Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan:JS/Medfos.B Cannot seem to get rid of! [Solved]


  • This topic is locked This topic is locked

#1
scwatermann

scwatermann

    New Member

  • Member
  • Pip
  • 7 posts
The infection keeps coming up in Windows Security Essentials, I've tried fixing it there and by using Malware Bytes to no effect. Can't seem to get rid of it! Please help. Have had a Blue screen (Ack!) twice.

I did download the OTL, here's the log:

OTL logfile created on: 11/28/2012 2:19:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Roxann Jasper\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 64.24% Memory free
3.81 Gb Paging File | 3.21 Gb Available in Paging File | 84.10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 125.27 Gb Free Space | 84.09% Space Free | Partition Type: NTFS
Drive P: | 232.77 Gb Total Space | 217.95 Gb Free Space | 93.64% Space Free | Partition Type: NTFS
Drive Z: | 298.09 Gb Total Space | 229.15 Gb Free Space | 76.87% Space Free | Partition Type: NTFS

Computer Name: UPSTAIRS | User Name: Roxann Jasper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/28 14:19:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roxann Jasper\My Documents\Downloads\OTL.exe
PRC - [2012/11/13 20:11:00 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/09/12 16:25:22 | 000,280,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2012/01/06 07:35:22 | 000,569,072 | ---- | M] (CrossLoop) -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
PRC - [2009/08/17 15:40:54 | 000,079,168 | ---- | M] (Broadcom Corp.) -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe
PRC - [2008/04/17 13:41:14 | 000,495,616 | ---- | M] () -- C:\Program Files\Daktronics\Venus 1500\V15Shell.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/21 06:42:00 | 000,204,920 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\Safenet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2008/03/21 00:20:10 | 000,327,800 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\Safenet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2007/05/16 11:47:26 | 000,013,864 | R--- | M] () -- C:\WINDOWS\system32\srvany.exe
PRC - [2006/08/31 16:56:08 | 000,106,546 | ---- | M] () -- C:\pvsw\bin\w3dbsmgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/27 08:36:54 | 000,614,912 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Application Data\rshnen.dll
MOD - [2012/11/13 20:10:59 | 000,460,904 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\ppgooglenaclpluginchrome.dll
MOD - [2012/11/13 20:10:57 | 004,008,040 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\pdf.dll
MOD - [2012/11/13 20:10:12 | 000,587,880 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\libglesv2.dll
MOD - [2012/11/13 20:10:11 | 000,124,520 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\libegl.dll
MOD - [2012/11/13 20:10:04 | 000,157,304 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\avutil-51.dll
MOD - [2012/11/13 20:10:03 | 000,275,576 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\avformat-54.dll
MOD - [2012/11/13 20:10:02 | 002,168,952 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\avcodec-54.dll
MOD - [2012/11/08 13:32:26 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008/04/18 08:51:10 | 000,036,864 | ---- | M] () -- C:\Program Files\Daktronics\Venus 1500\SX32W.DLL
MOD - [2008/04/17 13:41:14 | 000,495,616 | ---- | M] () -- C:\Program Files\Daktronics\Venus 1500\V15Shell.exe
MOD - [2007/05/16 11:47:26 | 000,013,864 | R--- | M] () -- C:\WINDOWS\system32\srvany.exe
MOD - [2006/08/31 16:56:08 | 000,106,546 | ---- | M] () -- C:\pvsw\bin\w3dbsmgr.exe
MOD - [2006/08/31 16:56:06 | 000,155,698 | ---- | M] () -- C:\pvsw\bin\w3comsrv.dll


========== Services (SafeList) ==========

SRV - [2012/10/08 14:01:40 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/06 07:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Auto | Running] -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/07/21 06:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2009/08/17 15:40:54 | 000,079,168 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe -- (BPowMon)
SRV - [2008/03/21 06:42:00 | 000,204,920 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\Safenet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2008/03/21 00:20:10 | 000,327,800 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Safenet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2007/05/16 11:47:26 | 000,013,864 | R--- | M] () [Auto | Running] -- C:\WINDOWS\system32\srvany.exe -- (Pervasive.SQL Workgroup Engine)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\heecue.sys -- (pcjuov)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\hpfxbulk.sys -- (HPEWSFXBULK)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ROXANN~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/11/28 14:17:14 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{838D5A75-CF42-44A3-8B12-7F6247A9697B}\MpKsl72a70f40.sys -- (MpKsl72a70f40)
DRV - [2009/09/11 14:45:48 | 005,911,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/08/03 23:18:54 | 000,213,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k)
DRV - [2008/08/05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/03/21 06:42:00 | 000,088,896 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2006/01/04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2003/11/30 20:54:20 | 000,043,136 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dell.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {BBA24045-343E-4F26-BD20-5079158A496F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BBA24045-343E-4F26-BD20-5079158A496F}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: http://dell.msn.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://dell.msn.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/08/20 12:23:46 | 000,000,759 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.0.200 NPI1A63DD
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe (Sage Software SB, Inc.)
O4 - HKLM..\Run: [rshnen] C:\Documents and Settings\Roxann Jasper\Application Data\rshnen.dll ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Venus 1500 Shell.lnk = C:\Program Files\Daktronics\Venus 1500\V15Shell.exe ()
O4 - Startup: C:\Documents and Settings\Roxann Jasper\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.ma...are/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1345488118328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58258B13-72B8-414F-93E7-8F6E0BF45506}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/28 13:26:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/11/28 10:54:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Roxann Jasper\Recent
[2012/11/08 13:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/11/08 13:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roxann Jasper\Application Data\OpenOffice.org
[2012/11/08 13:32:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.4.1
[2012/11/08 13:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012/11/02 08:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/11/02 08:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Roxann Jasper\Desktop\*.tmp files -> C:\Documents and Settings\Roxann Jasper\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/28 14:16:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/28 14:15:31 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/11/28 14:15:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/28 14:15:27 | 2110,574,592 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/28 13:13:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4005339946-3369753308-1103613962-1005UA.job
[2012/11/28 13:01:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/28 02:01:40 | 000,000,198 | ---- | M] () -- C:\WINDOWS\tasks\Wednesday.job
[2012/11/27 14:13:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4005339946-3369753308-1103613962-1005Core.job
[2012/11/27 08:36:54 | 000,614,912 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Application Data\rshnen.dll
[2012/11/27 01:12:54 | 000,000,828 | ---- | M] () -- C:\WINDOWS\tasks\Tuesday.job
[2012/11/26 20:14:57 | 000,002,346 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Desktop\Google Chrome.lnk
[2012/11/26 20:14:57 | 000,002,324 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/26 12:15:32 | 000,000,351 | ---- | M] () -- C:\WINDOWS\V15DisplayMgr.INI
[2012/11/26 09:07:09 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Desktop\Microsoft Office Word 2003.lnk
[2012/11/26 00:01:31 | 000,000,192 | ---- | M] () -- C:\WINDOWS\tasks\Monday.job
[2012/11/24 13:00:48 | 000,000,073 | ---- | M] () -- C:\WINDOWS\V15MsgStudio.INI
[2012/11/24 01:49:08 | 000,000,852 | ---- | M] () -- C:\WINDOWS\tasks\Weekly Full.job
[2012/11/23 02:02:08 | 000,000,192 | ---- | M] () -- C:\WINDOWS\tasks\Friday.job
[2012/11/22 01:13:34 | 000,000,834 | ---- | M] () -- C:\WINDOWS\tasks\Thursday.job
[2012/11/20 15:15:02 | 000,120,832 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\My Documents\Memorial Folder Keil,John.pub
[2012/11/20 09:45:30 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2012/11/15 08:26:58 | 000,467,830 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/15 08:26:57 | 000,080,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/15 08:26:26 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/11/15 03:21:44 | 000,311,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/08 13:33:18 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/11/06 14:51:35 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\My Documents\OpenBar.pub
[2012/11/04 02:45:15 | 000,000,838 | ---- | M] () -- C:\WINDOWS\tasks\Monthly.job
[2012/11/02 13:17:08 | 001,612,223 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Desktop\2012-11-02 14.13.59.jpg
[2012/11/02 08:14:45 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Roxann Jasper\Desktop\*.tmp files -> C:\Documents and Settings\Roxann Jasper\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/28 14:15:27 | 2110,574,592 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/27 08:36:50 | 000,614,912 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\Application Data\rshnen.dll
[2012/11/19 10:52:00 | 000,120,832 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\My Documents\Memorial Folder Keil,John.pub
[2012/11/08 13:33:18 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/11/06 11:37:46 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\My Documents\OpenBar.pub
[2012/11/02 13:17:03 | 001,612,223 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\Desktop\2012-11-02 14.13.59.jpg
[2012/11/02 08:14:45 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2012/11/02 08:14:45 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2012/08/20 12:23:39 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2012/08/20 12:20:51 | 000,177,279 | ---- | C] () -- C:\WINDOWS\hppins11.dat
[2012/08/20 12:20:51 | 000,005,707 | ---- | C] () -- C:\WINDOWS\hppmdl11.dat
[2012/08/20 10:33:38 | 000,000,785 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2012/08/07 13:00:51 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/02 12:56:00 | 000,182,359 | ---- | C] () -- C:\WINDOWS\hppins11.dat.temp
[2012/08/02 12:56:00 | 000,005,828 | ---- | C] () -- C:\WINDOWS\hppmdl11.dat.temp
[2012/07/31 00:00:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\REG00001
[2012/07/24 00:00:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\REG00000
[2012/07/16 16:26:54 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2012/07/16 14:20:38 | 000,000,665 | ---- | C] () -- C:\WINDOWS\System32\hppapr11.dat
[2012/02/14 22:36:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/09 12:25:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/09 12:25:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/09 12:25:09 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/09 12:25:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/09 12:25:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/09 08:08:02 | 000,009,352 | -HS- | C] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\ar7b6o4h07iv2eb771xo532d6qmd
[2011/05/09 08:08:02 | 000,009,352 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ar7b6o4h07iv2eb771xo532d6qmd

========== ZeroAccess Check ==========

[2010/10/22 02:01:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 10:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets se if this helps

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\heecue.sys -- (pcjuov)
O4 - HKLM..\Run: [rshnen] C:\Documents and Settings\Roxann Jasper\Application Data\rshnen.dll ()
[2011/05/09 08:08:02 | 000,009,352 | -HS- | C] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\ar7b6o4h07iv2eb771xo532d6qmd
[2011/05/09 08:08:02 | 000,009,352 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ar7b6o4h07iv2eb771xo532d6qmd

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#3
scwatermann

scwatermann

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL logfile created on: 11/28/2012 3:09:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Roxann Jasper\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 64.85% Memory free
3.81 Gb Paging File | 3.17 Gb Available in Paging File | 83.22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 125.42 Gb Free Space | 84.19% Space Free | Partition Type: NTFS
Drive P: | 232.77 Gb Total Space | 217.95 Gb Free Space | 93.64% Space Free | Partition Type: NTFS
Drive Z: | 298.09 Gb Total Space | 229.15 Gb Free Space | 76.87% Space Free | Partition Type: NTFS

Computer Name: UPSTAIRS | User Name: Roxann Jasper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/28 15:09:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roxann Jasper\Desktop\OTL.exe
PRC - [2012/11/28 15:01:22 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Roxann Jasper\My Documents\Downloads\tdsskiller.exe
PRC - [2012/11/13 20:11:00 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2012/01/06 07:35:22 | 000,569,072 | ---- | M] (CrossLoop) -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
PRC - [2009/08/17 15:40:54 | 000,079,168 | ---- | M] (Broadcom Corp.) -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe
PRC - [2008/04/17 13:41:14 | 000,495,616 | ---- | M] () -- C:\Program Files\Daktronics\Venus 1500\V15Shell.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/21 06:42:00 | 000,204,920 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\Safenet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2008/03/21 00:20:10 | 000,327,800 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\Safenet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2007/05/16 11:47:26 | 000,013,864 | R--- | M] () -- C:\WINDOWS\system32\srvany.exe
PRC - [2006/08/31 16:56:08 | 000,106,546 | ---- | M] () -- C:\pvsw\bin\w3dbsmgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/13 20:10:59 | 000,460,904 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\ppgooglenaclpluginchrome.dll
MOD - [2012/11/13 20:10:57 | 004,008,040 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\pdf.dll
MOD - [2012/11/13 20:10:12 | 000,587,880 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\libglesv2.dll
MOD - [2012/11/13 20:10:11 | 000,124,520 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\libegl.dll
MOD - [2012/11/13 20:10:04 | 000,157,304 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\avutil-51.dll
MOD - [2012/11/13 20:10:03 | 000,275,576 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\avformat-54.dll
MOD - [2012/11/13 20:10:02 | 002,168,952 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\avcodec-54.dll
MOD - [2012/11/08 13:32:26 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008/04/18 08:51:10 | 000,036,864 | ---- | M] () -- C:\Program Files\Daktronics\Venus 1500\SX32W.DLL
MOD - [2008/04/17 13:41:14 | 000,495,616 | ---- | M] () -- C:\Program Files\Daktronics\Venus 1500\V15Shell.exe
MOD - [2007/05/16 11:47:26 | 000,013,864 | R--- | M] () -- C:\WINDOWS\system32\srvany.exe
MOD - [2006/08/31 16:56:08 | 000,106,546 | ---- | M] () -- C:\pvsw\bin\w3dbsmgr.exe
MOD - [2006/08/31 16:56:06 | 000,155,698 | ---- | M] () -- C:\pvsw\bin\w3comsrv.dll


========== Services (SafeList) ==========

SRV - [2012/10/08 14:01:40 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/06 07:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Auto | Running] -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/07/21 06:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2009/08/17 15:40:54 | 000,079,168 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe -- (BPowMon)
SRV - [2008/03/21 06:42:00 | 000,204,920 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\Safenet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2008/03/21 00:20:10 | 000,327,800 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Safenet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2007/05/16 11:47:26 | 000,013,864 | R--- | M] () [Auto | Running] -- C:\WINDOWS\system32\srvany.exe -- (Pervasive.SQL Workgroup Engine)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\hpfxbulk.sys -- (HPEWSFXBULK)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/11/28 14:54:02 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{94831A4A-F8AF-48D0-BE8F-61AFB7FE1CC0}\MpKsl2f3201ce.sys -- (MpKsl2f3201ce)
DRV - [2009/09/11 14:45:48 | 005,911,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/08/03 23:18:54 | 000,213,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k)
DRV - [2008/08/05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/03/21 06:42:00 | 000,088,896 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2006/01/04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2003/11/30 20:54:20 | 000,043,136 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dell.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {BBA24045-343E-4F26-BD20-5079158A496F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BBA24045-343E-4F26-BD20-5079158A496F}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: http://dell.msn.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://dell.msn.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/11/28 14:52:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe (Sage Software SB, Inc.)
O4 - HKLM..\Run: [rshnen] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Roxann Jasper\Application Data\rshnen.dll",SetAttr File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Venus 1500 Shell.lnk = C:\Program Files\Daktronics\Venus 1500\V15Shell.exe ()
O4 - Startup: C:\Documents and Settings\Roxann Jasper\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.ma...are/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1345488118328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58258B13-72B8-414F-93E7-8F6E0BF45506}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/28 15:09:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Roxann Jasper\Desktop\OTL.exe
[2012/11/28 15:01:49 | 000,177,496 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\99516029.sys
[2012/11/28 14:52:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/28 13:26:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/11/28 10:54:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Roxann Jasper\Recent
[2012/11/08 13:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/11/08 13:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roxann Jasper\Application Data\OpenOffice.org
[2012/11/08 13:32:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.4.1
[2012/11/08 13:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012/11/02 08:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/11/02 08:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[1 C:\Documents and Settings\Roxann Jasper\Desktop\*.tmp files -> C:\Documents and Settings\Roxann Jasper\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/28 15:09:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roxann Jasper\Desktop\OTL.exe
[2012/11/28 15:03:53 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/11/28 15:01:49 | 000,177,496 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\99516029.sys
[2012/11/28 15:01:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/28 14:54:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/28 14:53:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/28 14:53:44 | 2110,574,592 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/28 14:53:44 | 000,311,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/28 14:52:38 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/11/28 13:13:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4005339946-3369753308-1103613962-1005UA.job
[2012/11/28 02:01:40 | 000,000,198 | ---- | M] () -- C:\WINDOWS\tasks\Wednesday.job
[2012/11/27 14:13:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4005339946-3369753308-1103613962-1005Core.job
[2012/11/27 01:12:54 | 000,000,828 | ---- | M] () -- C:\WINDOWS\tasks\Tuesday.job
[2012/11/26 20:14:57 | 000,002,346 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Desktop\Google Chrome.lnk
[2012/11/26 20:14:57 | 000,002,324 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/26 12:15:32 | 000,000,351 | ---- | M] () -- C:\WINDOWS\V15DisplayMgr.INI
[2012/11/26 09:07:09 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Desktop\Microsoft Office Word 2003.lnk
[2012/11/26 00:01:31 | 000,000,192 | ---- | M] () -- C:\WINDOWS\tasks\Monday.job
[2012/11/24 13:00:48 | 000,000,073 | ---- | M] () -- C:\WINDOWS\V15MsgStudio.INI
[2012/11/24 01:49:08 | 000,000,852 | ---- | M] () -- C:\WINDOWS\tasks\Weekly Full.job
[2012/11/23 02:02:08 | 000,000,192 | ---- | M] () -- C:\WINDOWS\tasks\Friday.job
[2012/11/22 01:13:34 | 000,000,834 | ---- | M] () -- C:\WINDOWS\tasks\Thursday.job
[2012/11/20 15:15:02 | 000,120,832 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\My Documents\Memorial Folder Keil,John.pub
[2012/11/20 09:45:30 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2012/11/15 08:26:58 | 000,467,830 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/15 08:26:57 | 000,080,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/15 08:26:26 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/11/08 13:33:18 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/11/06 14:51:35 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\My Documents\OpenBar.pub
[2012/11/04 02:45:15 | 000,000,838 | ---- | M] () -- C:\WINDOWS\tasks\Monthly.job
[2012/11/02 13:17:08 | 001,612,223 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Desktop\2012-11-02 14.13.59.jpg
[2012/11/02 08:14:45 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[1 C:\Documents and Settings\Roxann Jasper\Desktop\*.tmp files -> C:\Documents and Settings\Roxann Jasper\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/28 14:15:27 | 2110,574,592 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/19 10:52:00 | 000,120,832 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\My Documents\Memorial Folder Keil,John.pub
[2012/11/08 13:33:18 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/11/06 11:37:46 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\My Documents\OpenBar.pub
[2012/11/02 13:17:03 | 001,612,223 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\Desktop\2012-11-02 14.13.59.jpg
[2012/11/02 08:14:45 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2012/11/02 08:14:45 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2012/08/20 12:23:39 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2012/08/20 12:20:51 | 000,177,279 | ---- | C] () -- C:\WINDOWS\hppins11.dat
[2012/08/20 12:20:51 | 000,005,707 | ---- | C] () -- C:\WINDOWS\hppmdl11.dat
[2012/08/20 10:33:38 | 000,000,785 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2012/08/07 13:00:51 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/02 12:56:00 | 000,182,359 | ---- | C] () -- C:\WINDOWS\hppins11.dat.temp
[2012/08/02 12:56:00 | 000,005,828 | ---- | C] () -- C:\WINDOWS\hppmdl11.dat.temp
[2012/07/31 00:00:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\REG00001
[2012/07/24 00:00:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\REG00000
[2012/07/16 16:26:54 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2012/07/16 14:20:38 | 000,000,665 | ---- | C] () -- C:\WINDOWS\System32\hppapr11.dat
[2012/02/14 22:36:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== ZeroAccess Check ==========

[2010/10/22 02:01:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 10:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/10/20 10:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Daktronics
[2011/11/21 08:54:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Roxann Jasper\Application Data\6BB80D76
[2010/10/20 11:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roxann Jasper\Application Data\FileMaker
[2012/11/08 13:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roxann Jasper\Application Data\OpenOffice.org
[2010/11/11 14:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roxann Jasper\Application Data\Peachtree
[2010/12/20 15:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roxann Jasper\Application Data\W Photo Studio Viewer
[2010/09/13 08:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roxann Jasper\Application Data\Windows Desktop Search
[2010/10/20 10:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roxann Jasper\Application Data\Windows Search

========== Purity Check ==========



< End of report >

TDSS Killer Report:

15:01:48.0875 3160 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:01:49.0296 3160 ============================================================
15:01:49.0296 3160 Current date / time: 2012/11/28 15:01:49.0296
15:01:49.0296 3160 SystemInfo:
15:01:49.0296 3160
15:01:49.0296 3160 OS Version: 5.1.2600 ServicePack: 3.0
15:01:49.0296 3160 Product type: Workstation
15:01:49.0296 3160 ComputerName: UPSTAIRS
15:01:49.0296 3160 UserName: Roxann Jasper
15:01:49.0296 3160 Windows directory: C:\WINDOWS
15:01:49.0296 3160 System windows directory: C:\WINDOWS
15:01:49.0296 3160 Processor architecture: Intel x86
15:01:49.0296 3160 Number of processors: 2
15:01:49.0296 3160 Page size: 0x1000
15:01:49.0296 3160 Boot type: Normal boot
15:01:49.0296 3160 ============================================================
15:01:50.0906 3160 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:01:50.0906 3160 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:01:50.0906 3160 ============================================================
15:01:50.0906 3160 \Device\Harddisk0\DR0:
15:01:50.0906 3160 MBR partitions:
15:01:50.0906 3160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x129F1737
15:01:50.0906 3160 \Device\Harddisk1\DR1:
15:01:50.0906 3160 MBR partitions:
15:01:50.0906 3160 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
15:01:50.0906 3160 ============================================================
15:01:51.0000 3160 C: <-> \Device\Harddisk0\DR0\Partition1
15:01:51.0015 3160 Z: <-> \Device\Harddisk1\DR1\Partition1
15:01:51.0015 3160 ============================================================
15:01:51.0015 3160 Initialize success
15:01:51.0015 3160 ============================================================
15:02:21.0281 2772 ============================================================
15:02:21.0281 2772 Scan started
15:02:21.0281 2772 Mode: Manual; SigCheck; TDLFS;
15:02:21.0281 2772 ============================================================
15:02:21.0609 2772 ================ Scan system memory ========================
15:02:21.0609 2772 System memory - ok
15:02:21.0609 2772 ================ Scan services =============================
15:02:21.0765 2772 Abiosdsk - ok
15:02:21.0843 2772 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:02:22.0390 2772 abp480n5 - ok
15:02:22.0421 2772 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:02:22.0593 2772 ACPI - ok
15:02:22.0609 2772 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:02:22.0687 2772 ACPIEC - ok
15:02:22.0796 2772 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:02:22.0796 2772 AdobeFlashPlayerUpdateSvc - ok
15:02:22.0843 2772 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:02:22.0921 2772 adpu160m - ok
15:02:22.0968 2772 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:02:23.0031 2772 aec - ok
15:02:23.0093 2772 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:02:23.0156 2772 AFD - ok
15:02:23.0156 2772 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
15:02:23.0234 2772 agp440 - ok
15:02:23.0265 2772 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:02:23.0328 2772 agpCPQ - ok
15:02:23.0375 2772 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:02:23.0406 2772 Aha154x - ok
15:02:23.0406 2772 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:02:23.0484 2772 aic78u2 - ok
15:02:23.0500 2772 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:02:23.0562 2772 aic78xx - ok
15:02:23.0578 2772 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:02:23.0640 2772 Alerter - ok
15:02:23.0671 2772 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:02:23.0734 2772 ALG - ok
15:02:23.0765 2772 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
15:02:23.0828 2772 AliIde - ok
15:02:23.0828 2772 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:02:23.0890 2772 alim1541 - ok
15:02:23.0968 2772 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
15:02:24.0093 2772 Ambfilt - ok
15:02:24.0109 2772 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:02:24.0171 2772 amdagp - ok
15:02:24.0171 2772 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
15:02:24.0218 2772 amsint - ok
15:02:24.0250 2772 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:02:24.0296 2772 AppMgmt - ok
15:02:24.0296 2772 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
15:02:24.0359 2772 asc - ok
15:02:24.0375 2772 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:02:24.0390 2772 asc3350p - ok
15:02:24.0406 2772 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:02:24.0468 2772 asc3550 - ok
15:02:24.0593 2772 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:02:24.0593 2772 aspnet_state - ok
15:02:24.0609 2772 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:02:24.0687 2772 AsyncMac - ok
15:02:24.0718 2772 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:02:24.0781 2772 atapi - ok
15:02:24.0781 2772 Atdisk - ok
15:02:24.0796 2772 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:02:24.0859 2772 Atmarpc - ok
15:02:24.0906 2772 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:02:24.0984 2772 AudioSrv - ok
15:02:25.0015 2772 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:02:25.0109 2772 audstub - ok
15:02:25.0140 2772 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:02:25.0187 2772 Beep - ok
15:02:25.0250 2772 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
15:02:25.0343 2772 BITS - ok
15:02:25.0437 2772 [ 104C980400850EA84F86CD31AE2EEECE ] BPowMon C:\Program Files\Broadcom\BPowMon\BPowMon.exe
15:02:25.0437 2772 BPowMon - ok
15:02:25.0500 2772 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
15:02:25.0593 2772 Browser - ok
15:02:25.0625 2772 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:02:25.0718 2772 cbidf - ok
15:02:25.0718 2772 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:02:25.0781 2772 cbidf2k - ok
15:02:25.0812 2772 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:02:25.0843 2772 cd20xrnt - ok
15:02:25.0843 2772 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:02:25.0906 2772 Cdaudio - ok
15:02:25.0953 2772 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:02:26.0015 2772 Cdfs - ok
15:02:26.0062 2772 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:02:26.0125 2772 Cdrom - ok
15:02:26.0125 2772 Changer - ok
15:02:26.0171 2772 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:02:26.0250 2772 CiSvc - ok
15:02:26.0250 2772 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:02:26.0312 2772 ClipSrv - ok
15:02:26.0359 2772 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:02:26.0390 2772 clr_optimization_v2.0.50727_32 - ok
15:02:26.0421 2772 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:02:26.0484 2772 CmdIde - ok
15:02:26.0484 2772 COMSysApp - ok
15:02:26.0500 2772 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:02:26.0578 2772 Cpqarray - ok
15:02:26.0796 2772 [ 97558F429F8F09446AE51C1AA88C9B9B ] CrossLoopService C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
15:02:26.0812 2772 CrossLoopService - ok
15:02:26.0843 2772 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:02:26.0921 2772 CryptSvc - ok
15:02:26.0937 2772 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:02:27.0031 2772 dac2w2k - ok
15:02:27.0031 2772 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:02:27.0093 2772 dac960nt - ok
15:02:27.0140 2772 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:02:27.0234 2772 DcomLaunch - ok
15:02:27.0265 2772 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:02:27.0359 2772 Dhcp - ok
15:02:27.0375 2772 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:02:27.0453 2772 Disk - ok
15:02:27.0453 2772 dmadmin - ok
15:02:27.0468 2772 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:02:27.0609 2772 dmboot - ok
15:02:27.0609 2772 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:02:27.0687 2772 dmio - ok
15:02:27.0687 2772 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:02:27.0750 2772 dmload - ok
15:02:27.0781 2772 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:02:27.0875 2772 dmserver - ok
15:02:27.0937 2772 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:02:28.0031 2772 DMusic - ok
15:02:28.0062 2772 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:02:28.0125 2772 Dnscache - ok
15:02:28.0140 2772 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:02:28.0203 2772 Dot3svc - ok
15:02:28.0234 2772 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:02:28.0296 2772 dpti2o - ok
15:02:28.0296 2772 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:02:28.0359 2772 drmkaud - ok
15:02:28.0375 2772 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:02:28.0437 2772 EapHost - ok
15:02:28.0437 2772 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:02:28.0515 2772 ERSvc - ok
15:02:28.0562 2772 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:02:28.0578 2772 Eventlog - ok
15:02:28.0593 2772 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
15:02:28.0640 2772 EventSystem - ok
15:02:28.0640 2772 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:02:28.0718 2772 Fastfat - ok
15:02:28.0750 2772 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:02:28.0812 2772 FastUserSwitchingCompatibility - ok
15:02:28.0843 2772 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
15:02:28.0906 2772 Fax - ok
15:02:28.0937 2772 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
15:02:29.0031 2772 Fdc - ok
15:02:29.0062 2772 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:02:29.0125 2772 Fips - ok
15:02:29.0125 2772 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
15:02:29.0187 2772 Flpydisk - ok
15:02:29.0203 2772 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:02:29.0296 2772 FltMgr - ok
15:02:29.0375 2772 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:02:29.0390 2772 FontCache3.0.0.0 - ok
15:02:29.0390 2772 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:02:29.0484 2772 Fs_Rec - ok
15:02:29.0484 2772 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:02:29.0546 2772 Ftdisk - ok
15:02:29.0578 2772 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:02:29.0671 2772 Gpc - ok
15:02:29.0703 2772 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:02:29.0781 2772 HDAudBus - ok
15:02:29.0828 2772 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:02:29.0890 2772 helpsvc - ok
15:02:29.0921 2772 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
15:02:29.0984 2772 HidServ - ok
15:02:30.0015 2772 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:02:30.0078 2772 hidusb - ok
15:02:30.0093 2772 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:02:30.0171 2772 hkmsvc - ok
15:02:30.0171 2772 HPEWSFXBULK - ok
15:02:30.0171 2772 HPFXBULK - ok
15:02:30.0171 2772 HPFXFAX - ok
15:02:30.0203 2772 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
15:02:30.0265 2772 hpn - ok
15:02:30.0437 2772 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:02:30.0437 2772 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
15:02:30.0437 2772 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
15:02:30.0500 2772 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:02:30.0531 2772 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
15:02:30.0531 2772 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
15:02:30.0546 2772 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:02:30.0578 2772 HTTP - ok
15:02:30.0593 2772 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:02:30.0671 2772 HTTPFilter - ok
15:02:30.0703 2772 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
15:02:30.0796 2772 i2omgmt - ok
15:02:30.0875 2772 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:02:30.0937 2772 i2omp - ok
15:02:31.0109 2772 [ F2000DA794C580CE160B6C7B4001BCB9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:02:31.0375 2772 ialm - ok
15:02:31.0437 2772 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:02:31.0453 2772 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:02:31.0453 2772 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:02:31.0531 2772 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:02:31.0578 2772 idsvc - ok
15:02:31.0609 2772 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:02:31.0703 2772 Imapi - ok
15:02:31.0734 2772 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:02:31.0812 2772 ImapiService - ok
15:02:31.0843 2772 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:02:31.0937 2772 ini910u - ok
15:02:32.0109 2772 [ 8C130F62BEBE3FBAC8A0A1E42843D9A2 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:02:32.0250 2772 IntcAzAudAddService - ok
15:02:32.0296 2772 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:02:32.0359 2772 IntelIde - ok
15:02:32.0375 2772 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:02:32.0437 2772 intelppm - ok
15:02:32.0437 2772 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:02:32.0500 2772 Ip6Fw - ok
15:02:32.0500 2772 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:02:32.0593 2772 IpFilterDriver - ok
15:02:32.0593 2772 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:02:32.0656 2772 IpInIp - ok
15:02:32.0687 2772 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:02:32.0781 2772 IpNat - ok
15:02:32.0781 2772 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:02:32.0859 2772 IPSec - ok
15:02:32.0859 2772 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:02:32.0906 2772 IRENUM - ok
15:02:32.0937 2772 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:02:33.0015 2772 isapnp - ok
15:02:33.0156 2772 [ 1834C96FB1F9280BCF6DDFA6DE8338BF ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
15:02:33.0156 2772 JavaQuickStarterService - ok
15:02:33.0218 2772 [ 25F6915A8E38CD57D1C3D8EC662037BE ] k57w2k C:\WINDOWS\system32\DRIVERS\k57xp32.sys
15:02:33.0265 2772 k57w2k - ok
15:02:33.0296 2772 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:02:33.0390 2772 Kbdclass - ok
15:02:33.0390 2772 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:02:33.0453 2772 kbdhid - ok
15:02:33.0484 2772 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:02:33.0578 2772 kmixer - ok
15:02:33.0578 2772 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:02:33.0656 2772 KSecDD - ok
15:02:33.0687 2772 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
15:02:33.0750 2772 LanmanServer - ok
15:02:33.0765 2772 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:02:33.0812 2772 lanmanworkstation - ok
15:02:33.0812 2772 lbrtfdc - ok
15:02:33.0859 2772 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:02:33.0937 2772 LmHosts - ok
15:02:33.0984 2772 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:02:34.0046 2772 Messenger - ok
15:02:34.0078 2772 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:02:34.0171 2772 mnmdd - ok
15:02:34.0203 2772 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:02:34.0265 2772 mnmsrvc - ok
15:02:34.0296 2772 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:02:34.0359 2772 Modem - ok
15:02:34.0390 2772 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
15:02:34.0484 2772 Monfilt - ok
15:02:34.0515 2772 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:02:34.0578 2772 Mouclass - ok
15:02:34.0578 2772 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:02:34.0656 2772 mouhid - ok
15:02:34.0656 2772 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:02:34.0718 2772 MountMgr - ok
15:02:34.0750 2772 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:02:34.0765 2772 MpFilter - ok
15:02:34.0859 2772 [ A69630D039C38018689190234F866D77 ] MpKsl2f3201ce C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{94831A4A-F8AF-48D0-BE8F-61AFB7FE1CC0}\MpKsl2f3201ce.sys
15:02:34.0875 2772 MpKsl2f3201ce - ok
15:02:34.0875 2772 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:02:34.0937 2772 mraid35x - ok
15:02:34.0937 2772 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:02:35.0015 2772 MRxDAV - ok
15:02:35.0062 2772 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:02:35.0156 2772 MRxSmb - ok
15:02:35.0218 2772 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:02:35.0281 2772 MSDTC - ok
15:02:35.0281 2772 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:02:35.0359 2772 Msfs - ok
15:02:35.0359 2772 MSIServer - ok
15:02:35.0359 2772 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:02:35.0437 2772 MSKSSRV - ok
15:02:35.0531 2772 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
15:02:35.0546 2772 MsMpSvc - ok
15:02:35.0546 2772 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:02:35.0609 2772 MSPCLOCK - ok
15:02:35.0609 2772 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:02:35.0703 2772 MSPQM - ok
15:02:35.0718 2772 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:02:35.0812 2772 mssmbios - ok
15:02:35.0828 2772 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:02:35.0859 2772 Mup - ok
15:02:35.0890 2772 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:02:35.0968 2772 napagent - ok
15:02:36.0015 2772 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:02:36.0078 2772 NDIS - ok
15:02:36.0140 2772 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:02:36.0187 2772 NdisTapi - ok
15:02:36.0218 2772 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:02:36.0312 2772 Ndisuio - ok
15:02:36.0312 2772 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:02:36.0375 2772 NdisWan - ok
15:02:36.0421 2772 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:02:36.0484 2772 NDProxy - ok
15:02:36.0531 2772 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
15:02:36.0546 2772 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:02:36.0546 2772 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:02:36.0578 2772 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:02:36.0640 2772 NetBIOS - ok
15:02:36.0656 2772 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:02:36.0750 2772 NetBT - ok
15:02:36.0765 2772 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:02:36.0843 2772 NetDDE - ok
15:02:36.0843 2772 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:02:36.0906 2772 NetDDEdsdm - ok
15:02:36.0953 2772 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:02:37.0031 2772 Netlogon - ok
15:02:37.0062 2772 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:02:37.0156 2772 Netman - ok
15:02:37.0171 2772 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:02:37.0187 2772 NetTcpPortSharing - ok
15:02:37.0234 2772 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:02:37.0250 2772 Nla - ok
15:02:37.0296 2772 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:02:37.0359 2772 Npfs - ok
15:02:37.0421 2772 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:02:37.0484 2772 Ntfs - ok
15:02:37.0484 2772 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:02:37.0562 2772 NtLmSsp - ok
15:02:37.0578 2772 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:02:37.0640 2772 NtmsSvc - ok
15:02:37.0671 2772 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:02:37.0734 2772 Null - ok
15:02:37.0750 2772 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:02:37.0843 2772 NwlnkFlt - ok
15:02:37.0843 2772 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:02:37.0906 2772 NwlnkFwd - ok
15:02:37.0984 2772 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:02:38.0000 2772 ose - ok
15:02:38.0015 2772 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
15:02:38.0093 2772 Parport - ok
15:02:38.0093 2772 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:02:38.0156 2772 PartMgr - ok
15:02:38.0156 2772 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:02:38.0218 2772 ParVdm - ok
15:02:38.0218 2772 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:02:38.0296 2772 PCI - ok
15:02:38.0296 2772 PCIDump - ok
15:02:38.0296 2772 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:02:38.0359 2772 PCIIde - ok
15:02:38.0359 2772 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:02:38.0437 2772 Pcmcia - ok
15:02:38.0437 2772 PDCOMP - ok
15:02:38.0437 2772 PDFRAME - ok
15:02:38.0437 2772 PDRELI - ok
15:02:38.0437 2772 PDRFRAME - ok
15:02:38.0437 2772 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
15:02:38.0515 2772 perc2 - ok
15:02:38.0515 2772 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:02:38.0578 2772 perc2hib - ok
15:02:38.0625 2772 [ 51A2FAED17D1D5D4B7DF8DAC571AB40D ] Pervasive.SQL Workgroup Engine C:\WINDOWS\system32\srvany.exe
15:02:38.0625 2772 Pervasive.SQL Workgroup Engine - ok
15:02:38.0640 2772 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:02:38.0640 2772 PlugPlay - ok
15:02:38.0703 2772 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
15:02:38.0734 2772 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:02:38.0734 2772 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:02:38.0734 2772 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:02:38.0796 2772 PolicyAgent - ok
15:02:38.0828 2772 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:02:38.0890 2772 PptpMiniport - ok
15:02:38.0890 2772 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:02:38.0953 2772 ProtectedStorage - ok
15:02:38.0953 2772 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:02:39.0031 2772 PSched - ok
15:02:39.0031 2772 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:02:39.0093 2772 Ptilink - ok
15:02:39.0093 2772 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:02:39.0171 2772 ql1080 - ok
15:02:39.0203 2772 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:02:39.0265 2772 Ql10wnt - ok
15:02:39.0296 2772 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:02:39.0359 2772 ql12160 - ok
15:02:39.0359 2772 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:02:39.0437 2772 ql1240 - ok
15:02:39.0437 2772 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:02:39.0500 2772 ql1280 - ok
15:02:39.0531 2772 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:02:39.0593 2772 RasAcd - ok
15:02:39.0625 2772 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:02:39.0687 2772 RasAuto - ok
15:02:39.0703 2772 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:02:39.0765 2772 Rasl2tp - ok
15:02:39.0796 2772 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:02:39.0859 2772 RasMan - ok
15:02:39.0859 2772 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:02:39.0953 2772 RasPppoe - ok
15:02:39.0953 2772 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:02:40.0015 2772 Raspti - ok
15:02:40.0046 2772 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:02:40.0109 2772 Rdbss - ok
15:02:40.0125 2772 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:02:40.0187 2772 RDPCDD - ok
15:02:40.0203 2772 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:02:40.0265 2772 rdpdr - ok
15:02:40.0328 2772 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:02:40.0406 2772 RDPWD - ok
15:02:40.0421 2772 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:02:40.0500 2772 RDSessMgr - ok
15:02:40.0531 2772 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:02:40.0593 2772 redbook - ok
15:02:40.0640 2772 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:02:40.0703 2772 RemoteAccess - ok
15:02:40.0734 2772 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:02:40.0828 2772 RemoteRegistry - ok
15:02:40.0843 2772 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
15:02:40.0906 2772 RpcLocator - ok
15:02:40.0937 2772 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:02:40.0953 2772 RpcSs - ok
15:02:40.0984 2772 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:02:41.0046 2772 RSVP - ok
15:02:41.0078 2772 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:02:41.0140 2772 SamSs - ok
15:02:41.0140 2772 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:02:41.0234 2772 SCardSvr - ok
15:02:41.0265 2772 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:02:41.0328 2772 Schedule - ok
15:02:41.0359 2772 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:02:41.0406 2772 Secdrv - ok
15:02:41.0406 2772 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:02:41.0468 2772 seclogon - ok
15:02:41.0500 2772 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:02:41.0593 2772 SENS - ok
15:02:41.0640 2772 [ 618A8EB6C3A830B7301DF1DFD99854B2 ] Sentinel C:\WINDOWS\System32\Drivers\SENTINEL.SYS
15:02:41.0640 2772 Sentinel - ok
15:02:41.0718 2772 [ B1D1C13D2098FF438E78A48314D22C33 ] SentinelKeysServer C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
15:02:42.0125 2772 SentinelKeysServer - ok
15:02:42.0140 2772 [ 6D770691297C957EC10AB2B758603BA7 ] SentinelProtectionServer C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
15:02:42.0156 2772 SentinelProtectionServer - ok
15:02:42.0203 2772 [ E42F03D1081C4F60D3DB6C38235B1456 ] Ser2pl C:\WINDOWS\system32\DRIVERS\ser2pl.sys
15:02:42.0234 2772 Ser2pl ( UnsignedFile.Multi.Generic ) - warning
15:02:42.0234 2772 Ser2pl - detected UnsignedFile.Multi.Generic (1)
15:02:42.0265 2772 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:02:42.0328 2772 Serenum - ok
15:02:42.0343 2772 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:02:42.0437 2772 Serial - ok
15:02:42.0468 2772 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:02:42.0546 2772 Sfloppy - ok
15:02:42.0593 2772 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:02:42.0687 2772 SharedAccess - ok
15:02:42.0718 2772 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:02:42.0718 2772 ShellHWDetection - ok
15:02:42.0734 2772 Simbad - ok
15:02:42.0750 2772 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:02:42.0812 2772 sisagp - ok
15:02:42.0843 2772 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:02:42.0875 2772 Sparrow - ok
15:02:42.0937 2772 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:02:43.0000 2772 splitter - ok
15:02:43.0031 2772 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:02:43.0093 2772 Spooler - ok
15:02:43.0109 2772 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:02:43.0140 2772 sr - ok
15:02:43.0203 2772 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:02:43.0234 2772 srservice - ok
15:02:43.0265 2772 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:02:43.0296 2772 Srv - ok
15:02:43.0312 2772 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:02:43.0359 2772 SSDPSRV - ok
15:02:43.0406 2772 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:02:43.0468 2772 stisvc - ok
15:02:43.0515 2772 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:02:43.0609 2772 swenum - ok
15:02:43.0625 2772 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:02:43.0687 2772 swmidi - ok
15:02:43.0687 2772 SwPrv - ok
15:02:43.0718 2772 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
15:02:43.0781 2772 symc810 - ok
15:02:43.0781 2772 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:02:43.0859 2772 symc8xx - ok
15:02:43.0859 2772 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:02:43.0937 2772 sym_hi - ok
15:02:43.0937 2772 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:02:44.0000 2772 sym_u3 - ok
15:02:44.0031 2772 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:02:44.0125 2772 sysaudio - ok
15:02:44.0156 2772 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:02:44.0218 2772 SysmonLog - ok
15:02:44.0250 2772 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:02:44.0312 2772 TapiSrv - ok
15:02:44.0359 2772 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:02:44.0375 2772 Tcpip - ok
15:02:44.0390 2772 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:02:44.0437 2772 TDPIPE - ok
15:02:44.0453 2772 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:02:44.0515 2772 TDTCP - ok
15:02:44.0531 2772 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:02:44.0593 2772 TermDD - ok
15:02:44.0625 2772 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:02:44.0687 2772 TermService - ok
15:02:44.0703 2772 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:02:44.0703 2772 Themes - ok
15:02:44.0734 2772 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
15:02:44.0781 2772 TlntSvr - ok
15:02:44.0796 2772 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
15:02:44.0859 2772 TosIde - ok
15:02:44.0921 2772 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:02:45.0015 2772 TrkWks - ok
15:02:45.0046 2772 [ 7694DCA064D0B7E0D1A6972BB9C71B39 ] tvnserver C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\CrossLoop\tvnserver.exe
15:02:45.0171 2772 tvnserver ( UnsignedFile.Multi.Generic ) - warning
15:02:45.0171 2772 tvnserver - detected UnsignedFile.Multi.Generic (1)
15:02:45.0203 2772 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:02:45.0281 2772 Udfs - ok
15:02:45.0296 2772 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
15:02:45.0328 2772 ultra - ok
15:02:45.0375 2772 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:02:45.0437 2772 Update - ok
15:02:45.0484 2772 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:02:45.0546 2772 upnphost - ok
15:02:45.0562 2772 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:02:45.0640 2772 UPS - ok
15:02:45.0671 2772 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:02:45.0734 2772 usbccgp - ok
15:02:45.0781 2772 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:02:45.0812 2772 usbehci - ok
15:02:45.0828 2772 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:02:45.0906 2772 usbhub - ok
15:02:45.0906 2772 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:02:46.0000 2772 usbprint - ok
15:02:46.0031 2772 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:02:46.0156 2772 usbscan - ok
15:02:46.0171 2772 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:02:46.0234 2772 USBSTOR - ok
15:02:46.0265 2772 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:02:46.0343 2772 usbuhci - ok
15:02:46.0390 2772 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:02:46.0453 2772 VgaSave - ok
15:02:46.0468 2772 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:02:46.0546 2772 viaagp - ok
15:02:46.0578 2772 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
15:02:46.0656 2772 ViaIde - ok
15:02:46.0687 2772 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:02:46.0781 2772 VolSnap - ok
15:02:46.0828 2772 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:02:46.0859 2772 VSS - ok
15:02:46.0921 2772 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
15:02:46.0984 2772 w32time - ok
15:02:47.0015 2772 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:02:47.0093 2772 Wanarp - ok
15:02:47.0109 2772 WDICA - ok
15:02:47.0125 2772 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:02:47.0453 2772 wdmaud - ok
15:02:47.0484 2772 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:02:47.0546 2772 WebClient - ok
15:02:47.0640 2772 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:02:47.0734 2772 winmgmt - ok
15:02:47.0812 2772 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
15:02:47.0890 2772 WinRM - ok
15:02:47.0921 2772 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:02:47.0984 2772 WmdmPmSN - ok
15:02:48.0031 2772 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:02:48.0093 2772 Wmi - ok
15:02:48.0140 2772 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:02:48.0203 2772 WmiAcpi - ok
15:02:48.0250 2772 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:02:48.0343 2772 WmiApSrv - ok
15:02:48.0421 2772 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:02:48.0640 2772 WMPNetworkSvc - ok
15:02:48.0671 2772 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:02:48.0750 2772 wscsvc - ok
15:02:48.0765 2772 WSearch - ok
15:02:48.0781 2772 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:02:48.0843 2772 wuauserv - ok
15:02:48.0875 2772 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:02:48.0953 2772 WudfPf - ok
15:02:48.0968 2772 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:02:49.0015 2772 WudfRd - ok
15:02:49.0031 2772 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:02:49.0046 2772 WudfSvc - ok
15:02:49.0093 2772 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:02:49.0187 2772 WZCSVC - ok
15:02:49.0203 2772 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:02:49.0265 2772 xmlprov - ok
15:02:49.0265 2772 ================ Scan global ===============================
15:02:49.0312 2772 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:02:49.0375 2772 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:02:49.0375 2772 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:02:49.0390 2772 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:02:49.0390 2772 [Global] - ok
15:02:49.0390 2772 ================ Scan MBR ==================================
15:02:49.0406 2772 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
15:02:49.0656 2772 \Device\Harddisk0\DR0 - ok
15:02:49.0656 2772 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
15:02:49.0734 2772 \Device\Harddisk1\DR1 - ok
15:02:49.0734 2772 ================ Scan VBR ==================================
15:02:49.0734 2772 [ 17E6EB9D79D9D3C2A40CCB9251F410E1 ] \Device\Harddisk0\DR0\Partition1
15:02:49.0734 2772 \Device\Harddisk0\DR0\Partition1 - ok
15:02:49.0734 2772 [ DB9EEFD2D185DDAD7C391AA01973673E ] \Device\Harddisk1\DR1\Partition1
15:02:49.0734 2772 \Device\Harddisk1\DR1\Partition1 - ok
15:02:49.0734 2772 ============================================================
15:02:49.0734 2772 Scan finished
15:02:49.0734 2772 ============================================================
15:02:49.0859 2756 Detected object count: 7
15:02:49.0859 2756 Actual detected object count: 7
15:04:46.0453 2756 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:46.0453 2756 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:46.0453 2756 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:46.0453 2756 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:46.0453 2756 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:46.0453 2756 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:46.0453 2756 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:46.0453 2756 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:46.0453 2756 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:46.0453 2756 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:46.0453 2756 Ser2pl ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:46.0453 2756 Ser2pl ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:46.0453 2756 tvnserver ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:46.0453 2756 tvnserver ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that is the file killed now lets remove the run key.. Could you confirm that the alerts have ceased

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
O4 - HKLM..\Run: [rshnen] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Roxann Jasper\Application Data\rshnen.dll",SetAttr File not found


:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
scwatermann

scwatermann

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Nifty! Thanks and yes, the messages have stopped...no more threats popping up.

OTL logfile created on: 11/28/2012 4:25:02 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Roxann Jasper\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.97% Memory free
3.81 Gb Paging File | 3.21 Gb Available in Paging File | 84.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 125.39 Gb Free Space | 84.17% Space Free | Partition Type: NTFS
Drive P: | 232.77 Gb Total Space | 217.95 Gb Free Space | 93.64% Space Free | Partition Type: NTFS
Drive Z: | 298.09 Gb Total Space | 229.15 Gb Free Space | 76.87% Space Free | Partition Type: NTFS

Computer Name: UPSTAIRS | User Name: Roxann Jasper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/28 15:09:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roxann Jasper\Desktop\OTL.exe
PRC - [2012/11/13 20:11:00 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2012/01/06 07:35:22 | 000,569,072 | ---- | M] (CrossLoop) -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
PRC - [2009/08/17 15:40:54 | 000,079,168 | ---- | M] (Broadcom Corp.) -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe
PRC - [2008/04/17 13:41:14 | 000,495,616 | ---- | M] () -- C:\Program Files\Daktronics\Venus 1500\V15Shell.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/21 06:42:00 | 000,204,920 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\Safenet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2008/03/21 00:20:10 | 000,327,800 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\Safenet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2007/05/16 11:47:26 | 000,013,864 | R--- | M] () -- C:\WINDOWS\system32\srvany.exe
PRC - [2006/08/31 16:56:08 | 000,106,546 | ---- | M] () -- C:\pvsw\bin\w3dbsmgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/13 20:10:59 | 000,460,904 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\ppgooglenaclpluginchrome.dll
MOD - [2012/11/13 20:10:57 | 004,008,040 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\pdf.dll
MOD - [2012/11/13 20:10:12 | 000,587,880 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\libglesv2.dll
MOD - [2012/11/13 20:10:11 | 000,124,520 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\libegl.dll
MOD - [2012/11/13 20:10:04 | 000,157,304 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\avutil-51.dll
MOD - [2012/11/13 20:10:03 | 000,275,576 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\avformat-54.dll
MOD - [2012/11/13 20:10:02 | 002,168,952 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\avcodec-54.dll
MOD - [2012/11/08 13:32:26 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008/04/18 08:51:10 | 000,036,864 | ---- | M] () -- C:\Program Files\Daktronics\Venus 1500\SX32W.DLL
MOD - [2008/04/17 13:41:14 | 000,495,616 | ---- | M] () -- C:\Program Files\Daktronics\Venus 1500\V15Shell.exe
MOD - [2007/05/16 11:47:26 | 000,013,864 | R--- | M] () -- C:\WINDOWS\system32\srvany.exe
MOD - [2006/08/31 16:56:08 | 000,106,546 | ---- | M] () -- C:\pvsw\bin\w3dbsmgr.exe
MOD - [2006/08/31 16:56:06 | 000,155,698 | ---- | M] () -- C:\pvsw\bin\w3comsrv.dll


========== Services (SafeList) ==========

SRV - [2012/10/08 14:01:40 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/06 07:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Auto | Running] -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/07/21 06:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2009/08/17 15:40:54 | 000,079,168 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe -- (BPowMon)
SRV - [2008/03/21 06:42:00 | 000,204,920 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\Safenet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2008/03/21 00:20:10 | 000,327,800 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Safenet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2007/05/16 11:47:26 | 000,013,864 | R--- | M] () [Auto | Running] -- C:\WINDOWS\system32\srvany.exe -- (Pervasive.SQL Workgroup Engine)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\hpfxbulk.sys -- (HPEWSFXBULK)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/11/28 16:21:58 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{94831A4A-F8AF-48D0-BE8F-61AFB7FE1CC0}\MpKsled91f4cd.sys -- (MpKsled91f4cd)
DRV - [2009/09/11 14:45:48 | 005,911,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/08/03 23:18:54 | 000,213,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k)
DRV - [2008/08/05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/03/21 06:42:00 | 000,088,896 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2006/01/04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2003/11/30 20:54:20 | 000,043,136 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dell.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {BBA24045-343E-4F26-BD20-5079158A496F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BBA24045-343E-4F26-BD20-5079158A496F}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: http://dell.msn.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://dell.msn.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/11/28 16:20:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe (Sage Software SB, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Venus 1500 Shell.lnk = C:\Program Files\Daktronics\Venus 1500\V15Shell.exe ()
O4 - Startup: C:\Documents and Settings\Roxann Jasper\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.ma...are/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1345488118328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58258B13-72B8-414F-93E7-8F6E0BF45506}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/28 15:09:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Roxann Jasper\Desktop\OTL.exe
[2012/11/28 15:01:49 | 000,177,496 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\99516029.sys
[2012/11/28 14:52:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/28 13:26:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/11/28 10:54:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Roxann Jasper\Recent
[2012/11/08 13:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/11/08 13:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roxann Jasper\Application Data\OpenOffice.org
[2012/11/08 13:32:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.4.1
[2012/11/08 13:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012/11/02 08:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/11/02 08:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[1 C:\Documents and Settings\Roxann Jasper\Desktop\*.tmp files -> C:\Documents and Settings\Roxann Jasper\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/28 16:22:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/28 16:21:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/28 16:21:40 | 2110,574,592 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/28 16:20:33 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/11/28 16:13:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4005339946-3369753308-1103613962-1005UA.job
[2012/11/28 16:01:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/28 15:09:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roxann Jasper\Desktop\OTL.exe
[2012/11/28 15:03:53 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/11/28 15:01:49 | 000,177,496 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\99516029.sys
[2012/11/28 14:53:44 | 000,311,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/28 02:01:40 | 000,000,198 | ---- | M] () -- C:\WINDOWS\tasks\Wednesday.job
[2012/11/27 14:13:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4005339946-3369753308-1103613962-1005Core.job
[2012/11/27 01:12:54 | 000,000,828 | ---- | M] () -- C:\WINDOWS\tasks\Tuesday.job
[2012/11/26 20:14:57 | 000,002,346 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Desktop\Google Chrome.lnk
[2012/11/26 20:14:57 | 000,002,324 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/26 12:15:32 | 000,000,351 | ---- | M] () -- C:\WINDOWS\V15DisplayMgr.INI
[2012/11/26 09:07:09 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Desktop\Microsoft Office Word 2003.lnk
[2012/11/26 00:01:31 | 000,000,192 | ---- | M] () -- C:\WINDOWS\tasks\Monday.job
[2012/11/24 13:00:48 | 000,000,073 | ---- | M] () -- C:\WINDOWS\V15MsgStudio.INI
[2012/11/24 01:49:08 | 000,000,852 | ---- | M] () -- C:\WINDOWS\tasks\Weekly Full.job
[2012/11/23 02:02:08 | 000,000,192 | ---- | M] () -- C:\WINDOWS\tasks\Friday.job
[2012/11/22 01:13:34 | 000,000,834 | ---- | M] () -- C:\WINDOWS\tasks\Thursday.job
[2012/11/20 15:15:02 | 000,120,832 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\My Documents\Memorial Folder Keil,John.pub
[2012/11/20 09:45:30 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2012/11/15 08:26:58 | 000,467,830 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/15 08:26:57 | 000,080,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/15 08:26:26 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/11/08 13:33:18 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/11/06 14:51:35 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\My Documents\OpenBar.pub
[2012/11/04 02:45:15 | 000,000,838 | ---- | M] () -- C:\WINDOWS\tasks\Monthly.job
[2012/11/02 13:17:08 | 001,612,223 | ---- | M] () -- C:\Documents and Settings\Roxann Jasper\Desktop\2012-11-02 14.13.59.jpg
[2012/11/02 08:14:45 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[1 C:\Documents and Settings\Roxann Jasper\Desktop\*.tmp files -> C:\Documents and Settings\Roxann Jasper\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/28 14:15:27 | 2110,574,592 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/19 10:52:00 | 000,120,832 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\My Documents\Memorial Folder Keil,John.pub
[2012/11/08 13:33:18 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/11/06 11:37:46 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\My Documents\OpenBar.pub
[2012/11/02 13:17:03 | 001,612,223 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\Desktop\2012-11-02 14.13.59.jpg
[2012/11/02 08:14:45 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2012/11/02 08:14:45 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2012/08/20 12:23:39 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2012/08/20 12:20:51 | 000,177,279 | ---- | C] () -- C:\WINDOWS\hppins11.dat
[2012/08/20 12:20:51 | 000,005,707 | ---- | C] () -- C:\WINDOWS\hppmdl11.dat
[2012/08/20 10:33:38 | 000,000,785 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2012/08/07 13:00:51 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/02 12:56:00 | 000,182,359 | ---- | C] () -- C:\WINDOWS\hppins11.dat.temp
[2012/08/02 12:56:00 | 000,005,828 | ---- | C] () -- C:\WINDOWS\hppmdl11.dat.temp
[2012/07/31 00:00:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\REG00001
[2012/07/24 00:00:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Roxann Jasper\REG00000
[2012/07/16 16:26:54 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2012/07/16 14:20:38 | 000,000,665 | ---- | C] () -- C:\WINDOWS\System32\hppapr11.dat
[2012/02/14 22:36:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== ZeroAccess Check ==========

[2010/10/22 02:01:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 10:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/10/20 10:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Daktronics
[2011/11/21 08:54:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Roxann Jasper\Application Data\6BB80D76
[2010/10/20 11:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roxann Jasper\Application Data\FileMaker
[2012/11/08 13:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roxann Jasper\Application Data\OpenOffice.org
[2010/11/11 14:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roxann Jasper\Application Data\Peachtree
[2010/12/20 15:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roxann Jasper\Application Data\W Photo Studio Viewer
[2010/09/13 08:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roxann Jasper\Application Data\Windows Desktop Search
[2010/10/20 10:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roxann Jasper\Application Data\Windows Search

========== Purity Check ==========



< End of report >
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A quick sweep for orphans I feel

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#7
scwatermann

scwatermann

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I have MBAM on here already, is it ok to use it or do I need to un-install and re-download?
Thanks
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No just update and run please :blush:
  • 0

#9
scwatermann

scwatermann

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Groovy! Nothing found. Thanks so very much for your wonderful help!
  • 0

#10
scwatermann

scwatermann

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.28.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Roxann Jasper :: UPSTAIRS [administrator]

11/28/2012 4:45:05 PM
mbam-log-2012-11-28 (16-45-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238135
Time elapsed: 2 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#12
scwatermann

scwatermann

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you again for all your help, your directions were easy to understand and follow, and made this process so much easier! Have a wonderful day!
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure :)
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP