656 AVAST engine scan C:\Documents and Settings\All Users
15:38:56.406 Scan finished successfully
15:40:48.359 The log file has been saved successfully to "C:\Documents and Settings\Jim\Desktop\aswMBR.txt"



############ TDSsKIller 1st LOG ######################

16:04:40.0500 1840 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:04:41.0125 1840 ============================================================
16:04:41.0125 1840 Current date / time: 2012/09/11 16:04:41.0125
16:04:41.0125 1840 SystemInfo:
16:04:41.0125 1840
16:04:41.0125 1840 OS Version: 5.1.2600 ServicePack: 3.0
16:04:41.0125 1840 Product type: Workstation
16:04:41.0125 1840 ComputerName: BOSS
16:04:41.0125 1840 UserName: Jim
16:04:41.0125 1840 Windows directory: C:\WINDOWS
16:04:41.0125 1840 System windows directory: C:\WINDOWS
16:04:41.0125 1840 Processor architecture: Intel x86
16:04:41.0125 1840 Number of processors: 2
16:04:41.0125 1840 Page size: 0x1000
16:04:41.0125 1840 Boot type: Safe boot with network
16:04:41.0125 1840 ============================================================
16:04:42.0875 1840 BG loaded
16:04:43.0218 1840 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:04:43.0218 1840 ============================================================
16:04:43.0218 1840 \Device\Harddisk0\DR0:
16:04:43.0218 1840 MBR partitions:
16:04:43.0218 1840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x129E99B5
16:04:43.0218 1840 ============================================================
16:04:43.0281 1840 C: <-> \Device\Harddisk0\DR0\Partition1
16:04:43.0359 1840 ============================================================
16:04:43.0359 1840 Initialize success
16:04:43.0359 1840 ============================================================
16:04:59.0859 1932 ============================================================
16:04:59.0859 1932 Scan started
16:04:59.0859 1932 Mode: Manual; SigCheck; TDLFS;
16:04:59.0859 1932 ============================================================
16:05:00.0484 1932 ================ Scan system memory ========================
16:05:00.0484 1932 System memory - ok
16:05:00.0484 1932 ================ Scan services =============================
16:05:00.0640 1932 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
16:05:01.0187 1932 Aavmker4 - ok
16:05:01.0203 1932 Abiosdsk - ok
16:05:01.0250 1932 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:05:02.0687 1932 abp480n5 - ok
16:05:02.0781 1932 ACDaemon - ok
16:05:02.0828 1932 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:05:02.0984 1932 ACPI - ok
16:05:03.0000 1932 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:05:03.0093 1932 ACPIEC - ok
16:05:03.0140 1932 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:05:03.0218 1932 adpu160m - ok
16:05:03.0281 1932 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:05:03.0375 1932 aec - ok
16:05:03.0453 1932 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
16:05:03.0468 1932 Afc ( UnsignedFile.Multi.Generic ) - warning
16:05:03.0468 1932 Afc - detected UnsignedFile.Multi.Generic (1)
16:05:03.0515 1932 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:05:03.0562 1932 AFD - ok
16:05:03.0609 1932 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
16:05:03.0703 1932 agp440 - ok
16:05:03.0734 1932 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:05:03.0812 1932 agpCPQ - ok
16:05:03.0859 1932 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:05:03.0890 1932 Aha154x - ok
16:05:03.0921 1932 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:05:04.0015 1932 aic78u2 - ok
16:05:04.0046 1932 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:05:04.0125 1932 aic78xx - ok
16:05:04.0156 1932 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:05:04.0250 1932 Alerter - ok
16:05:04.0281 1932 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:05:04.0328 1932 ALG - ok
16:05:04.0390 1932 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
16:05:04.0468 1932 AliIde - ok
16:05:04.0515 1932 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:05:04.0609 1932 alim1541 - ok
16:05:04.0640 1932 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:05:04.0734 1932 amdagp - ok
16:05:04.0750 1932 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
16:05:04.0781 1932 amsint - ok
16:05:04.0890 1932 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:05:04.0890 1932 Apple Mobile Device - ok
16:05:04.0906 1932 AppMgmt - ok
16:05:04.0937 1932 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
16:05:05.0031 1932 asc - ok
16:05:05.0062 1932 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:05:05.0109 1932 asc3350p - ok
16:05:05.0125 1932 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:05:05.0218 1932 asc3550 - ok
16:05:05.0375 1932 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:05:05.0453 1932 aspnet_state - ok
16:05:05.0484 1932 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
16:05:05.0500 1932 aswFsBlk - ok
16:05:05.0562 1932 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
16:05:05.0578 1932 aswMon2 - ok
16:05:05.0593 1932 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
16:05:05.0609 1932 AswRdr - ok
16:05:05.0656 1932 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
16:05:05.0718 1932 aswSnx - ok
16:05:05.0765 1932 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
16:05:05.0781 1932 aswSP - ok
16:05:05.0812 1932 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
16:05:05.0812 1932 aswTdi - ok
16:05:05.0859 1932 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:05:05.0937 1932 AsyncMac - ok
16:05:05.0968 1932 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:05:06.0046 1932 atapi - ok
16:05:06.0062 1932 Atdisk - ok
16:05:06.0109 1932 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:05:06.0187 1932 Atmarpc - ok
16:05:06.0234 1932 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:05:06.0328 1932 AudioSrv - ok
16:05:06.0375 1932 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:05:06.0468 1932 audstub - ok
16:05:06.0546 1932 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:05:06.0562 1932 avast! Antivirus - ok
16:05:06.0609 1932 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:05:06.0687 1932 Beep - ok
16:05:06.0734 1932 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:05:06.0937 1932 BITS - ok
16:05:07.0031 1932 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:05:07.0046 1932 Bonjour Service - ok
16:05:07.0093 1932 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
16:05:07.0187 1932 Browser - ok
16:05:07.0218 1932 catchme - ok
16:05:07.0265 1932 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:05:07.0359 1932 cbidf - ok
16:05:07.0375 1932 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:05:07.0453 1932 cbidf2k - ok
16:05:07.0484 1932 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:05:07.0562 1932 CCDECODE - ok
16:05:07.0609 1932 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:05:07.0640 1932 cd20xrnt - ok
16:05:07.0671 1932 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:05:07.0765 1932 Cdaudio - ok
16:05:07.0812 1932 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:05:07.0890 1932 Cdfs - ok
16:05:07.0921 1932 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:05:08.0000 1932 Cdrom - ok
16:05:08.0015 1932 CFcatchme - ok
16:05:08.0046 1932 Changer - ok
16:05:08.0093 1932 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:05:08.0187 1932 CiSvc - ok
16:05:08.0203 1932 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:05:08.0296 1932 ClipSrv - ok
16:05:08.0343 1932 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:05:08.0453 1932 clr_optimization_v2.0.50727_32 - ok
16:05:08.0484 1932 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:05:08.0562 1932 CmdIde - ok
16:05:08.0578 1932 COMSysApp - ok
16:05:08.0640 1932 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:05:08.0718 1932 Cpqarray - ok
16:05:08.0765 1932 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:05:08.0843 1932 CryptSvc - ok
16:05:08.0875 1932 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:05:08.0953 1932 dac2w2k - ok
16:05:08.0984 1932 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:05:09.0078 1932 dac960nt - ok
16:05:09.0140 1932 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:05:09.0187 1932 DcomLaunch - ok
16:05:09.0234 1932 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:05:09.0328 1932 Dhcp - ok
16:05:09.0375 1932 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:05:09.0453 1932 Disk - ok
16:05:09.0453 1932 dmadmin - ok
16:05:09.0515 1932 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:05:09.0609 1932 dmboot - ok
16:05:09.0640 1932 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:05:09.0750 1932 dmio - ok
16:05:09.0781 1932 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:05:09.0859 1932 dmload - ok
16:05:09.0890 1932 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:05:09.0968 1932 dmserver - ok
16:05:10.0000 1932 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:05:10.0078 1932 DMusic - ok
16:05:10.0109 1932 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:05:10.0218 1932 Dnscache - ok
16:05:10.0265 1932 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:05:10.0359 1932 Dot3svc - ok
16:05:10.0375 1932 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:05:10.0468 1932 dpti2o - ok
16:05:10.0515 1932 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:05:10.0625 1932 drmkaud - ok
16:05:10.0640 1932 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:05:10.0734 1932 E100B - ok
16:05:10.0781 1932 [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
16:05:10.0796 1932 e1express - ok
16:05:10.0843 1932 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:05:10.0937 1932 EapHost - ok
16:05:10.0968 1932 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:05:11.0062 1932 ERSvc - ok
16:05:11.0109 1932 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:05:11.0125 1932 Eventlog - ok
16:05:11.0187 1932 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
16:05:11.0218 1932 EventSystem - ok
16:05:11.0250 1932 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:05:11.0343 1932 Fastfat - ok
16:05:11.0390 1932 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:05:11.0453 1932 FastUserSwitchingCompatibility - ok
16:05:11.0500 1932 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
16:05:11.0593 1932 Fax - ok
16:05:11.0625 1932 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:05:11.0718 1932 Fdc - ok
16:05:11.0765 1932 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:05:11.0859 1932 Fips - ok
16:05:11.0890 1932 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:05:11.0968 1932 Flpydisk - ok
16:05:12.0015 1932 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:05:12.0109 1932 FltMgr - ok
16:05:12.0187 1932 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:05:12.0203 1932 FontCache3.0.0.0 - ok
16:05:12.0218 1932 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:05:12.0328 1932 Fs_Rec - ok
16:05:12.0359 1932 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:05:12.0453 1932 Ftdisk - ok
16:05:12.0515 1932 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:05:12.0531 1932 GEARAspiWDM - ok
16:05:12.0562 1932 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:05:12.0640 1932 Gpc - ok
16:05:12.0734 1932 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:05:12.0734 1932 gupdate - ok
16:05:12.0750 1932 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:05:12.0765 1932 gupdatem - ok
16:05:12.0812 1932 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:05:12.0828 1932 gusvc - ok
16:05:12.0859 1932 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:05:12.0953 1932 HDAudBus - ok
16:05:13.0015 1932 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:05:13.0093 1932 helpsvc - ok
16:05:13.0125 1932 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:05:13.0203 1932 HidServ - ok
16:05:13.0250 1932 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:05:13.0343 1932 HidUsb - ok
16:05:13.0406 1932 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:05:13.0500 1932 hkmsvc - ok
16:05:13.0531 1932 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
16:05:13.0609 1932 hpn - ok
16:05:13.0640 1932 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:05:13.0718 1932 HPZid412 - ok
16:05:13.0765 1932 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:05:13.0781 1932 HPZipr12 - ok
16:05:13.0828 1932 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:05:13.0859 1932 HPZius12 - ok
16:05:13.0906 1932 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:05:13.0953 1932 HTTP - ok
16:05:13.0984 1932 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:05:14.0093 1932 HTTPFilter - ok
16:05:14.0125 1932 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
16:05:14.0203 1932 i2omgmt - ok
16:05:14.0234 1932 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:05:14.0312 1932 i2omp - ok
16:05:14.0343 1932 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:05:14.0421 1932 i8042prt - ok
16:05:14.0453 1932 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
16:05:14.0468 1932 iaStor - ok
16:05:14.0562 1932 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:05:14.0578 1932 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:05:14.0578 1932 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:05:14.0656 1932 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:05:14.0687 1932 idsvc - ok
16:05:14.0750 1932 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:05:14.0843 1932 Imapi - ok
16:05:14.0890 1932 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:05:14.0984 1932 ImapiService - ok
16:05:15.0031 1932 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:05:15.0109 1932 ini910u - ok
16:05:15.0250 1932 [ 39A817320087EF1C851D7A8F1701B3E0 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:05:15.0484 1932 IntcAzAudAddService - ok
16:05:15.0515 1932 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:05:15.0593 1932 IntelIde - ok
16:05:15.0640 1932 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:05:15.0718 1932 intelppm - ok
16:05:15.0750 1932 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:05:15.0828 1932 Ip6Fw - ok
16:05:15.0859 1932 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:05:15.0921 1932 IpInIp - ok
16:05:15.0953 1932 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:05:16.0046 1932 IpNat - ok
16:05:16.0109 1932 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:05:16.0140 1932 iPod Service - ok
16:05:16.0187 1932 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:05:16.0281 1932 IPSec - ok
16:05:16.0296 1932 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:05:16.0343 1932 IRENUM - ok
16:05:16.0375 1932 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:05:16.0484 1932 isapnp - ok
16:05:16.0625 1932 [ BC0FEADA7A5A69787C70B03EBC51B582 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
16:05:16.0640 1932 JavaQuickStarterService - ok
16:05:16.0671 1932 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:05:16.0765 1932 Kbdclass - ok
16:05:16.0796 1932 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:05:16.0875 1932 kbdhid - ok
16:05:16.0906 1932 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:05:17.0000 1932 kmixer - ok
16:05:17.0015 1932 KodakCCS - ok
16:05:17.0062 1932 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:05:17.0140 1932 KSecDD - ok
16:05:17.0187 1932 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:05:17.0234 1932 lanmanserver - ok
16:05:17.0281 1932 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:05:17.0343 1932 lanmanworkstation - ok
16:05:17.0359 1932 lbrtfdc - ok
16:05:17.0421 1932 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:05:17.0515 1932 LmHosts - ok
16:05:17.0562 1932 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:05:17.0656 1932 Messenger - ok
16:05:17.0703 1932 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:05:17.0765 1932 mnmdd - ok
16:05:17.0812 1932 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:05:17.0921 1932 mnmsrvc - ok
16:05:17.0953 1932 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:05:18.0046 1932 Modem - ok
16:05:18.0078 1932 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:05:18.0156 1932 Mouclass - ok
16:05:18.0203 1932 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:05:18.0312 1932 mouhid - ok
16:05:18.0328 1932 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:05:18.0437 1932 MountMgr - ok
16:05:18.0468 1932 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:05:18.0546 1932 mraid35x - ok
16:05:18.0578 1932 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:05:18.0656 1932 MRxDAV - ok
16:05:18.0718 1932 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:05:18.0750 1932 MRxSmb - ok
16:05:18.0781 1932 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:05:18.0875 1932 MSDTC - ok
16:05:18.0906 1932 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:05:19.0000 1932 Msfs - ok
16:05:19.0031 1932 MSIServer - ok
16:05:19.0062 1932 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:05:19.0140 1932 MSKSSRV - ok
16:05:19.0187 1932 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:05:19.0265 1932 MSPCLOCK - ok
16:05:19.0296 1932 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:05:19.0375 1932 MSPQM - ok
16:05:19.0421 1932 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:05:19.0500 1932 mssmbios - ok
16:05:19.0546 1932 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
16:05:19.0625 1932 MSTEE - ok
16:05:19.0656 1932 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:05:19.0703 1932 Mup - ok
16:05:19.0734 1932 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:05:19.0828 1932 NABTSFEC - ok
16:05:19.0875 1932 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:05:19.0953 1932 napagent - ok
16:05:20.0000 1932 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:05:20.0093 1932 NDIS - ok
16:05:20.0140 1932 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:05:20.0234 1932 NdisIP - ok
16:05:20.0281 1932 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:05:20.0312 1932 NdisTapi - ok
16:05:20.0343 1932 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:05:20.0437 1932 Ndisuio - ok
16:05:20.0453 1932 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:05:20.0562 1932 NdisWan - ok
16:05:20.0593 1932 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:05:20.0656 1932 NDProxy - ok
16:05:20.0687 1932 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
16:05:20.0703 1932 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:05:20.0703 1932 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:05:20.0750 1932 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:05:20.0843 1932 NetBIOS - ok
16:05:20.0875 1932 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:05:20.0968 1932 NetBT - ok
16:05:21.0031 1932 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:05:21.0125 1932 NetDDE - ok
16:05:21.0125 1932 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:05:21.0203 1932 NetDDEdsdm - ok
16:05:21.0250 1932 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:05:21.0343 1932 Netlogon - ok
16:05:21.0390 1932 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:05:21.0484 1932 Netman - ok
16:05:21.0531 1932 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:05:21.0546 1932 NetTcpPortSharing - ok
16:05:21.0593 1932 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:05:21.0609 1932 Nla - ok
16:05:21.0656 1932 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:05:21.0750 1932 Npfs - ok
16:05:21.0812 1932 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:05:21.0906 1932 Ntfs - ok
16:05:21.0937 1932 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:05:22.0015 1932 NtLmSsp - ok
16:05:22.0078 1932 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:05:22.0171 1932 NtmsSvc - ok
16:05:22.0203 1932 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:05:22.0281 1932 Null - ok
16:05:22.0453 1932 [ B702BE0AA72EA2E1D644BAEF9123A4CE ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:05:22.0781 1932 nv - ok
16:05:22.0828 1932 [ E2FCBF957405AC17668C7DACCE537F1E ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
16:05:22.0859 1932 NVSvc - ok
16:05:22.0921 1932 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:05:23.0000 1932 NwlnkFlt - ok
16:05:23.0015 1932 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:05:23.0125 1932 NwlnkFwd - ok
16:05:23.0156 1932 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:05:23.0250 1932 Parport - ok
16:05:23.0281 1932 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:05:23.0375 1932 PartMgr - ok
16:05:23.0390 1932 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:05:23.0484 1932 ParVdm - ok
16:05:23.0515 1932 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:05:23.0625 1932 PCI - ok
16:05:23.0640 1932 PCIDump - ok
16:05:23.0656 1932 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:05:23.0734 1932 PCIIde - ok
16:05:23.0796 1932 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:05:23.0875 1932 Pcmcia - ok
16:05:23.0890 1932 PDCOMP - ok
16:05:23.0906 1932 PDFRAME - ok
16:05:23.0937 1932 PDRELI - ok
16:05:23.0953 1932 PDRFRAME - ok
16:05:23.0968 1932 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
16:05:24.0078 1932 perc2 - ok
16:05:24.0093 1932 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:05:24.0203 1932 perc2hib - ok
16:05:24.0375 1932 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\GEORGE29377G\pev.3XE
16:05:24.0390 1932 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning
16:05:24.0390 1932 PEVSystemStart - detected UnsignedFile.Multi.Generic (1)
16:05:24.0421 1932 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:05:24.0453 1932 PlugPlay - ok
16:05:24.0500 1932 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
16:05:24.0515 1932 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:05:24.0515 1932 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:05:24.0531 1932 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:05:24.0609 1932 PolicyAgent - ok
16:05:24.0656 1932 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:05:24.0750 1932 PptpMiniport - ok
16:05:24.0796 1932 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:05:24.0875 1932 ProtectedStorage - ok
16:05:24.0890 1932 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:05:24.0968 1932 PSched - ok
16:05:24.0984 1932 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:05:25.0078 1932 Ptilink - ok
16:05:25.0125 1932 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:05:25.0203 1932 ql1080 - ok
16:05:25.0234 1932 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:05:25.0296 1932 Ql10wnt - ok
16:05:25.0328 1932 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:05:25.0406 1932 ql12160 - ok
16:05:25.0421 1932 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:05:25.0515 1932 ql1240 - ok
16:05:25.0546 1932 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:05:25.0625 1932 ql1280 - ok
16:05:25.0687 1932 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:05:25.0765 1932 RasAcd - ok
16:05:25.0796 1932 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:05:25.0890 1932 RasAuto - ok
16:05:25.0921 1932 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:05:26.0000 1932 Rasl2tp - ok
16:05:26.0046 1932 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:05:26.0140 1932 RasMan - ok
16:05:26.0171 1932 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:05:26.0281 1932 RasPppoe - ok
16:05:26.0312 1932 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:05:26.0390 1932 Raspti - ok
16:05:26.0437 1932 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:05:26.0531 1932 Rdbss - ok
16:05:26.0562 1932 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:05:26.0640 1932 RDPCDD - ok
16:05:26.0687 1932 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:05:26.0765 1932 rdpdr - ok
16:05:26.0796 1932 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:05:26.0859 1932 RDPWD - ok
16:05:26.0890 1932 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:05:26.0984 1932 RDSessMgr - ok
16:05:27.0000 1932 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:05:27.0093 1932 redbook - ok
16:05:27.0156 1932 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:05:27.0234 1932 RemoteAccess - ok
16:05:27.0265 1932 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:05:27.0328 1932 RpcLocator - ok
16:05:27.0359 1932 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
16:05:27.0375 1932 RpcSs - ok
16:05:27.0406 1932 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:05:27.0484 1932 RSVP - ok
16:05:27.0531 1932 [ 2C70C23787F8B500ECCC5C1280B72E7C ] RT2500 C:\WINDOWS\system32\DRIVERS\RT2500.sys
16:05:27.0578 1932 RT2500 - ok
16:05:27.0609 1932 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:05:27.0687 1932 SamSs - ok
16:05:27.0750 1932 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:05:27.0843 1932 SCardSvr - ok
16:05:27.0906 1932 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:05:28.0000 1932 Schedule - ok
16:05:28.0062 1932 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:05:28.0109 1932 Secdrv - ok
16:05:28.0156 1932 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:05:28.0250 1932 seclogon - ok
16:05:28.0265 1932 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:05:28.0375 1932 SENS - ok
16:05:28.0421 1932 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:05:28.0515 1932 serenum - ok
16:05:28.0562 1932 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:05:28.0656 1932 Serial - ok
16:05:28.0718 1932 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:05:28.0796 1932 Sfloppy - ok
16:05:28.0843 1932 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:05:28.0859 1932 ShellHWDetection - ok
16:05:28.0875 1932 Simbad - ok
16:05:28.0921 1932 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:05:29.0000 1932 sisagp - ok
16:05:29.0046 1932 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:05:29.0140 1932 SLIP - ok
16:05:29.0187 1932 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:05:29.0234 1932 Sparrow - ok
16:05:29.0265 1932 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:05:29.0359 1932 splitter - ok
16:05:29.0390 1932 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:05:29.0453 1932 Spooler - ok
16:05:29.0484 1932 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:05:29.0531 1932 sr - ok
16:05:29.0578 1932 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:05:29.0625 1932 srservice - ok
16:05:29.0687 1932 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:05:29.0718 1932 Srv - ok
16:05:29.0765 1932 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:05:29.0859 1932 SSDPSRV - ok
16:05:29.0890 1932 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:05:30.0000 1932 stisvc - ok
16:05:30.0015 1932 stllssvr - ok
16:05:30.0046 1932 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:05:30.0125 1932 streamip - ok
16:05:30.0156 1932 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:05:30.0250 1932 swenum - ok
16:05:30.0296 1932 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:05:30.0406 1932 swmidi - ok
16:05:30.0406 1932 SwPrv - ok
16:05:30.0453 1932 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
16:05:30.0531 1932 symc810 - ok
16:05:30.0546 1932 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:05:30.0640 1932 symc8xx - ok
16:05:30.0671 1932 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:05:30.0750 1932 sym_hi - ok
16:05:30.0781 1932 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:05:30.0859 1932 sym_u3 - ok
16:05:30.0890 1932 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:05:30.0968 1932 sysaudio - ok
16:05:31.0000 1932 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:05:31.0109 1932 SysmonLog - ok
16:05:31.0140 1932 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:05:31.0250 1932 TapiSrv - ok
16:05:31.0281 1932 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:05:31.0312 1932 Tcpip - ok
16:05:31.0359 1932 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:05:31.0453 1932 TDPIPE - ok
16:05:31.0500 1932 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:05:31.0593 1932 TDTCP - ok
16:05:31.0640 1932 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:05:31.0718 1932 TermDD - ok
16:05:31.0765 1932 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:05:31.0875 1932 TermService - ok
16:05:31.0906 1932 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:05:31.0921 1932 Themes - ok
16:05:31.0968 1932 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
16:05:32.0046 1932 TosIde - ok
16:05:32.0093 1932 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:05:32.0171 1932 TrkWks - ok
16:05:32.0203 1932 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:05:32.0296 1932 Udfs - ok
16:05:32.0312 1932 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
16:05:32.0359 1932 ultra - ok
16:05:32.0406 1932 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:05:32.0500 1932 Update - ok
16:05:32.0546 1932 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:05:32.0609 1932 upnphost - ok
16:05:32.0625 1932 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:05:32.0718 1932 UPS - ok
16:05:32.0812 1932 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
16:05:32.0906 1932 USBAAPL - ok
16:05:32.0953 1932 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
16:05:33.0046 1932 usbaudio - ok
16:05:33.0078 1932 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:05:33.0171 1932 usbccgp - ok
16:05:33.0203 1932 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:05:33.0296 1932 usbehci - ok
16:05:33.0343 1932 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:05:33.0437 1932 usbhub - ok
16:05:33.0484 1932 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:05:33.0562 1932 usbprint - ok
16:05:33.0609 1932 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:05:33.0687 1932 usbscan - ok
16:05:33.0718 1932 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:05:33.0796 1932 USBSTOR - ok
16:05:33.0843 1932 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:05:33.0937 1932 usbuhci - ok
16:05:33.0984 1932 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
16:05:34.0078 1932 usbvideo - ok
16:05:34.0109 1932 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:05:34.0203 1932 VgaSave - ok
16:05:34.0234 1932 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:05:34.0328 1932 viaagp - ok
16:05:34.0343 1932 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
16:05:34.0437 1932 ViaIde - ok
16:05:34.0468 1932 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:05:34.0562 1932 VolSnap - ok
16:05:34.0609 1932 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:05:34.0640 1932 VSS - ok
16:05:34.0734 1932 [ B678EF2CA7310F221A58883AD95FE03C ] W32Sch C:\WINDOWS\msiserv.exe
16:05:39.0125 1932 W32Sch ( UnsignedFile.Multi.Generic ) - warning
16:05:39.0125 1932 W32Sch - detected UnsignedFile.Multi.Generic (1)
16:05:39.0218 1932 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
16:05:39.0328 1932 w32time - ok
16:05:39.0375 1932 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:05:39.0468 1932 Wanarp - ok
16:05:39.0484 1932 WDICA - ok
16:05:39.0515 1932 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:05:39.0625 1932 wdmaud - ok
16:05:39.0671 1932 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:05:39.0750 1932 WebClient - ok
16:05:39.0859 1932 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:05:39.0953 1932 winmgmt - ok
16:05:40.0046 1932 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:05:40.0093 1932 WmdmPmSN - ok
16:05:40.0171 1932 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:05:40.0250 1932 WmiApSrv - ok
16:05:40.0359 1932 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:05:40.0406 1932 WMPNetworkSvc - ok
16:05:40.0468 1932 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:05:40.0484 1932 WpdUsb - ok
16:05:40.0500 1932 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:05:40.0609 1932 WS2IFSL - ok
16:05:40.0640 1932 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:05:40.0718 1932 wscsvc - ok
16:05:40.0750 1932 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:05:40.0843 1932 WSTCODEC - ok
16:05:40.0890 1932 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:05:41.0031 1932 wuauserv - ok
16:05:41.0093 1932 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:05:41.0125 1932 WudfPf - ok
16:05:41.0140 1932 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:05:41.0171 1932 WudfRd - ok
16:05:41.0203 1932 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:05:41.0234 1932 WudfSvc - ok
16:05:41.0281 1932 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:05:41.0390 1932 WZCSVC - ok
16:05:41.0437 1932 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:05:41.0515 1932 xmlprov - ok
16:05:41.0546 1932 ================ Scan global ===============================
16:05:41.0578 1932 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:05:41.0625 1932 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:05:41.0640 1932 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:05:41.0640 1932 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:05:41.0656 1932 [Global] - ok
16:05:41.0656 1932 ================ Scan MBR ==================================
16:05:41.0687 1932 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:05:41.0937 1932 \Device\Harddisk0\DR0 - ok
16:05:41.0937 1932 ================ Scan VBR ==================================
16:05:41.0937 1932 [ 05AD7947D8A348DDB2E2E4DA3606F50C ] \Device\Harddisk0\DR0\Partition1
16:05:41.0937 1932 \Device\Harddisk0\DR0\Partition1 - ok
16:05:41.0953 1932 ============================================================
16:05:41.0953 1932 Scan finished
16:05:41.0953 1932 ============================================================
16:05:42.0093 1924 Detected object count: 6
16:05:42.0093 1924 Actual detected object count: 6
16:06:31.0843 1924 Afc ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:31.0843 1924 Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:31.0843 1924 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:31.0843 1924 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:31.0859 1924 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:31.0859 1924 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:31.0875 1924 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:31.0875 1924 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:31.0890 1924 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:31.0890 1924 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:31.0890 1924 W32Sch ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:31.0890 1924 W32Sch ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:40.0062 1836 Deinitialize success




############ TDSsKIller 2nd LOG ######################

16:51:08.0468 1664 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:51:09.0046 1664 ============================================================
16:51:09.0046 1664 Current date / time: 2012/09/11 16:51:09.0046
16:51:09.0046 1664 SystemInfo:
16:51:09.0046 1664
16:51:09.0046 1664 OS Version: 5.1.2600 ServicePack: 3.0
16:51:09.0046 1664 Product type: Workstation
16:51:09.0046 1664 ComputerName: BOSS
16:51:09.0046 1664 UserName: Jim
16:51:09.0046 1664 Windows directory: C:\WINDOWS
16:51:09.0046 1664 System windows directory: C:\WINDOWS
16:51:09.0046 1664 Processor architecture: Intel x86
16:51:09.0046 1664 Number of processors: 2
16:51:09.0046 1664 Page size: 0x1000
16:51:09.0046 1664 Boot type: Normal boot
16:51:09.0046 1664 ============================================================
16:51:18.0718 1664 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:51:18.0828 1664 ============================================================
16:51:18.0828 1664 \Device\Harddisk0\DR0:
16:51:18.0921 1664 MBR partitions:
16:51:18.0921 1664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x129E99B5
16:51:18.0921 1664 ============================================================
16:51:19.0281 1664 C: <-> \Device\Harddisk0\DR0\Partition1
16:51:19.0515 1664 ============================================================
16:51:19.0515 1664 Initialize success
16:51:19.0515 1664 ============================================================
16:51:38.0734 1600 Deinitialize success



############# MBAM LOG ####################

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.11.09

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Jim :: BOSS [administrator]

9/11/2012 4:42:47 PM
mbam-log-2012-09-11 (16-42-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234527
Time elapsed: 5 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\RECYCLER\S-1-5-18\$0cf513bf3457d9324ef87f04c4b22ba7\n (Trojan.0Access) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1500069464-4003255602-1523143456-1006\$0cf513bf3457d9324ef87f04c4b22ba7\n (Trojan.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D}\syshost.exe (Trojan.Phex.THAGen9) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jim\Local Settings\temp\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Quarantined and deleted successfully.

(end)

Attached Thumbnails

  • Pic of kNotSure of WINDows LOGS.JPG

  • 0

#25
RKinner
Posted 11 September 2012 - 08:04 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Download The Avenger by Swandog46 from
http://swandog46.gee...r2/download.php
* Unzip/extract it to a folder on your desktop.
* Double click on avenger.exe to run The Avenger.
* Click OK.
* Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
* Copy all of the text between the stars to the clibpboard by highlighting it and then pressing Ctrl+C.
*******************************************************
Files to delete:
C:\WINDOWS\System32\Drivers\6b01ed5ec562c3a4.sys
C:\WINDOWS\assembly\GAC\Desktop.ini
C:\WINDOWS\msiserv.exe

Folders to delete:
C:\RECYCLER\S-1-5-18\$0cf513bf3457d9324ef87f04c4b22ba7
C:\RECYCLER\S-1-5-21-1500069464-4003255602-1523143456-1006\$0cf513bf3457d9324ef87f04c4b22ba7
C:\WINDOWS\Installer\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D}
C:\Documents and Settings\Jim\Local Settings\Application Data\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D}

Drivers to delete:
6b01ed5ec562c3a4
W32Sch

******************************************************
* In the avenger window, click the Paste Script from Clipboard icon, Image button.
* :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
* Click the Execute button.
* You will be asked Are you sure you want to execute the current script?.
* Click Yes.
* You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
* Click Yes.
* Your PC will now be rebooted.
* Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
* If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
* After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt). I would like to see the log in your next post.



Copy the text in the code box by highlighting and Ctrl + c 


:Services
6b01ed5ec562c3a4 
W32Sch

:files
C:\WINDOWS\System32\Drivers\6b01ed5ec562c3a4.sys 
C:\WINDOWS\assembly\GAC\Desktop.ini
C:\WINDOWS\msiserv.exe
C:\Documents and Settings\Jim\Application Data\*.exe
C:\Documents and Settings\All Users\Application Data\*.exe
C:\RECYCLER\S-1-5-18\$0cf513bf3457d9324ef87f04c4b22ba7
C:\RECYCLER\S-1-5-21-1500069464-4003255602-1523143456-1006\$0cf513bf3457d9324ef87f04c4b22ba7
C:\WINDOWS\Installer\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D}
C:\Documents and Settings\Jim\Local Settings\Application Data\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D} 
C:\Documents and Settings\Jim\Local Settings\temp\*.exe 
sc config W32Sch start= disabled /c
sc config 6b01ed5ec562c3a4  start= disabled /c
sc delete 6b01ed5ec562c3a4 /c
sc delete W32Sch /c

     
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.
(I think I must have given you the Vista/Win 7 instructions before. Sorry.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Run MBAM as before.
  • 0

Advertisements

#26
3mateo
Posted 11 September 2012 - 10:28 PM

3mateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
OH MAN! We we're ALMOST there!!!
I did 2 things uncapitally: 1) I did the VEW correct the first time--excactly as per your instructions...guaronteed; but then -- after I did everything else just as prescribed -- I accidentally ran VEW again (thinking I hadn't dont it, and was just exploring it, but I had done it, and correctly, but I think the second run replaced the original log with a new one of the same name! and 2) used the Event Timer thang to erase logs at the end of these steps instead of

1) Avenger good, log below.
2) OTC good, log below.
3) Event Viewer Tool VEW, good, log was fine, but I messed it up later.
4) Funbar good, log below.
5) Mbam good, Log below.

6)Accidentally re-ran VEW and replaced log, unless you know where I can find the original.
Lemme know.

7) Tried to access EVENT VIEWER again via Run Command, but it seemed like it didn't do anything again. Basically same as last time, without the beep. HOWEVER, when I clicked on both System and Access after I cleared logs, it said that there was no items in this view; so maybe it did work.

Thanks !!
~M



######################### AVENGER LOG #############

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\System32\Drivers\6b01ed5ec562c3a4.sys" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\6b01ed5ec562c3a4.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\assembly\GAC\Desktop.ini" deleted successfully.
File "C:\WINDOWS\msiserv.exe" deleted successfully.
Folder "C:\RECYCLER\S-1-5-18\$0cf513bf3457d9324ef87f04c4b22ba7" deleted successfully.
Folder "C:\RECYCLER\S-1-5-21-1500069464-4003255602-1523143456-1006\$0cf513bf3457d9324ef87f04c4b22ba7" deleted successfully.
Folder "C:\WINDOWS\Installer\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D}" deleted successfully.

Error: folder "C:\Documents and Settings\Jim\Local Settings\Application Data\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D}" not found!
Deletion of folder "C:\Documents and Settings\Jim\Local Settings\Application Data\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\6b01ed5ec562c3a4" not found!
Deletion of driver "6b01ed5ec562c3a4" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Driver "W32Sch" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.




####################### OTC LOG ######################

Error: Unable to interpret < > in the current context!
========== SERVICES/DRIVERS ==========
Error: No service named 6b01ed5ec562c3a4 was found to stop!
Service\Driver key 6b01ed5ec562c3a4 not found.
Error: No service named W32Sch was found to stop!
Service\Driver key W32Sch not found.
========== FILES ==========
File\Folder C:\WINDOWS\System32\Drivers\6b01ed5ec562c3a4.sys not found.
File\Folder C:\WINDOWS\assembly\GAC\Desktop.ini not found.
File\Folder C:\WINDOWS\msiserv.exe not found.
File\Folder C:\Documents and Settings\Jim\Application Data\*.exe not found.
File\Folder C:\Documents and Settings\All Users\Application Data\*.exe not found.
File\Folder C:\RECYCLER\S-1-5-18\$0cf513bf3457d9324ef87f04c4b22ba7 not found.
File\Folder C:\RECYCLER\S-1-5-21-1500069464-4003255602-1523143456-1006\$0cf513bf3457d9324ef87f04c4b22ba7 not found.
File\Folder C:\WINDOWS\Installer\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D} not found.
File\Folder C:\Documents and Settings\Jim\Local Settings\Application Data\{4FB2427A-D735-BA7E-58F0-06DA38A00E4D} not found.
File\Folder C:\Documents and Settings\Jim\Local Settings\temp\*.exe not found.
< sc config W32Sch start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Jim\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jim\Desktop\cmd.txt deleted successfully.
< sc config 6b01ed5ec562c3a4 start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Jim\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jim\Desktop\cmd.txt deleted successfully.
< sc delete 6b01ed5ec562c3a4 /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Jim\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jim\Desktop\cmd.txt deleted successfully.
< sc delete W32Sch /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Jim\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jim\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: Administrator.BOSS

User: All Users

User: Default User

User: Jim
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.BOSS
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Jim
->Flash cache emptied: 506 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 3947 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.61.1 log created on 09112012_195742




############# FUN Bar Log ####################

Farbar Service Scanner Version: 06-08-2012
Ran by Jim (administrator) on 11-09-2012 at 20:17:20
Running from "C:\Documents and Settings\Jim\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
The ServiceDll of sharedaccess service is OK.

netman Service is not running. Checking service configuration:
The start type of netman service is OK.
The ImagePath of netman service is OK.
The ServiceDll of netman service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is set to Auto. The default start type is 3.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000900000005000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****



########## MBAM QWIK Scan LOG #################

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.11.09

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Jim :: BOSS [administrator]

11/09/2012 8:18:35 PM
mbam-log-2012-09-11 (20-18-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234487
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#27
RKinner
Posted 12 September 2012 - 01:42 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

It should reboot when it finishes.

Then run Farbar again as before.

What we are trying to do with the events and VEW is first clear the events then reboot. Any problems should show up right away in the event logs so we run vew to see what is there. If nothing shows up we are happy. If something shows up we fix it if we can.

Can you delete the old Combofix and download a new copy and see if it will run now? Remember to pause your anti-virus.



Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#28
3mateo
Posted 12 September 2012 - 11:07 AM

3mateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Eset ran fine.
Funbar ran fine, log below.
RE-installed ComboFix ran fine, and we did get a LOG!!
I had to remove avast, just pausing it had ComboF saying it detected Avast, so i deleted the program.
OTL ran, but once again it has some text in the box when done:
Thanks!!
-M


############# Stuff remaining in OTL box: ###############

%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true






############### FUNBAR LOG #####################

Farbar Service Scanner Version: 06-08-2012
Ran by Jim (administrator) on 12-09-2012 at 08:42:29
Running from "C:\Documents and Settings\Jim\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is set to Auto. The default start type is 3.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000900000005000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****



############### COMBOFIX LOG #############################

ComboFix 12-09-12.03 - Jim 12/09/2012 9:00.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1537 [GMT -7:00]
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\cleanup.exe
c:\documents and settings\Jim\Application Data\Roaming
c:\documents and settings\Jim\Application Data\Roaming\roaming.exe
C:\zip.exe
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\YwqLFybcKWoAhAh.exe
c:\documents and settings\Jim\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\10.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\1707.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\17113.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\18220.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\3701.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\947.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Jim\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Jim\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Jim\Local Settings\Application Data\icxds.exe
c:\documents and settings\Jim\Local Settings\Application Data\nxnww.exe
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{06009DE9-CE52-5394-4A34-C9162998F4E3}\syshost.exe
c:\windows\system32\drivers\52c68b51ad2755ee.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_52c68b51ad2755ee
-------\Service_52c68b51ad2755ee
.
.
((((((((((((((((((((((((( Files Created from 2012-08-12 to 2012-09-12 )))))))))))))))))))))))))))))))
.
.
2012-09-12 02:43 . 2012-09-12 02:43 1196 ----a-w- C:\backup.reg
2012-09-12 02:42 . 2012-09-12 02:42 574 ----a-w- C:\cleanup.bat
2012-09-11 23:39 . 2012-09-08 00:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-11 23:39 . 2012-09-11 23:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-11 23:03 . 2012-09-11 23:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-10 22:00 . 2012-09-10 22:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
2012-09-09 18:01 . 2012-09-09 18:03 -------- d-----w- C:\GEORGE2
2012-09-07 22:48 . 2012-09-07 22:48 -------- d--h--w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2012-09-07 22:47 . 2012-09-07 22:47 -------- d-----w- C:\_OTL
2012-09-07 06:02 . 2012-09-07 06:02 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2012-09-07 03:38 . 2012-09-07 03:38 -------- d--h--w- c:\windows\system32\wbem\Repository
2012-09-07 02:10 . 2012-09-07 03:37 -------- d-s---w- c:\documents and settings\Administrator
2012-09-04 22:30 . 2012-09-04 22:30 -------- d--h--w- c:\documents and settings\Jim\Application Data\ImgBurn
2012-08-29 23:30 . 2012-06-02 22:19 15384 ---ha-w- c:\windows\system32\wuapi.dll.mui
2012-08-24 04:14 . 2012-08-24 04:14 -------- d--h--w- c:\documents and settings\Jim\Application Data\Sibelius Software
2012-08-20 06:51 . 2012-08-20 06:51 -------- d--h--w- c:\program files\WiseConvert
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\RPRSTITL.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\RPRSTEXT.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\RPRSSTMP.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\RPRSSPEC.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\RPRSSCRP.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\RPRSREH_.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\RPRSMET_.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\RPRSCHOR.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\RPRS____.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\OPUSTEXT.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\OPUSSE__.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\OPUSS___.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\OPUSROMC.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\OPUSPC__.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\OPUSP___.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\OPUSO___.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\OPUSNN__.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\OPUSM___.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\OPUSFS__.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\OPUSFBE_.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\OPUSFB__.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\OPUSCSC_.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\OPUSCS__.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\OPUSC___.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\OPUS____.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\INKPEN2_.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\INK2TEXT.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\INK2SPEC.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\INK2SCRI.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\INK2METR.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\INK2CHOR.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\HELST___.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\HELSS___.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\HELSM___.FOT
2012-08-24 04:13 . 2012-08-24 04:13 1409 ---ha-w- c:\windows\Fonts\HELSINKI.FOT
2012-08-08 23:05 . 2012-02-29 01:40 143872 ---ha-w- c:\windows\system32\javacpl.cpl
2012-08-07 19:13 . 2012-08-07 18:54 181064 ---ha-w- c:\windows\PSEXESVC.EXE
2012-08-01 18:34 . 2012-07-17 18:20 426184 ---ha-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-01 18:34 . 2012-02-29 01:30 70344 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 05:06 . 2012-08-08 23:05 772544 ---ha-w- c:\windows\system32\npDeployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-28 8429568]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Desktop Application Director 8.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Corel Desktop Application Director 8.LNK
backup=c:\windows\pss\Corel Desktop Application Director 8.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^Startup^Shrink Pic.lnk]
path=c:\documents and settings\Jim\Start Menu\Programs\Startup\Shrink Pic.lnk
backup=c:\windows\pss\Shrink Pic.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2007-07-22 21:27 69632 ---ha-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
2004-02-19 13:23 61440 ---ha-w- c:\dell\bldbubg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 13:03 17920 -c-ha-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 17:35 221184 ---ha-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 17:37 81920 -c-ha-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33 421776 ---ha-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ---ha-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-07-22 21:27 16132608 ---ha-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-09-10 03:35 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09/09/2012 8:32 PM 136176]
S3 CFcatchme;CFcatchme;\??\c:\george\CFcatchme.sys --> c:\george\CFcatchme.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [09/09/2012 8:32 PM 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ---ha-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-10 03:32]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-10 03:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-65140053.sys
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
MSConfigStartUp-Spybot-S&D Cleaning - c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-12 09:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1500069464-4003255602-1523143456-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1500069464-4003255602-1523143456-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:08,80,8b,5c,ca,f3,7b,60,73,f0,2e,a2,24,c5,dd,ee,d0,7c,6f,40,b5,09,cc,
90,28,95,b0,52,f2,ac,78,a2,8d,11,d3,51,8a,9d,dd,2d,36,f1,b1,7d,4b,ce,83,4f,\
"??"=hex:41,66,9f,27,67,d5,f0,9d,06,2e,82,4d,03,51,07,34
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\07\03\19\17!\15."
.
Completion time: 2012-09-12 09:10:35
ComboFix-quarantined-files.txt 2012-09-12 16:10
.
Pre-Run: 114,053,685,248 bytes free
Post-Run: 114,847,064,064 bytes free
.
- - End Of File - - 01E2478E369E0DDCAA696E05D592901E


##################### OTL LOG 1 ###########################################

OTL logfile created on: 12/09/2012 9:40:06 AM - Run 7
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Documents and Settings\Jim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 81.76% Memory free
3.85 Gb Paging File | 3.67 Gb Available in Paging File | 95.35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 107.02 Gb Free Space | 71.85% Space Free | Partition Type: NTFS

Computer Name: BOSS | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/07 15:27:19 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
PRC - [2012/08/08 16:05:09 | 000,161,776 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2012/08/08 16:05:09 | 000,161,776 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\GEORGE\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Jim\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2007/07/22 14:27:12 | 004,424,704 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/04/21 22:09:00 | 000,120,448 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{02C2FC17-3FA4-475F-9F6F-099E21DA079D}: "URL" = http://www.bing.com/...ferrer:source?}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1E02B687-EA27-4815-A25C-25B51B037734}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{1F397D90-488D-4800-BAEE-F0BCD701E15C}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7DKUS_en
IE - HKCU\..\SearchScopes\{C62CFA05-44B5-4B60-917B-9289833B2AD5}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{F1359F9E-D2BE-4403-A7C6-D7B2998237C7}: "URL" = http://search.yahoo....0834,6901,0,8,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll File not found


[2008/10/09 16:42:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Extensions
[2008/10/09 16:42:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2012/09/12 09:06:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.fcd.maric...mgaxctrl6.5.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1346283026031 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1346283014625 (MUWebControl Class)
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphot.../HPSWUpdate.ocx (CUpdateCtl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70FC676B-AE41-4E18-B39D-20CB5E48B32C}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Desktop Application Director 8.LNK - C:\Corel\Suite8\Programs\DAD8.EXE - (Corel Corporation Limited)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Jim^Start Menu^Programs^Startup^Shrink Pic.lnk - - File not found
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: BuildBU - hkey= - key= - c:\dell\bldbubg.exe ()
MsConfig - StartUpReg: ECenter - hkey= - key= - C:\dell\E-Center\EULALauncher.exe ( )
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - lvcodec2.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/12 08:51:57 | 004,749,988 | R--- | C] (Swearware) -- C:\Documents and Settings\Jim\Desktop\ComboFix.exe
[2012/09/11 20:16:47 | 000,693,235 | ---- | C] (Farbar) -- C:\Documents and Settings\Jim\Desktop\FUNfreaknBAR.exe
[2012/09/11 19:45:07 | 000,000,000 | ---D | C] -- C:\Avenger
[2012/09/11 16:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/11 16:39:59 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/11 16:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/11 16:39:05 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jim\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/11 16:03:11 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/11 16:01:38 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jim\Desktop\tdsskiller.exe
[2012/09/11 15:31:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jim\Desktop\aswMBR.exe
[2012/09/10 15:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
[2012/09/10 15:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/09/09 20:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/09/09 16:49:16 | 000,000,000 | ---D | C] -- C:\GEORGE29377G
[2012/09/09 13:57:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/09/09 11:31:28 | 000,000,000 | ---D | C] -- C:\RECYCLER
[2012/09/09 11:04:46 | 001,629,088 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Jim\Desktop\jimmy.exe
[2012/09/09 11:02:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/09/09 11:02:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/09/09 11:02:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/09/09 11:02:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/09/09 11:01:36 | 000,000,000 | ---D | C] -- C:\GEORGE2
[2012/09/09 10:59:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/09 01:26:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jim\Recent
[2012/09/08 14:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support
[2012/09/08 14:00:53 | 000,138,120 | ---- | C] (ESET) -- C:\Documents and Settings\Jim\Desktop\ESETSirefefRemover.exe
[2012/09/08 10:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Desktop\JUST TOO OLD
[2012/09/07 15:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2012/09/07 15:47:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/07 15:27:18 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
[2012/09/07 11:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Desktop\Pics n Music 2012
[2012/09/06 21:53:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/09/06 21:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/09/06 20:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/09/06 20:51:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/09/06 19:00:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Recent(2)
[2012/09/04 15:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\ImgBurn
[2012/08/30 20:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\My Documents\Downloads
[2012/08/29 16:30:52 | 000,015,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/08/23 21:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Sibelius Software
[2012/08/19 23:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\WiseConvert

========== Files - Modified Within 30 Days ==========

[2012/09/12 09:43:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/12 09:19:29 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/12 09:19:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/12 09:06:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/09/12 08:52:06 | 004,749,988 | R--- | M] (Swearware) -- C:\Documents and Settings\Jim\Desktop\ComboFix.exe
[2012/09/12 08:36:37 | 004,009,167 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\ServicesRepair.exe
[2012/09/11 20:37:33 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Jim\Desktop\VEW.exe
[2012/09/11 20:16:49 | 000,693,235 | ---- | M] (Farbar) -- C:\Documents and Settings\Jim\Desktop\FUNfreaknBAR.exe
[2012/09/11 20:15:40 | 000,075,247 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\VEW Runtime error message.JPG
[2012/09/11 19:43:00 | 000,001,196 | ---- | M] () -- C:\backup.reg
[2012/09/11 19:42:59 | 000,000,574 | ---- | M] () -- C:\cleanup.bat
[2012/09/11 19:39:20 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\avenger.zip
[2012/09/11 17:54:37 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Defrag...lnk
[2012/09/11 17:01:20 | 000,092,187 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Pic of kNotSure of WINDows LOGS.JPG
[2012/09/11 16:40:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/11 16:39:09 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jim\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/11 16:01:38 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jim\Desktop\tdsskiller.exe
[2012/09/11 15:56:27 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/11 15:31:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jim\Desktop\aswMBR.exe
[2012/09/11 13:40:46 | 000,075,643 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Gparted Partitions ETC 9.11.12 140pm.JPG
[2012/09/11 09:59:33 | 000,821,248 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\FreeISOBurner.exe
[2012/09/09 21:48:53 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/09 20:43:33 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/09 20:32:57 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Juppiez.exe.lnk
[2012/09/09 11:04:53 | 001,629,088 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Jim\Desktop\jimmy.exe
[2012/09/08 14:39:15 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/08 14:35:13 | 000,083,541 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Disk Mg Wind SHOT.JPG
[2012/09/08 14:00:54 | 000,138,120 | ---- | M] (ESET) -- C:\Documents and Settings\Jim\Desktop\ESETSirefefRemover.exe
[2012/09/08 14:00:43 | 002,033,481 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\EZ_Sirefix.exe
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/07 15:27:19 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
[2012/09/07 10:27:04 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/09/06 21:34:14 | 000,000,066 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\mbam.context.scan
[2012/09/06 20:40:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/05 12:44:40 | 221,672,648 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\1x15 - So Sorry, My Island Now.avi
[2012/09/04 01:05:54 | 367,155,100 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Alphas.S01E04.HDTV.XviD-FQM.[VTV].Rosetta.avi
[2012/09/04 00:18:22 | 366,223,206 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Alphas.S01E05.HDTV.XviD-LOL.[VTV].Never.Let.Me.Go.avi
[2012/09/01 15:44:00 | 304,582,752 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Copper.S01E02.HDTV.x264-2HD.mp4
[2012/08/28 15:47:45 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/08/27 09:33:34 | 000,367,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/09/11 20:15:40 | 000,075,247 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\VEW Runtime error message.JPG
[2012/09/11 20:09:36 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Jim\Desktop\VEW.exe
[2012/09/11 19:43:00 | 000,001,196 | ---- | C] () -- C:\backup.reg
[2012/09/11 19:42:59 | 000,000,574 | ---- | C] () -- C:\cleanup.bat
[2012/09/11 19:39:19 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\avenger.zip
[2012/09/11 17:01:20 | 000,092,187 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Pic of kNotSure of WINDows LOGS.JPG
[2012/09/11 16:40:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/11 13:40:46 | 000,075,643 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Gparted Partitions ETC 9.11.12 140pm.JPG
[2012/09/11 09:59:33 | 000,821,248 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\FreeISOBurner.exe
[2012/09/09 21:49:48 | 366,223,206 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Alphas.S01E05.HDTV.XviD-LOL.[VTV].Never.Let.Me.Go.avi
[2012/09/09 21:49:24 | 367,155,100 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Alphas.S01E04.HDTV.XviD-FQM.[VTV].Rosetta.avi
[2012/09/09 20:34:52 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/09 20:33:02 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/09 20:33:02 | 000,000,876 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/09 20:32:57 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Juppiez.exe.lnk
[2012/09/09 19:53:37 | 304,582,752 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Copper.S01E02.HDTV.x264-2HD.mp4
[2012/09/09 13:36:16 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/09/09 13:36:15 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/09/09 13:36:14 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
[2012/09/09 13:36:13 | 000,002,489 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2012/09/09 13:36:12 | 000,001,978 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Publisher.lnk
[2012/09/09 13:36:11 | 000,002,487 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
[2012/09/09 13:36:10 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/09/09 13:36:09 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/09/09 11:02:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/09/09 11:02:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/09/09 11:02:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/09/09 11:02:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/09/09 11:02:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/08 14:33:48 | 000,083,541 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Disk Mg Wind SHOT.JPG
[2012/09/08 14:01:10 | 004,009,167 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\ServicesRepair.exe
[2012/09/08 14:00:41 | 002,033,481 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\EZ_Sirefix.exe
[2012/09/06 20:42:33 | 000,000,066 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\mbam.context.scan
[2012/09/05 12:46:00 | 221,672,648 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\1x15 - So Sorry, My Island Now.avi
[2012/06/01 23:25:57 | 000,184,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/31 11:34:25 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\.backup.dm
[2012/02/28 08:42:14 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/15 21:16:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/11/04 16:22:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\bibstats
[2010/10/14 14:50:36 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2008/08/20 13:10:43 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\kodakpcd.ini
[2008/07/21 13:18:42 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/31 10:15:58 | 000,260,544 | ---- | C] () -- C:\Documents and Settings\Jim\BD=1

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST3160815AS
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 149.00GB
Starting Offset: 57576960
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >
[2004/06/11 16:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >
[2004/06/11 16:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/01/14 21:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Adobe
[2008/06/05 12:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\AdobeUM
[2012/06/22 19:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\AnvSoft
[2012/08/07 23:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Apple Computer
[2010/05/08 10:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\ArcSoft
[2012/09/06 20:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Azureus
[2012/02/10 17:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Canon
[2008/10/06 16:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/05/21 16:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\CyberLink
[2009/10/27 16:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\DriverCure
[2012/06/26 21:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\dvdcss
[2012/08/06 11:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\ElevatedDiagnostics
[2008/02/21 16:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Google
[2008/02/11 14:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Help
[2009/01/14 13:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Hoyle Casino
[2008/02/01 11:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Hoyle FaceCreator
[2008/04/29 17:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\HP
[2004/08/10 12:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Identities
[2012/09/04 15:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\ImgBurn
[2008/01/23 20:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\InstallShield
[2008/08/20 13:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Kodak
[2009/09/25 11:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Leadertech
[2008/01/31 13:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Macromedia
[2012/08/08 16:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Malwarebytes
[2012/08/27 08:53:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Jim\Application Data\Microsoft
[2008/01/31 10:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Microsoft Web Folders
[2008/10/09 16:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Mozilla
[2011/03/22 15:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\MSNInstaller
[2012/08/09 18:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\OpenOffice.org
[2012/08/08 16:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Oracle
[2011/04/05 12:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Panasonic
[2012/09/08 10:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Philipp Winterberg
[2008/01/31 14:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Roxio
[2008/02/01 11:53:59 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Jim\Application Data\SecuROM
[2012/09/06 20:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\shrink_pic
[2012/08/23 21:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Sibelius Software
[2008/07/21 15:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Skinux
[2012/08/08 16:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Skype
[2011/02/20 18:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\skypePM
[2010/01/29 11:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Smith Micro
[2012/08/27 09:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\stickies
[2008/02/29 09:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Sun
[2008/01/31 13:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Symantec
[2008/09/17 14:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\TomTom
[2012/05/04 17:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\U3
[2012/07/30 11:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Uniblue
[2011/02/04 16:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Verizon Wireless
[2012/06/22 18:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Video Converter
[2012/09/10 13:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\vlc
[2011/12/20 23:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\WinRAR
[2012/08/27 09:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Yahoo!
[2009/05/11 14:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\ZoomBrowser EX

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/28 10:14:33 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/28 10:14:33 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2006/08/28 01:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\i386\atapi.sys
[2006/08/27 20:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/08/27 20:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2006/08/27 20:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/04/13 17:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008/04/13 17:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2008/04/13 17:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\dllcache\csrss.exe
[2004/08/04 04:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/06/20 10:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 10:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 04:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 10:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 10:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 09:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\erdnt\cache\mswsock.dll
[2008/06/20 09:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 09:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 17:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 17:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 10:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 10:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2008/04/13 17:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\ServicePackFiles\i386\nwprovau.dll
[2008/04/13 17:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\dllcache\nwprovau.dll
[2008/04/13 17:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll
[2006/10/13 05:41:38 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=808CB47D7F6BE51B0354CD628CF45978 -- C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
[2006/10/13 05:35:12 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=AEEB687B865E1BAB04BB9C3604F92CEF -- C:\WINDOWS\$NtServicePackUninstall$\nwprovau.dll
[2004/08/04 04:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINDOWS\$NtUninstallKB923980$\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2004/08/04 04:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\WINDOWS\$NtServicePackUninstall$\pnrpnsp.dll
[2008/04/13 17:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\ServicePackFiles\i386\pnrpnsp.dll
[2008/04/13 17:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\dllcache\pnrpnsp.dll
[2008/04/13 17:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 04:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 17:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 17:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\erdnt\cache\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 04:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USER32.DLL >
[2005/03/02 11:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007/03/08 08:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\erdnt\cache\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\dllcache\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2007/03/08 08:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINRNR.DLL >
[2004/08/04 04:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINDOWS\$NtServicePackUninstall$\winrnr.dll
[2008/04/13 17:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\ServicePackFiles\i386\winrnr.dll
[2008/04/13 17:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\dllcache\winrnr.dll
[2008/04/13 17:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/08/29 19:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/29 19:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/29 19:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/29 19:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/08/29 19:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 04:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 04:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 04:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/08/29 19:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/29 19:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/29 19:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/29 19:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/08/29 19:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 04:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 04:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 04:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< End of report >




############### OTL EXTRAS log ####################

OTL Extras logfile created on: 12/09/2012 9:40:06 AM - Run 7
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Documents and Settings\Jim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 81.76% Memory free
3.85 Gb Paging File | 3.67 Gb Available in Paging File | 95.35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 107.02 Gb Free Space | 71.85% Space Free | Partition Type: NTFS

Computer Name: BOSS | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\System32\Mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB55D872-A96B-4434-8110-CA7B755AD914}" = Fritz 12
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CCleaner" = CCleaner
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"VLC media player" = VLC media player 2.0.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 12/09/2012 11:57:34 AM | Computer Name = BOSS | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 12/09/2012 11:59:06 AM | Computer Name = BOSS | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 12/09/2012 11:59:13 AM | Computer Name = BOSS | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 12/09/2012 11:59:13 AM | Computer Name = BOSS | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 12/09/2012 11:59:50 AM | Computer Name = BOSS | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 12/09/2012 12:03:13 PM | Computer Name = BOSS | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 12/09/2012 12:13:02 PM | Computer Name = BOSS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/09/2012 12:14:21 PM | Computer Name = BOSS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm

Error - 12/09/2012 12:18:42 PM | Computer Name = BOSS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/09/2012 12:19:41 PM | Computer Name = BOSS | Source = Service Control Manager | ID = 7000
Description = The Kodak Camera Connection Software service failed to start due to
the following error: %%2


< End of report >
  • 0

#29
RKinner
Posted 12 September 2012 - 11:36 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
These services are not working per farbar:

System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is set to Auto. The default start type is 3.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".



servicesrepair didn't seem to work. Let's see if we can manually start them.

Start, Run, services.msc , OK. Find the Background Intelligent Transfer Service (BITS) and right click it and select Properties. Change the Startup Type: to Auto and Apply. Then try and Start the service. Do you get an error?

Now go to Event Log. If it is not running try to Start it. Do you get an error?

Now go to Windows Updates. If it is not running try to Start it. Do you get an error?

Now do the Security Center the same way. Error?

Now go to Kodak Camera Connection Software service and right click and select Properties. Change the Startup Type: to Disabled and Apply.


It looks like the bug is dead anyway.
  • 0

#30
3mateo
Posted 23 September 2012 - 12:39 PM

3mateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
RK:
Sorry for the delay; switched inter srv providers and they fubared it until just now (literally 10mins ago!).
As per your instructions:

BITS:
Changed to AUTO, Applied, NO errors.

EVENT LOG:
It is running already, so NO error.

WINDOWS UPDATES:
W.Updates is not there (on the list). Is it somewhere else?? should I download it???

SECURITY CENTER:
Started it, no error.

KODAK CAMera CONN SOFTWARE:
Disabled & Appied, no probs.


Much thanks for the get'n rid of the virus!!

So now, 1) What to do re: Windows UPdates

2) Same re: Java (due to viral vulnerability): Disable? Update? Delete?

3) AV/Protection: A few people have suggested Norton 360, but I'm a little more agressive internet surfer than they are. As you prob know, I only have free AV programs. What's your recommendataion for my system. If it makes any difference, I now have Cent Link via phone jack and personalized password. My desktop (this comp) is plugged in, and i have an HP mini that connects via wireless; tho I don't know if it's WPA or WEP (or even what those mean for that matter).

4) Often, i get this: Error Message: The Recycle Bin on C:\ Is Corrupt or Invalid. Do You Want to Empty the Recycle Bin for this.... what should I do?

5) When I start up in Normal MOde, I get: FOUND NEW HARDWDARE ... WIZARD for UNKNOWN.
IF IT CAME W/ CD or FLOPPY, PLZ INSTERT, or choose from....
I have been cliking on cancel, and then later a bottom right box pops up w/ PROB OCCURED IN INSTILLATION,
What do to about that?

6) Any and all other suggestions?

Thanks again as always! See Funbar log below.
-M



Farbar Service Scanner Version: 06-08-2012
Ran by Jim (administrator) on 23-09-2012 at 11:17:12
Running from "C:\Documents and Settings\Jim\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000900000005000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP