Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Mal/spy ware may be causing limited/no computer response [Solved]


  • This topic is locked This topic is locked

#1
whittakerjr

whittakerjr

    Member

  • Member
  • PipPip
  • 79 posts
Mal/spy ware may be causing limited/no computer response

My co-work has an emachine running XP home SP 2. She has cable internet service. She called me over to assist with her machine running extremely slow. Boy was she not kidding. The screen refresh takes 15 seconds to nearly three minutes if a window is moved. Software that is installed take 3 to 15 minutes before you see them launch.

I tried to run Malware (it was already on the computer) and during the update failed with a notice of missing/incorrectly installed. A new installation did not work either.
I have gone in and tried to turn off all the software that starts up, (msconfig, Diagnostic Startup)

Still I think the computer is acting the same. I am not able to read a CD to try to installing a new Antivirus program, or anything that I have used as tools I have been given over the years. Downloading support files from Cnet or other sites did not happen.

I ran OTL from scr as none of the others worked when I tied to click on it. It has taken me a week to get the OTL file to a computer I could append here. USB was not read, and all the e-mail services (AOL, Yahoo) timed out as I tried to send to my own home accounts Oh, the connection to web sites is a hit and miss with GeekstoGo, I was not able to get the OTL file open to paste here. I hope I gave you enough basic information to assist you.

Here is the OTL:
OTL logfile created on: 4/4/2012 7:22:43 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Joanne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

126.48 Mb Total Physical Memory | 13.08 Mb Available Physical Memory | 10.34% Memory free
397.36 Mb Paging File | 75.76 Mb Available in Paging File | 19.07% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 9.30 Gb Free Space | 49.89% Space Free | Partition Type: NTFS

Computer Name: YOUR-VIU5VCDUB5 | User Name: Joanne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/04 19:19:05 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joanne\Desktop\OTL.scr
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/05 16:37:55 | 000,123,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton PC Checkup\Engine\2.0.8.5\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2001/08/17 15:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\Free Ride Games\X4HS32Ex.Sys -- (X4HS32Ex)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | Disabled | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - [2012/03/28 19:31:44 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/10/17 19:28:11 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/10/17 19:28:10 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 22:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/10/01 16:28:39 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2001/08/17 12:11:02 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xnd5.sys -- (EL90X)
DRV - [2001/08/17 07:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 06:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 06:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 06:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 06:28:12 | 000,128,286 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserli.sys -- (Ptserli)
DRV - [2001/08/08 13:13:36 | 000,158,140 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 13:13:30 | 000,012,479 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 13:13:30 | 000,012,031 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 13:13:30 | 000,011,679 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 13:13:28 | 000,019,359 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 13:13:28 | 000,011,999 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 13:13:26 | 000,033,503 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 13:13:24 | 000,029,215 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 13:13:24 | 000,023,519 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 13:13:24 | 000,019,199 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2001/03/15 20:14:50 | 000,587,064 | ---- | M] (Xirlink, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\C-itNT.sys -- (XIRLINK)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60295
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {a17cc547-016c-4a35-a95b-de64acafa170}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKLM\..\SearchScopes\{32564CED-2EF8-466A-900C-38D268CF8C4A}: "URL" = http://ws.infospace....w={searchTerms}
IE - HKLM\..\SearchScopes\{a17cc547-016c-4a35-a95b-de64acafa170}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {a17cc547-016c-4a35-a95b-de64acafa170}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.c...rms}&tbid=60295
IE - HKCU\..\SearchScopes\{32564CED-2EF8-466A-900C-38D268CF8C4A}: "URL" = http://ws.infospace....w={searchTerms}
IE - HKCU\..\SearchScopes\{431D150E-2BF3-41E3-AA58-D59B03D30C3A}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7ADBS
IE - HKCU\..\SearchScopes\{a17cc547-016c-4a35-a95b-de64acafa170}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1320680
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...d=80015language
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-tyc8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.7.1: C:\Documents and Settings\Joanne\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll (Yahoo! Inc.)


[2010/02/11 20:49:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joanne\Application Data\Mozilla\Extensions
[2009/02/14 17:02:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joanne\Application Data\Mozilla\Firefox\extensions
[2009/02/14 17:02:42 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Joanne\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2001/08/18 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10s_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FunWebProducts; GTB5)" -"http://global.iwon.c...548&browser=IE" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2012/04/04 17:34:19 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Joanne\Start Menu\Programs\Startup\AutorunsDisabled [2012/04/04 17:34:22 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra Button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1212602791373 (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1212604813639 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valu...018/flashax.cab (FlashXControl Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{025E6AE0-6844-4B5D-9434-AD480C625432}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\Documents and Settings\Joanne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joanne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/10/01 16:19:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/04 19:19:50 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joanne\Desktop\OTL.com
[2012/04/04 19:19:01 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joanne\Desktop\OTL.scr
[2012/04/04 19:13:19 | 000,000,000 | ---D | C] -- C:\Joseph
[2012/04/04 17:34:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Joanne\Start Menu\Programs\Startup\AutorunsDisabled
[2012/04/04 17:34:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
[2012/03/28 19:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/03/05 20:59:18 | 000,000,000 | ---D | C] -- C:\1ca4faf50f318b344b9585925e

========== Files - Modified Within 30 Days ==========

[2012/04/04 19:19:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joanne\Desktop\OTL.com
[2012/04/04 19:19:05 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joanne\Desktop\OTL.scr
[2012/04/04 18:42:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/04 18:42:47 | 132,698,112 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/04 18:42:47 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/04 18:40:00 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/04 17:42:28 | 001,341,842 | ---- | M] () -- C:\Documents and Settings\Joanne\My Documents\AutoRuns.arn
[2012/04/04 17:14:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/28 21:22:55 | 000,534,483 | ---- | M] () -- C:\Documents and Settings\Joanne\Desktop\AutoRuns.zip
[2012/03/28 20:50:42 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Joanne\Desktop\Shortcut to Set Program Access and Defaults.lnk
[2012/03/28 20:36:57 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/03/28 19:31:44 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/03/28 18:47:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/28 17:32:29 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/28 17:32:29 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/04/04 17:41:53 | 001,341,842 | ---- | C] () -- C:\Documents and Settings\Joanne\My Documents\AutoRuns.arn
[2012/03/28 21:22:38 | 000,534,483 | ---- | C] () -- C:\Documents and Settings\Joanne\Desktop\AutoRuns.zip
[2012/03/28 20:50:10 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Joanne\Desktop\Shortcut to Set Program Access and Defaults.lnk
[2012/03/28 18:47:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/20 18:54:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== LOP Check ==========

[2009/12/04 22:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2010/02/23 22:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2008/06/18 21:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008/12/13 00:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/12/13 00:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2009/07/30 15:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/12/04 22:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/30 15:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/08/10 20:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanne\Application Data\Documents and Settings
[2009/12/04 22:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanne\Application Data\EA
[2011/01/15 21:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanne\Application Data\FCTB000060231
[2001/10/01 16:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanne\Application Data\InterTrust
[2010/08/22 21:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanne\Application Data\Paltalk
[2009/07/30 15:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanne\Application Data\PlayFirst
[2011/05/07 23:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanne\Application Data\Tific
[2008/11/25 13:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanne\Application Data\VTExtra
[2009/11/30 16:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanne\Application Data\Zylom

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 2972 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DF79F4B

< End of report >
  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, whittakerjr! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.






If any of these steps do not work please come back and tell me what is happening.

Step 1.

Please download the following files to your desktop.

Rkill.scr

RogueKiller.exe, save as: winlogon.com

OTL.scr

aswMBR.exe


Step 2.

Double click rkill.scr, if it does not work the first time, try it several times.
Once it runs successfully go to winlogon.com

  • Quit all programs
  • Start winlogon.com.
  • Wait until Prescan has finished ...
  • Click on the Scan button Step 1 in the picture.
  • Note: If RogueKiller will not run please try it several times, if it still does not run rename it winlogon.com and try it several times.
Posted Image
  • Wait for the end of the scan.
  • The first report will be created on the desktop.
  • Click on the Delete button step 2 in the picture.
  • The second report will be created on the desktop.
  • Next click on ShortcutsFix step 3 in the picture.
  • The third report will be created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.


Step 3.

Copy aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 4.

  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    C:\windows\*. /RP /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 5.

Please post:

All the RKreport.txt files
aswMBR.txt
OTL.txt
Extras.txt


How is the computer performing now?
  • 0

#3
whittakerjr

whittakerjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
The directions went smoothly, I did run into a notice that aswMRR AVast engine error: 1455 but things continued without me interfacing with the computer.

Here are the files

RogueKiller V7.4.1 [05/02/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Joanne [Admin rights]
Mode: Scan -- Date: 05/02/2012 19:00:56

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST320410A +++++
--- User ---
[MBR] 5dbd04155ec1d25477ab7a5383451e31
[BSP] c20359961bf24195fde9cacb842c2611 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 19085 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt




RogueKiller V7.4.1 [05/02/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Joanne [Admin rights]
Mode: Remove -- Date: 05/02/2012 19:07:42

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST320410A +++++
--- User ---
[MBR] 5dbd04155ec1d25477ab7a5383451e31
[BSP] c20359961bf24195fde9cacb842c2611 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 19085 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V7.4.1 [05/02/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Joanne [Admin rights]
Mode: Shortcuts HJfix -- Date: 05/02/2012 19:43:53

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 26 / Fail 0
Start menu: Success 2 / Fail 0
User folder: Success 59 / Fail 0
My documents: Success 77 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1020 / Fail 0
Backup: [NOT FOUND]

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-02 19:50:51
-----------------------------
19:50:51.253 OS Version: Windows 5.1.2600 Service Pack 3
19:50:51.253 Number of processors: 1 586 0x80A
19:50:51.347 ComputerName: YOUR-VIU5VCDUB5 UserName: Joanne
19:51:11.097 Initialize success
20:07:50.115 AVAST engine error: 1455
20:09:09.036 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:09:09.396 Disk 0 Vendor: ST320410A 3.34 Size: 19092MB BusType: 3
20:09:09.458 Disk 0 MBR read successfully
20:09:09.458 Disk 0 MBR scan
20:09:09.458 Disk 0 unknown MBR code
20:09:09.474 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 19085 MB offset 63
20:09:09.474 Disk 0 scanning sectors +39086145
20:09:09.989 Disk 0 scanning C:\WINDOWS\system32\drivers
20:09:35.786 Service scanning
20:10:24.801 Modules scanning
20:14:18.860 Disk 0 trace - called modules:
20:14:18.876 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
20:14:18.892 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x812999c0]
20:14:19.063 3 CLASSPNP.SYS[fc561fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81297b58]
20:14:19.079 Scan finished successfully
20:15:59.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Joanne\Desktop\MBR.dat"
20:15:59.547 The log file has been saved successfully to "C:\Documents and Settings\Joanne\Desktop\aswMBR.txt"




OTL logfile created on: 5/2/2012 8:27:58 PM - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Joanne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

126.48 Mb Total Physical Memory | 18.26 Mb Available Physical Memory | 14.44% Memory free
498.36 Mb Paging File | 223.84 Mb Available in Paging File | 44.92% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 8.78 Gb Free Space | 47.13% Space Free | Partition Type: NTFS

Computer Name: YOUR-VIU5VCDUB5 | User Name: Joanne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/02 17:58:30 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joanne\Desktop\OTL.scr
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/05 16:37:55 | 000,123,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton PC Checkup\Engine\2.0.8.5\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2001/08/17 15:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\Free Ride Games\X4HS32Ex.Sys -- (X4HS32Ex)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | Disabled | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Joanne\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/05/02 18:26:54 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/10/17 19:28:11 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/10/17 19:28:10 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 22:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/10/01 16:28:39 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2001/08/17 12:11:02 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xnd5.sys -- (EL90X)
DRV - [2001/08/17 07:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 06:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 06:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 06:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 06:28:12 | 000,128,286 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserli.sys -- (Ptserli)
DRV - [2001/08/08 13:13:36 | 000,158,140 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 13:13:30 | 000,012,479 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 13:13:30 | 000,012,031 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 13:13:30 | 000,011,679 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 13:13:28 | 000,019,359 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 13:13:28 | 000,011,999 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 13:13:26 | 000,033,503 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 13:13:24 | 000,029,215 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 13:13:24 | 000,023,519 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 13:13:24 | 000,019,199 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2001/03/15 20:14:50 | 000,587,064 | ---- | M] (Xirlink, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\C-itNT.sys -- (XIRLINK)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60295
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {a17cc547-016c-4a35-a95b-de64acafa170}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKLM\..\SearchScopes\{32564CED-2EF8-466A-900C-38D268CF8C4A}: "URL" = http://ws.infospace....w={searchTerms}
IE - HKLM\..\SearchScopes\{a17cc547-016c-4a35-a95b-de64acafa170}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.e4me.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\.DEFAULT\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.e4me.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\S-1-5-18\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http:/www.google.com/ie
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.e4me.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\S-1-5-19\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http:/www.google.com/ie
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.e4me.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\S-1-5-20\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\..\SearchScopes,DefaultScope = {a17cc547-016c-4a35-a95b-de64acafa170}
IE - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.c...rms}&tbid=60295
IE - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\..\SearchScopes\{32564CED-2EF8-466A-900C-38D268CF8C4A}: "URL" = http://ws.infospace....w={searchTerms}
IE - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\..\SearchScopes\{431D150E-2BF3-41E3-AA58-D59B03D30C3A}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7ADBS
IE - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\..\SearchScopes\{a17cc547-016c-4a35-a95b-de64acafa170}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1320680
IE - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...d=80015language
IE - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1
IE - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-tyc8
IE - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.7.1: C:\Documents and Settings\Joanne\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll (Yahoo! Inc.)


[2010/02/11 20:49:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joanne\Application Data\Mozilla\Extensions
[2009/02/14 17:02:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joanne\Application Data\Mozilla\Firefox\extensions
[2009/02/14 17:02:42 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Joanne\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2001/08/18 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" File not found
O4 - HKU\S-1-5-18..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" File not found
O4 - HKU\S-1-5-19..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" File not found
O4 - HKU\S-1-5-20..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" File not found
O4 - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FunWebProducts; GTB5)" -"http://global.iwon.c...548&browser=IE" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2012/04/04 17:34:19 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Joanne\Start Menu\Programs\Startup\AutorunsDisabled [2012/04/04 17:34:22 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra Button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1212602791373 (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1212604813639 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valu...018/flashax.cab (FlashXControl Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{025E6AE0-6844-4B5D-9434-AD480C625432}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\Documents and Settings\Joanne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joanne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/10/01 16:19:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056

========== Files/Folders - Created Within 30 Days ==========

[2012/05/02 18:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joanne\Desktop\RK_Quarantine
[2012/05/02 18:10:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\PIF
[2012/05/02 17:59:21 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Joanne\Desktop\aswMBR.exe
[2012/05/02 17:58:28 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joanne\Desktop\OTL.scr
[2012/04/04 19:13:19 | 000,000,000 | ---D | C] -- C:\Joseph
[2012/04/04 17:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joanne\Start Menu\Programs\Startup\AutorunsDisabled
[2012/04/04 17:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled

========== Files - Modified Within 30 Days ==========

[2012/05/02 20:15:59 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Joanne\Desktop\MBR.dat
[2012/05/02 18:50:22 | 001,416,704 | ---- | M] () -- C:\Documents and Settings\Joanne\Desktop\RogueKiller.exe
[2012/05/02 18:26:54 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/02 18:22:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/02 18:22:41 | 132,698,112 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/02 17:59:21 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Joanne\Desktop\aswMBR.exe
[2012/05/02 17:58:30 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joanne\Desktop\OTL.scr
[2012/05/02 17:57:06 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Joanne\Desktop\rkill.scr
[2012/05/02 16:28:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/18 17:29:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/13 19:06:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/13 17:06:48 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Joanne\Local Settings\Application Data\housecall.guid.cache
[2012/04/04 18:42:47 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/04 17:42:28 | 001,341,842 | ---- | M] () -- C:\Documents and Settings\Joanne\My Documents\AutoRuns.arn
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/05/02 20:15:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Joanne\Desktop\MBR.dat
[2012/05/02 18:50:10 | 001,416,704 | ---- | C] () -- C:\Documents and Settings\Joanne\Desktop\RogueKiller.exe
[2012/05/02 17:56:56 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Joanne\Desktop\rkill.scr
[2012/04/13 17:06:48 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Joanne\Local Settings\Application Data\housecall.guid.cache
[2012/04/08 17:27:40 | 000,152,162 | ---- | C] () -- C:\Documents and Settings\Joanne\My Documents\powersuite.PDF
[2012/04/04 17:41:53 | 001,341,842 | ---- | C] () -- C:\Documents and Settings\Joanne\My Documents\AutoRuns.arn
[2012/02/20 18:54:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== LOP Check ==========

[2009/12/04 22:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2010/02/23 22:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2008/06/18 21:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008/12/13 00:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/12/13 00:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2009/07/30 15:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/12/04 22:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/30 15:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2001/10/01 16:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2009/08/10 20:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanne\Application Data\Documents and Settings
[2009/12/04 22:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanne\Application Data\EA
[2011/01/15 21:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanne\Application Data\FCTB000060231
[2001/10/01 16:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanne\Application Data\InterTrust
[2010/08/22 21:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanne\Application Data\Paltalk
[2009/07/30 15:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanne\Application Data\PlayFirst
[2011/05/07 23:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanne\Application Data\Tific
[2008/11/25 13:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanne\Application Data\VTExtra
[2009/11/30 16:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanne\Application Data\Zylom
[2001/10/01 16:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2001/10/01 16:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\InterTrust

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2005/08/04 11:16:36 | 001,103,367 | R--- | M] (McAfee Inc.) -- C:\stinger.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = System32\DRIVERS\netbt.sys -- [2008/04/13 12:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{025E6AE0-6844-4B5D-9434-AD480C625432}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{32485E46-9D59-4AAA-A55E-93C28C098133}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3D0C3CB7-F406-4669-B099-71AA805BE9FE}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{73716DDA-FCE6-424E-B691-B366C04563AC}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{C49D6F97-44FE-4948-BE09-749EB0A55E7C}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIO /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2001/08/09 18:19:04 | 000,045,122 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 05:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 05:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 05:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/02/29 04:01:00 | 000,634,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/08/18 05:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2001/08/09 18:19:04 | 000,045,122 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 05:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 05:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 05:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/02/29 04:01:00 | 000,634,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/08/18 05:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hid /c >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: YOUR-VIU5VCDUB5
Microsoft DiskPart syntax:
diskpart [/s <script>] [/?]
/s <script> - Use a DiskPart script.
/? - Show this help screen.

========== Alternate Data Streams ==========

@Alternate Data Stream - 2972 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DF79F4B

< End of report >


OTL Extras logfile created on: 5/2/2012 8:27:58 PM - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Joanne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

126.48 Mb Total Physical Memory | 18.26 Mb Available Physical Memory | 14.44% Memory free
498.36 Mb Paging File | 223.84 Mb Available in Paging File | 44.92% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 8.78 Gb Free Space | 47.13% Space Free | Partition Type: NTFS

Computer Name: YOUR-VIU5VCDUB5 | User Name: Joanne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Paltalk Messenger\paltalk.exe" = C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene -- (AVM Software Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Dogpile Bundle Toolbar\TroubleShooter.exe" = C:\Program Files\Dogpile Bundle Toolbar\TroubleShooter.exe:*:Enabled:Dogpile Bundle Toolbar (Helper) -- (FreeCause Inc.)
"C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe" = C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe:*:Enabled:Dogpile Bundle Toolbar (Update) -- (FreeCause Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{21718CD7-9DD5-40C4-A08C-95CE817C7362}" = SilverDollar Multi Casino
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 26
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{817662b3-3cff-40a0-97ac-1dc3bc0f14d7}" = WinPalace
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EF1FB4F-5C75-4B9E-B55E-061465DD05E0}" = GoldenCasino
"{C2BBED5D-079B-4653-A9AC-F32A531074BA}" = SuperslotsCasino
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"America Online us" = America Online
"Ask Toolbar_is1" = Ask Toolbar
"AskPBar Uninstall" = Ask Toolbar
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"Dogpile Bundle Toolbar" = Dogpile Bundle Toolbar
"ERUNT_is1" = ERUNT 1.1j
"Gourmania Deluxe" = Gourmania Deluxe
"Hotel Solitaire Deluxe" = Hotel Solitaire Deluxe
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft Press Interactive Training" = Microsoft Press Interactive Training
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSMONEYV80" = Microsoft Money 2000 Standard Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NortonPCCheckup" = Norton PC Checkup
"PalTalk8.2" = Paltalk Messenger
"Playsushi" = PlaySushi
"Rainforest Adventure Deluxe" = Rainforest Adventure Deluxe
"RealPlayer 6.0" = RealPlayer Basic
"Super Collapse! 3 Deluxe" = Super Collapse! 3 Deluxe
"Super Collapse! Puzzle Gallery 4" = Super Collapse! Puzzle Gallery 4
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2136417557-4210259494-4108073714-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/28/2011 11:02:22 PM | Computer Name = YOUR-VIU5VCDUB5 | Source = Application Hang | ID = 1002
Description = Hanging application paltalk.exe, version 10.106.4634.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2011 11:02:22 PM | Computer Name = YOUR-VIU5VCDUB5 | Source = Application Hang | ID = 1002
Description = Hanging application paltalk.exe, version 10.106.4634.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2011 11:08:46 PM | Computer Name = YOUR-VIU5VCDUB5 | Source = Application Hang | ID = 1001
Description = Fault bucket -1889400607.

Error - 5/28/2011 11:08:46 PM | Computer Name = YOUR-VIU5VCDUB5 | Source = Application Hang | ID = 1001
Description = Fault bucket -1889400607.

Error - 5/28/2011 11:08:46 PM | Computer Name = YOUR-VIU5VCDUB5 | Source = Application Hang | ID = 1001
Description = Fault bucket -1889400607.

Error - 6/4/2011 7:01:43 PM | Computer Name = YOUR-VIU5VCDUB5 | Source = Application Hang | ID = 1002
Description = Hanging application paltalk.exe, version 10.106.4634.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/4/2011 10:09:38 PM | Computer Name = YOUR-VIU5VCDUB5 | Source = Application Hang | ID = 1001
Description = Fault bucket -1889400607.

Error - 6/25/2011 11:43:32 PM | Computer Name = YOUR-VIU5VCDUB5 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/30/2011 7:46:05 PM | Computer Name = YOUR-VIU5VCDUB5 | Source = TestWorker | ID = 131073
Description =

Error - 7/30/2011 7:54:01 PM | Computer Name = YOUR-VIU5VCDUB5 | Source = Application Error | ID = 1000
Description = Faulting application hsplayer.exe, version 10.7.1.9, faulting module
unknown, version 0.0.0.0, fault address 0x02cd8f1b.

[ System Events ]
Error - 4/11/2012 8:29:00 PM | Computer Name = YOUR-VIU5VCDUB5 | Source = PSched | ID = 14103
Description = QoS [Adapter {025E6AE0-6844-4B5D-9434-AD480C625432}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 4/11/2012 8:31:02 PM | Computer Name = YOUR-VIU5VCDUB5 | Source = PSched | ID = 14103
Description = QoS [Adapter {025E6AE0-6844-4B5D-9434-AD480C625432}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 4/11/2012 9:11:08 PM | Computer Name = YOUR-VIU5VCDUB5 | Source = Service Control Manager | ID = 7034
Description = The Error Reporting Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 4/11/2012 9:11:08 PM | Computer Name = YOUR-VIU5VCDUB5 | Source = Service Control Manager | ID = 7034
Description = The COM+ Event System service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/11/2012 9:11:08 PM | Computer Name = YOUR-VIU5VCDUB5 | Source = Service Control Manager | ID = 7034
Description = The Fast User Switching Compatibility service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/11/2012 9:11:08 PM | Computer Name = YOUR-VIU5VCDUB5 | Source = Service Control Manager | ID = 7031
Description = The Help and Support service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 100 milliseconds:
Restart the service.

Error - 4/11/2012 9:11:08 PM | Computer Name = YOUR-VIU5VCDUB5 | Source = Service Control Manager | ID = 7034
Description = The Server service terminated unexpectedly. It has done this 1 time(s).

Error - 4/13/2012 7:41:30 PM | Computer Name = YOUR-VIU5VCDUB5 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 5/2/2012 9:25:52 PM | Computer Name = YOUR-VIU5VCDUB5 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 5/2/2012 9:25:52 PM | Computer Name = YOUR-VIU5VCDUB5 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053


< End of report >
  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

Uninstall:

Ask Toolbar


Step 2.


If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60295
    E - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
    IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.e4me.com
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.e4me.com
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.e4me.com
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.e4me.com
    IE - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.c...rms}&tbid=60295
    IE - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1320680
    IE - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...d=80015language
    IE - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1
    [2009/02/14 17:02:42 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Joanne\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O4 - HKU\S-1-5-18..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" File not found
    O4 - HKU\S-1-5-19..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" File not found
    O4 - HKU\S-1-5-20..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" File not found
    O4 - HKU\S-1-5-21-2136417557-4210259494-4108073714-1005..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FunWebProducts; GTB5)" -"http://global.iwon.com/modules/launchGame/games/includes/blockDotGameIFrame.jhtml?categoryId=3&gameId=548&browser=IE" File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    [2005/08/04 11:16:36 | 001,103,367 | R--- | M] (McAfee Inc.) -- C:\stinger.exe
    @Alternate Data Stream - 2972 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DF79F4B
    
    
    :files
    ipconfig /flushdns /c
    
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 3.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 4.

Please post:

OTL fix log
TDSSKiller log


Give me an update on how your computer is performing
  • 0

#5
whittakerjr

whittakerjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
Evening, wow were you fast with a reply last night. I have brought the machine to my home as I felt if you were responding to my posts quickly I should provide the same amount of effort at getting you the information request.

Having disconnected the computer from cable internet services the equipment appears to be running better. I come to this conclusion as I attempted to remove the Ask tool bar during my luch hour at my co-workers home. Well I was still waiting for the system to fully load and provide me with the ability to run the command line appwiz.cpl instruction 40 minutes after powering it on. I came home, set the computer up (no internet connection) and I was able to start working your directions within 20 minutes. Although I can run your directions, and it is much better than at my co-workers home, I don't think the issues is corrected. There is this slow refresh banding occuring on the monitor, and I am not sure how some of the applications are going to work as I do not want to start changing things until you tell me to. I would like to install the spyware I received from work (legal copy, the office has an Enterprize agreement with MacAffe and Symantic that we can use on our home computers).

Here are the two Reports

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2136417557-4210259494-4108073714-1005\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
Registry key HKEY_USERS\S-1-5-21-2136417557-4210259494-4108073714-1005\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-2136417557-4210259494-4108073714-1005\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
Registry key HKEY_USERS\S-1-5-21-2136417557-4210259494-4108073714-1005\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
Folder C:\Documents and Settings\Joanne\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2136417557-4210259494-4108073714-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shockwave Updater deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\stinger.exe moved successfully.
ADS C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1DF79F4B deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Joanne\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Joanne\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Joanne
->Temp folder emptied: 356820290 bytes
->Temporary Internet Files folder emptied: 119871964 bytes
->Java cache emptied: 7486994 bytes
->Flash cache emptied: 8307 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ralph
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3839139 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1067504 bytes

Total Files Cleaned = 467.00 mb

Unable to start System Restore Service. Error code 1056

OTL by OldTimer - Version 3.2.42.2 log created on 05032012_231626

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



23:33:08.0203 0592 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
23:33:10.0281 0592 ============================================================
23:33:10.0281 0592 Current date / time: 2012/05/03 23:33:10.0281
23:33:10.0281 0592 SystemInfo:
23:33:10.0281 0592
23:33:10.0406 0592 OS Version: 5.1.2600 ServicePack: 3.0
23:33:10.0406 0592 Product type: Workstation
23:33:10.0406 0592 ComputerName: YOUR-VIU5VCDUB5
23:33:10.0406 0592 UserName: Joanne
23:33:10.0406 0592 Windows directory: C:\WINDOWS
23:33:10.0406 0592 System windows directory: C:\WINDOWS
23:33:10.0406 0592 Processor architecture: Intel x86
23:33:10.0406 0592 Number of processors: 1
23:33:10.0406 0592 Page size: 0x1000
23:33:10.0406 0592 Boot type: Normal boot
23:33:10.0406 0592 ============================================================
23:33:25.0828 0592 Drive \Device\Harddisk0\DR0 - Size: 0x4A94F0000 (18.65 Gb), SectorSize: 0x200, Cylinders: 0x982, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:33:25.0921 0592 ============================================================
23:33:25.0921 0592 \Device\Harddisk0\DR0:
23:33:25.0937 0592 MBR partitions:
23:33:25.0937 0592 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2546802
23:33:25.0937 0592 ============================================================
23:33:26.0062 0592 C: <-> \Device\Harddisk0\DR0\Partition0
23:33:26.0093 0592 ============================================================
23:33:26.0093 0592 Initialize success
23:33:26.0093 0592 ============================================================
23:33:58.0203 1044 ============================================================
23:33:58.0203 1044 Scan started
23:33:58.0203 1044 Mode: Manual; SigCheck; TDLFS;
23:33:58.0203 1044 ============================================================
23:33:58.0531 1044 Abiosdsk - ok
23:33:58.0593 1044 abp480n5 - ok
23:33:58.0734 1044 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
23:34:12.0031 1044 ac97intc - ok
23:34:12.0171 1044 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:34:12.0937 1044 ACPI - ok
23:34:13.0000 1044 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:34:13.0593 1044 ACPIEC - ok
23:34:13.0625 1044 adpu160m - ok
23:34:13.0734 1044 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:34:14.0359 1044 aec - ok
23:34:14.0546 1044 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:34:14.0906 1044 AFD - ok
23:34:14.0953 1044 Aha154x - ok
23:34:15.0000 1044 aic78u2 - ok
23:34:15.0062 1044 aic78xx - ok
23:34:15.0343 1044 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
23:34:16.0015 1044 Alerter - ok
23:34:16.0078 1044 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
23:34:16.0609 1044 ALG - ok
23:34:16.0640 1044 AliIde - ok
23:34:16.0687 1044 amsint - ok
23:34:16.0781 1044 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
23:34:17.0265 1044 AN983 - ok
23:34:17.0359 1044 AppMgmt - ok
23:34:17.0406 1044 asc - ok
23:34:17.0453 1044 asc3350p - ok
23:34:17.0500 1044 asc3550 - ok
23:34:17.0625 1044 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
23:34:17.0687 1044 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
23:34:17.0687 1044 ASCTRM - detected UnsignedFile.Multi.Generic (1)
23:34:17.0781 1044 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:34:18.0296 1044 AsyncMac - ok
23:34:18.0375 1044 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:34:18.0906 1044 atapi - ok
23:34:18.0937 1044 Atdisk - ok
23:34:19.0015 1044 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:34:19.0671 1044 Atmarpc - ok
23:34:19.0812 1044 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
23:34:20.0718 1044 AudioSrv - ok
23:34:20.0812 1044 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:34:21.0734 1044 audstub - ok
23:34:22.0218 1044 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:34:22.0812 1044 Beep - ok
23:34:23.0046 1044 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
23:34:23.0859 1044 BITS - ok
23:34:23.0984 1044 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
23:34:24.0515 1044 Browser - ok
23:34:24.0609 1044 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:34:25.0296 1044 cbidf2k - ok
23:34:25.0359 1044 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:34:26.0046 1044 CCDECODE - ok
23:34:26.0093 1044 cd20xrnt - ok
23:34:26.0218 1044 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:34:27.0281 1044 Cdaudio - ok
23:34:27.0671 1044 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:34:28.0750 1044 Cdfs - ok
23:34:28.0828 1044 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:34:29.0500 1044 Cdrom - ok
23:34:29.0578 1044 Changer - ok
23:34:29.0703 1044 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\System32\cisvc.exe
23:34:30.0406 1044 cisvc - ok
23:34:30.0640 1044 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
23:34:31.0281 1044 ClipSrv - ok
23:34:31.0328 1044 CmdIde - ok
23:34:31.0515 1044 COMSysApp - ok
23:34:31.0609 1044 Cpqarray - ok
23:34:31.0718 1044 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
23:34:32.0250 1044 CryptSvc - ok
23:34:32.0296 1044 dac2w2k - ok
23:34:32.0343 1044 dac960nt - ok
23:34:32.0656 1044 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:34:32.0968 1044 DcomLaunch - ok
23:34:33.0125 1044 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
23:34:33.0781 1044 Dhcp - ok
23:34:33.0875 1044 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:34:34.0500 1044 Disk - ok
23:34:34.0546 1044 dmadmin - ok
23:34:34.0734 1044 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:34:35.0390 1044 dmboot - ok
23:34:36.0250 1044 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:34:37.0218 1044 dmio - ok
23:34:37.0328 1044 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:34:38.0234 1044 dmload - ok
23:34:38.0296 1044 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
23:34:38.0843 1044 dmserver - ok
23:34:39.0015 1044 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:34:39.0765 1044 DMusic - ok
23:34:39.0875 1044 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
23:34:40.0265 1044 Dnscache - ok
23:34:40.0421 1044 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
23:34:41.0046 1044 Dot3svc - ok
23:34:41.0109 1044 dpti2o - ok
23:34:41.0171 1044 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:34:41.0703 1044 drmkaud - ok
23:34:41.0781 1044 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
23:34:42.0234 1044 EapHost - ok
23:34:42.0328 1044 EL90X (653394706ff5634f4b5180b8294badb1) C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
23:34:42.0953 1044 EL90X - ok
23:34:43.0031 1044 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
23:34:43.0531 1044 ERSvc - ok
23:34:43.0625 1044 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:34:43.0765 1044 Eventlog - ok
23:34:44.0062 1044 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
23:34:44.0218 1044 EventSystem - ok
23:34:44.0359 1044 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:34:44.0875 1044 Fastfat - ok
23:34:44.0968 1044 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:34:45.0203 1044 FastUserSwitchingCompatibility - ok
23:34:45.0265 1044 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:34:45.0765 1044 Fdc - ok
23:34:45.0828 1044 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:34:46.0281 1044 Fips - ok
23:34:46.0359 1044 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:34:46.0890 1044 Flpydisk - ok
23:34:47.0046 1044 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:34:47.0671 1044 FltMgr - ok
23:34:47.0765 1044 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:34:48.0593 1044 Fs_Rec - ok
23:34:49.0125 1044 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:34:49.0796 1044 Ftdisk - ok
23:34:49.0875 1044 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
23:34:50.0328 1044 gameenum - ok
23:34:50.0453 1044 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:34:51.0015 1044 Gpc - ok
23:34:51.0218 1044 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:34:51.0671 1044 helpsvc - ok
23:34:51.0718 1044 HidServ - ok
23:34:51.0875 1044 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:34:52.0296 1044 HidUsb - ok
23:34:52.0468 1044 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
23:34:52.0906 1044 hkmsvc - ok
23:34:52.0937 1044 hpn - ok
23:34:52.0984 1044 hpt3xx - ok
23:34:53.0187 1044 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:34:53.0328 1044 HTTP - ok
23:34:53.0484 1044 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
23:34:54.0046 1044 HTTPFilter - ok
23:34:54.0078 1044 i2omgmt - ok
23:34:54.0125 1044 i2omp - ok
23:34:54.0421 1044 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:34:54.0921 1044 i8042prt - ok
23:34:55.0046 1044 i81x (007dbb8f9c35df8f8a20b8e7c1204b8b) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
23:34:55.0312 1044 i81x - ok
23:34:55.0390 1044 iAimFP0 (19f03895ce0b9e7fb514e67bb17edcb5) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
23:34:55.0515 1044 iAimFP0 - ok
23:34:55.0671 1044 iAimFP1 (479278c265b596c4fc1a2e0f51e70736) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
23:34:55.0796 1044 iAimFP1 - ok
23:34:55.0843 1044 iAimFP2 (66317ecbed58d15541cad4ed60888430) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
23:34:55.0890 1044 iAimFP2 - ok
23:34:55.0937 1044 iAimFP3 (5807920dcd9fe760ffd733a1297d164a) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
23:34:56.0031 1044 iAimFP3 - ok
23:34:56.0109 1044 iAimFP4 (afb6725ddf3f417495ab99198979ffb1) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
23:34:56.0187 1044 iAimFP4 - ok
23:34:56.0250 1044 iAimTV0 (3de116fe9fc7f15b0a5e0e611b344236) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
23:34:56.0343 1044 iAimTV0 - ok
23:34:56.0421 1044 iAimTV1 (275b8ec3a1aa555e3f1586eaf1302ac5) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
23:34:56.0500 1044 iAimTV1 - ok
23:34:56.0562 1044 iAimTV2 - ok
23:34:56.0718 1044 iAimTV3 (31d5981e35d0f158cd1031e0ee74c6fe) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
23:34:56.0828 1044 iAimTV3 - ok
23:34:56.0906 1044 iAimTV4 (78b4456a11582a927e9b1eca87d1e4f6) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
23:34:56.0984 1044 iAimTV4 - ok
23:34:57.0078 1044 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:34:57.0531 1044 Imapi - ok
23:34:57.0640 1044 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
23:34:58.0093 1044 ImapiService - ok
23:34:58.0140 1044 ini910u - ok
23:34:58.0234 1044 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:34:58.0718 1044 IntelIde - ok
23:34:58.0843 1044 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:34:59.0265 1044 ip6fw - ok
23:34:59.0328 1044 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:34:59.0875 1044 IpFilterDriver - ok
23:34:59.0937 1044 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:35:00.0343 1044 IpInIp - ok
23:35:00.0500 1044 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:35:01.0015 1044 IpNat - ok
23:35:01.0093 1044 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:35:01.0531 1044 IPSec - ok
23:35:01.0578 1044 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:35:02.0062 1044 IRENUM - ok
23:35:02.0156 1044 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:35:02.0593 1044 isapnp - ok
23:35:03.0656 1044 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
23:35:03.0984 1044 JavaQuickStarterService - ok
23:35:04.0078 1044 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:35:04.0515 1044 Kbdclass - ok
23:35:04.0609 1044 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:35:05.0062 1044 kmixer - ok
23:35:05.0156 1044 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:35:05.0328 1044 KSecDD - ok
23:35:05.0484 1044 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
23:35:05.0609 1044 lanmanserver - ok
23:35:05.0765 1044 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
23:35:05.0953 1044 lanmanworkstation - ok
23:35:05.0984 1044 lbrtfdc - ok
23:35:06.0140 1044 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
23:35:06.0562 1044 LmHosts - ok
23:35:06.0593 1044 LMIInfo - ok
23:35:06.0671 1044 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
23:35:08.0203 1044 lmimirr - ok
23:35:08.0265 1044 LMIRfsClientNP - ok
23:35:08.0375 1044 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
23:35:08.0437 1044 LMIRfsDriver - ok
23:35:08.0500 1044 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
23:35:08.0906 1044 Messenger - ok
23:35:09.0000 1044 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:35:09.0562 1044 mnmdd - ok
23:35:09.0703 1044 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
23:35:10.0093 1044 mnmsrvc - ok
23:35:10.0171 1044 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:35:10.0593 1044 Modem - ok
23:35:10.0656 1044 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:35:11.0078 1044 Mouclass - ok
23:35:11.0218 1044 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:35:11.0781 1044 mouhid - ok
23:35:11.0859 1044 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:35:12.0250 1044 MountMgr - ok
23:35:12.0281 1044 mraid35x - ok
23:35:12.0390 1044 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:35:12.0812 1044 MRxDAV - ok
23:35:13.0031 1044 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:35:13.0218 1044 MRxSmb - ok
23:35:13.0312 1044 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
23:35:13.0734 1044 MSDTC - ok
23:35:13.0812 1044 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:35:14.0234 1044 Msfs - ok
23:35:14.0265 1044 MSIServer - ok
23:35:14.0328 1044 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:35:14.0796 1044 MSKSSRV - ok
23:35:14.0828 1044 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:35:15.0234 1044 MSPCLOCK - ok
23:35:15.0296 1044 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:35:15.0718 1044 MSPQM - ok
23:35:15.0812 1044 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:35:16.0234 1044 mssmbios - ok
23:35:16.0328 1044 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:35:16.0703 1044 MSTEE - ok
23:35:16.0843 1044 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
23:35:17.0390 1044 ms_mpu401 - ok
23:35:17.0562 1044 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:35:17.0703 1044 Mup - ok
23:35:17.0812 1044 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:35:18.0218 1044 NABTSFEC - ok
23:35:18.0375 1044 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
23:35:18.0843 1044 napagent - ok
23:35:18.0937 1044 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:35:19.0359 1044 NDIS - ok
23:35:19.0500 1044 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:35:19.0921 1044 NdisIP - ok
23:35:20.0015 1044 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:35:20.0140 1044 NdisTapi - ok
23:35:20.0281 1044 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:35:20.0687 1044 Ndisuio - ok
23:35:20.0781 1044 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:35:21.0203 1044 NdisWan - ok
23:35:21.0281 1044 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:35:21.0421 1044 NDProxy - ok
23:35:21.0531 1044 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:35:21.0937 1044 NetBIOS - ok
23:35:22.0031 1044 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:35:22.0453 1044 NetBT - ok
23:35:22.0546 1044 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:35:22.0953 1044 NetDDE - ok
23:35:23.0000 1044 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:35:23.0390 1044 NetDDEdsdm - ok
23:35:23.0500 1044 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
23:35:23.0890 1044 Netlogon - ok
23:35:24.0015 1044 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
23:35:24.0453 1044 Netman - ok
23:35:24.0671 1044 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
23:35:24.0875 1044 Nla - ok
23:35:25.0062 1044 Norton PC Checkup Application Launcher - ok
23:35:25.0171 1044 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:35:25.0609 1044 Npfs - ok
23:35:25.0750 1044 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:35:26.0234 1044 Ntfs - ok
23:35:26.0265 1044 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
23:35:26.0687 1044 NtLmSsp - ok
23:35:26.0812 1044 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
23:35:27.0281 1044 NtmsSvc - ok
23:35:27.0359 1044 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:35:27.0906 1044 Null - ok
23:35:27.0968 1044 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:35:28.0546 1044 NwlnkFlt - ok
23:35:28.0578 1044 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:35:29.0156 1044 NwlnkFwd - ok
23:35:29.0250 1044 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
23:35:29.0671 1044 P3 - ok
23:35:29.0781 1044 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:35:30.0234 1044 Parport - ok
23:35:30.0296 1044 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:35:30.0718 1044 PartMgr - ok
23:35:30.0812 1044 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:35:31.0343 1044 ParVdm - ok
23:35:31.0484 1044 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe
23:35:31.0734 1044 PCCUJobMgr - ok
23:35:31.0796 1044 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:35:32.0218 1044 PCI - ok
23:35:32.0250 1044 PCIDump - ok
23:35:32.0296 1044 PCIIde - ok
23:35:32.0406 1044 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:35:32.0828 1044 Pcmcia - ok
23:35:32.0921 1044 Pctspk (0275215d01c3985e682a661b8826f371) C:\WINDOWS\system32\pctspk.exe
23:35:33.0515 1044 Pctspk - ok
23:35:33.0546 1044 PDCOMP - ok
23:35:33.0593 1044 PDFRAME - ok
23:35:33.0640 1044 PDRELI - ok
23:35:33.0687 1044 PDRFRAME - ok
23:35:33.0734 1044 perc2 - ok
23:35:33.0765 1044 perc2hib - ok
23:35:33.0937 1044 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:35:34.0031 1044 PlugPlay - ok
23:35:34.0156 1044 pneteth (713e294439d982bb161317de0136faa0) C:\WINDOWS\system32\DRIVERS\pneteth.sys
23:35:34.0187 1044 pneteth ( UnsignedFile.Multi.Generic ) - warning
23:35:34.0187 1044 pneteth - detected UnsignedFile.Multi.Generic (1)
23:35:34.0265 1044 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
23:35:34.0656 1044 PolicyAgent - ok
23:35:34.0796 1044 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:35:35.0234 1044 PptpMiniport - ok
23:35:35.0265 1044 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:35:35.0671 1044 ProtectedStorage - ok
23:35:35.0734 1044 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:35:36.0171 1044 PSched - ok
23:35:36.0265 1044 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:35:36.0812 1044 Ptilink - ok
23:35:36.0921 1044 Ptserli (4ea68256ba3ddfe5238e35af71c529aa) C:\WINDOWS\system32\DRIVERS\ptserli.sys
23:35:37.0500 1044 Ptserli - ok
23:35:37.0531 1044 ql1080 - ok
23:35:37.0578 1044 Ql10wnt - ok
23:35:37.0625 1044 ql12160 - ok
23:35:37.0656 1044 ql1240 - ok
23:35:37.0703 1044 ql1280 - ok
23:35:37.0796 1044 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:35:38.0343 1044 RasAcd - ok
23:35:38.0453 1044 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
23:35:38.0843 1044 RasAuto - ok
23:35:38.0906 1044 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:35:39.0312 1044 Rasl2tp - ok
23:35:39.0421 1044 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
23:35:39.0843 1044 RasMan - ok
23:35:39.0937 1044 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:35:40.0359 1044 RasPppoe - ok
23:35:40.0437 1044 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:35:41.0015 1044 Raspti - ok
23:35:41.0109 1044 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:35:41.0546 1044 Rdbss - ok
23:35:41.0625 1044 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:35:42.0218 1044 RDPCDD - ok
23:35:42.0328 1044 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
23:35:42.0468 1044 RDPWD - ok
23:35:42.0593 1044 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
23:35:43.0015 1044 RDSessMgr - ok
23:35:43.0078 1044 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:35:43.0500 1044 redbook - ok
23:35:43.0578 1044 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
23:35:43.0968 1044 RemoteAccess - ok
23:35:44.0046 1044 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
23:35:44.0468 1044 RpcLocator - ok
23:35:44.0609 1044 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:35:44.0812 1044 RpcSs - ok
23:35:44.0921 1044 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
23:35:45.0531 1044 RSVP - ok
23:35:45.0609 1044 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:35:46.0000 1044 SamSs - ok
23:35:46.0078 1044 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
23:35:46.0484 1044 SCardSvr - ok
23:35:46.0578 1044 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
23:35:47.0015 1044 Schedule - ok
23:35:47.0109 1044 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:35:47.0531 1044 Secdrv - ok
23:35:47.0625 1044 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
23:35:48.0031 1044 seclogon - ok
23:35:48.0109 1044 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
23:35:48.0515 1044 SENS - ok
23:35:48.0609 1044 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:35:49.0000 1044 serenum - ok
23:35:49.0078 1044 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:35:49.0500 1044 Serial - ok
23:35:49.0578 1044 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:35:49.0968 1044 Sfloppy - ok
23:35:50.0125 1044 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
23:35:50.0578 1044 SharedAccess - ok
23:35:50.0671 1044 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:35:50.0781 1044 ShellHWDetection - ok
23:35:50.0812 1044 Simbad - ok
23:35:50.0890 1044 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:35:51.0296 1044 SLIP - ok
23:35:51.0328 1044 Sparrow - ok
23:35:51.0453 1044 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:35:51.0843 1044 splitter - ok
23:35:51.0937 1044 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:35:52.0062 1044 Spooler - ok
23:35:52.0187 1044 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:35:52.0578 1044 sr - ok
23:35:52.0687 1044 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
23:35:53.0156 1044 srservice - ok
23:35:53.0296 1044 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:35:53.0453 1044 Srv - ok
23:35:53.0562 1044 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
23:35:53.0984 1044 SSDPSRV - ok
23:35:54.0109 1044 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
23:35:54.0578 1044 stisvc - ok
23:35:54.0656 1044 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:35:55.0062 1044 streamip - ok
23:35:55.0234 1044 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:35:55.0703 1044 swenum - ok
23:35:55.0796 1044 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:35:56.0203 1044 swmidi - ok
23:35:56.0250 1044 SwPrv - ok
23:35:56.0281 1044 symc810 - ok
23:35:56.0328 1044 symc8xx - ok
23:35:56.0375 1044 sym_hi - ok
23:35:56.0421 1044 sym_u3 - ok
23:35:56.0515 1044 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:35:56.0921 1044 sysaudio - ok
23:35:57.0015 1044 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
23:35:57.0437 1044 SysmonLog - ok
23:35:57.0656 1044 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
23:35:58.0109 1044 TapiSrv - ok
23:35:58.0250 1044 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:35:58.0515 1044 Tcpip - ok
23:35:58.0609 1044 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:35:59.0031 1044 TDPIPE - ok
23:35:59.0109 1044 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:35:59.0500 1044 TDTCP - ok
23:35:59.0562 1044 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:36:00.0000 1044 TermDD - ok
23:36:00.0203 1044 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
23:36:00.0718 1044 TermService - ok
23:36:00.0859 1044 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:36:00.0937 1044 Themes - ok
23:36:00.0968 1044 TosIde - ok
23:36:01.0062 1044 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
23:36:01.0484 1044 TrkWks - ok
23:36:01.0578 1044 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:36:02.0015 1044 Udfs - ok
23:36:02.0046 1044 ultra - ok
23:36:02.0203 1044 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:36:02.0687 1044 Update - ok
23:36:02.0796 1044 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
23:36:03.0234 1044 upnphost - ok
23:36:03.0359 1044 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
23:36:03.0765 1044 UPS - ok
23:36:03.0921 1044 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:36:04.0312 1044 usbccgp - ok
23:36:04.0453 1044 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:36:04.0859 1044 usbhub - ok
23:36:04.0921 1044 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:36:05.0328 1044 USBSTOR - ok
23:36:05.0390 1044 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:36:05.0781 1044 usbuhci - ok
23:36:05.0875 1044 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:36:06.0281 1044 VgaSave - ok
23:36:06.0312 1044 ViaIde - ok
23:36:06.0562 1044 Vmodem (b289d19df6103352d3c4b13c0ed79331) C:\WINDOWS\system32\DRIVERS\vmodem.sys
23:36:07.0250 1044 Vmodem - ok
23:36:07.0312 1044 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:36:07.0718 1044 VolSnap - ok
23:36:07.0843 1044 Vpctcom (4a4448332075c5a909df123c21616b2a) C:\WINDOWS\system32\DRIVERS\vpctcom.sys
23:36:08.0531 1044 Vpctcom - ok
23:36:08.0687 1044 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
23:36:09.0125 1044 VSS - ok
23:36:09.0187 1044 Vvoice (120e61aac05f00c867a32de493dab9b4) C:\WINDOWS\system32\DRIVERS\vvoice.sys
23:36:09.0828 1044 Vvoice - ok
23:36:09.0921 1044 vzandnetdiag (1135dea44142cd5eab1ff44c4bf009e7) C:\WINDOWS\system32\DRIVERS\lgvzandnetdiag.sys
23:36:10.0156 1044 vzandnetdiag - ok
23:36:10.0250 1044 vzandnetdiag2 (8297f1db7ab39dd4ae0803ea9b6960c1) C:\WINDOWS\system32\DRIVERS\lgvzandnetdiag2.sys
23:36:10.0359 1044 vzandnetdiag2 - ok
23:36:10.0437 1044 vzandnetmodem (bc4a55522746d956329070c41801195e) C:\WINDOWS\system32\DRIVERS\lgvzandnetmdm.sys
23:36:10.0484 1044 vzandnetmodem - ok
23:36:10.0562 1044 vzandnetndis (5a1c71356bfc32b69e1485d25fbcbaa7) C:\WINDOWS\system32\DRIVERS\lgvzandnetndis.sys
23:36:10.0640 1044 vzandnetndis - ok
23:36:10.0781 1044 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
23:36:11.0234 1044 W32Time - ok
23:36:11.0328 1044 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:36:11.0734 1044 Wanarp - ok
23:36:11.0890 1044 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
23:36:12.0015 1044 Wdf01000 - ok
23:36:12.0093 1044 WDICA - ok
23:36:12.0187 1044 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:36:12.0593 1044 wdmaud - ok
23:36:12.0703 1044 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
23:36:13.0109 1044 WebClient - ok
23:36:13.0468 1044 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:36:13.0875 1044 winmgmt - ok
23:36:14.0031 1044 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
23:36:14.0078 1044 WinUSB - ok
23:36:14.0500 1044 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:36:14.0906 1044 wlidsvc - ok
23:36:15.0171 1044 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:36:15.0312 1044 WmdmPmSN - ok
23:36:15.0500 1044 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
23:36:15.0906 1044 WmiApSrv - ok
23:36:16.0171 1044 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
23:36:16.0437 1044 WMPNetworkSvc - ok
23:36:16.0578 1044 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
23:36:17.0109 1044 wscsvc - ok
23:36:17.0359 1044 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:36:17.0750 1044 WSTCODEC - ok
23:36:17.0859 1044 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
23:36:18.0265 1044 wuauserv - ok
23:36:18.0406 1044 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:36:18.0484 1044 WudfPf - ok
23:36:18.0546 1044 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:36:18.0625 1044 WudfRd - ok
23:36:18.0765 1044 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:36:18.0890 1044 WudfSvc - ok
23:36:19.0031 1044 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
23:36:19.0562 1044 WZCSVC - ok
23:36:19.0656 1044 X4HS32Ex - ok
23:36:19.0828 1044 XIRLINK (82c3630318fa1fd547994ab50e6cc587) C:\WINDOWS\system32\DRIVERS\C-itnt.sys
23:36:19.0984 1044 XIRLINK ( UnsignedFile.Multi.Generic ) - warning
23:36:19.0984 1044 XIRLINK - detected UnsignedFile.Multi.Generic (1)
23:36:20.0171 1044 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
23:36:20.0578 1044 xmlprov - ok
23:36:20.0859 1044 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
23:36:21.0203 1044 YahooAUService - ok
23:36:21.0375 1044 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
23:36:22.0359 1044 \Device\Harddisk0\DR0 - ok
23:36:22.0390 1044 Boot (0x1200) (fd17ce19b07541c640ccb1a339b508be) \Device\Harddisk0\DR0\Partition0
23:36:22.0406 1044 \Device\Harddisk0\DR0\Partition0 - ok
23:36:22.0421 1044 ============================================================
23:36:22.0421 1044 Scan finished
23:36:22.0421 1044 ============================================================
23:36:22.0687 1912 Detected object count: 3
23:36:22.0718 1912 Actual detected object count: 3
23:37:18.0015 1912 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
23:37:18.0015 1912 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:37:18.0015 1912 pneteth ( UnsignedFile.Multi.Generic ) - skipped by user
23:37:18.0015 1912 pneteth ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:37:18.0031 1912 XIRLINK ( UnsignedFile.Multi.Generic ) - skipped by user
23:37:18.0031 1912 XIRLINK ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:02.0625 0872 ============================================================
23:38:02.0625 0872 Scan started
23:38:02.0625 0872 Mode: Manual; SigCheck; TDLFS;
23:38:02.0625 0872 ============================================================
23:38:03.0187 0872 Abiosdsk - ok
23:38:03.0250 0872 abp480n5 - ok
23:38:03.0390 0872 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
23:38:04.0031 0872 ac97intc - ok
23:38:04.0171 0872 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:38:04.0640 0872 ACPI - ok
23:38:04.0718 0872 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:38:05.0343 0872 ACPIEC - ok
23:38:05.0390 0872 adpu160m - ok
23:38:05.0531 0872 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:38:05.0937 0872 aec - ok
23:38:06.0078 0872 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:38:06.0203 0872 AFD - ok
23:38:06.0265 0872 Aha154x - ok
23:38:06.0312 0872 aic78u2 - ok
23:38:06.0359 0872 aic78xx - ok
23:38:06.0484 0872 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
23:38:06.0890 0872 Alerter - ok
23:38:06.0984 0872 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
23:38:07.0390 0872 ALG - ok
23:38:07.0437 0872 AliIde - ok
23:38:07.0500 0872 amsint - ok
23:38:07.0578 0872 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
23:38:07.0937 0872 AN983 - ok
23:38:07.0984 0872 AppMgmt - ok
23:38:08.0031 0872 asc - ok
23:38:08.0109 0872 asc3350p - ok
23:38:08.0140 0872 asc3550 - ok
23:38:08.0234 0872 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
23:38:08.0265 0872 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
23:38:08.0265 0872 ASCTRM - detected UnsignedFile.Multi.Generic (1)
23:38:08.0328 0872 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:38:08.0750 0872 AsyncMac - ok
23:38:08.0812 0872 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:38:09.0234 0872 atapi - ok
23:38:09.0281 0872 Atdisk - ok
23:38:09.0343 0872 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:38:09.0765 0872 Atmarpc - ok
23:38:09.0843 0872 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
23:38:10.0265 0872 AudioSrv - ok
23:38:10.0375 0872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:38:10.0937 0872 audstub - ok
23:38:11.0078 0872 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:38:11.0656 0872 Beep - ok
23:38:11.0812 0872 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
23:38:12.0312 0872 BITS - ok
23:38:12.0468 0872 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
23:38:12.0875 0872 Browser - ok
23:38:12.0984 0872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:38:13.0531 0872 cbidf2k - ok
23:38:13.0625 0872 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:38:14.0031 0872 CCDECODE - ok
23:38:14.0062 0872 cd20xrnt - ok
23:38:14.0156 0872 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:38:14.0750 0872 Cdaudio - ok
23:38:14.0828 0872 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:38:15.0234 0872 Cdfs - ok
23:38:15.0328 0872 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:38:15.0734 0872 Cdrom - ok
23:38:15.0781 0872 Changer - ok
23:38:15.0890 0872 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\System32\cisvc.exe
23:38:16.0281 0872 cisvc - ok
23:38:16.0343 0872 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
23:38:16.0750 0872 ClipSrv - ok
23:38:16.0812 0872 CmdIde - ok
23:38:16.0859 0872 COMSysApp - ok
23:38:16.0984 0872 Cpqarray - ok
23:38:17.0093 0872 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
23:38:17.0515 0872 CryptSvc - ok
23:38:17.0546 0872 dac2w2k - ok
23:38:17.0609 0872 dac960nt - ok
23:38:17.0765 0872 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:38:17.0953 0872 DcomLaunch - ok
23:38:18.0062 0872 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
23:38:18.0468 0872 Dhcp - ok
23:38:18.0531 0872 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:38:18.0937 0872 Disk - ok
23:38:18.0984 0872 dmadmin - ok
23:38:19.0171 0872 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:38:19.0671 0872 dmboot - ok
23:38:19.0812 0872 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:38:20.0203 0872 dmio - ok
23:38:20.0296 0872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:38:20.0859 0872 dmload - ok
23:38:20.0921 0872 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
23:38:21.0296 0872 dmserver - ok
23:38:21.0359 0872 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:38:21.0765 0872 DMusic - ok
23:38:21.0859 0872 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
23:38:22.0062 0872 Dnscache - ok
23:38:22.0187 0872 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
23:38:22.0578 0872 Dot3svc - ok
23:38:22.0640 0872 dpti2o - ok
23:38:22.0734 0872 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:38:23.0140 0872 drmkaud - ok
23:38:23.0218 0872 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
23:38:23.0609 0872 EapHost - ok
23:38:23.0750 0872 EL90X (653394706ff5634f4b5180b8294badb1) C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
23:38:24.0343 0872 EL90X - ok
23:38:24.0437 0872 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
23:38:24.0859 0872 ERSvc - ok
23:38:24.0968 0872 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:38:25.0046 0872 Eventlog - ok
23:38:25.0203 0872 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
23:38:25.0359 0872 EventSystem - ok
23:38:25.0531 0872 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:38:25.0953 0872 Fastfat - ok
23:38:26.0109 0872 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:38:26.0250 0872 FastUserSwitchingCompatibility - ok
23:38:26.0312 0872 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:38:26.0718 0872 Fdc - ok
23:38:26.0781 0872 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:38:27.0187 0872 Fips - ok
23:38:27.0296 0872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:38:27.0718 0872 Flpydisk - ok
23:38:27.0812 0872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:38:28.0250 0872 FltMgr - ok
23:38:28.0343 0872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:38:28.0921 0872 Fs_Rec - ok
23:38:29.0046 0872 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:38:29.0640 0872 Ftdisk - ok
23:38:29.0750 0872 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
23:38:30.0140 0872 gameenum - ok
23:38:30.0265 0872 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:38:30.0671 0872 Gpc - ok
23:38:30.0921 0872 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:38:31.0343 0872 helpsvc - ok
23:38:31.0375 0872 HidServ - ok
23:38:31.0484 0872 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:38:31.0906 0872 HidUsb - ok
23:38:31.0968 0872 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
23:38:32.0359 0872 hkmsvc - ok
23:38:32.0437 0872 hpn - ok
23:38:32.0484 0872 hpt3xx - ok
23:38:32.0625 0872 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:38:32.0781 0872 HTTP - ok
23:38:32.0890 0872 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
23:38:33.0296 0872 HTTPFilter - ok
23:38:33.0328 0872 i2omgmt - ok
23:38:33.0375 0872 i2omp - ok
23:38:33.0484 0872 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:38:33.0875 0872 i8042prt - ok
23:38:33.0968 0872 i81x (007dbb8f9c35df8f8a20b8e7c1204b8b) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
23:38:34.0140 0872 i81x - ok
23:38:34.0250 0872 iAimFP0 (19f03895ce0b9e7fb514e67bb17edcb5) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
23:38:34.0328 0872 iAimFP0 - ok
23:38:34.0390 0872 iAimFP1 (479278c265b596c4fc1a2e0f51e70736) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
23:38:34.0468 0872 iAimFP1 - ok
23:38:34.0546 0872 iAimFP2 (66317ecbed58d15541cad4ed60888430) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
23:38:34.0625 0872 iAimFP2 - ok
23:38:34.0656 0872 iAimFP3 (5807920dcd9fe760ffd733a1297d164a) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
23:38:34.0718 0872 iAimFP3 - ok
23:38:34.0796 0872 iAimFP4 (afb6725ddf3f417495ab99198979ffb1) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
23:38:34.0875 0872 iAimFP4 - ok
23:38:34.0937 0872 iAimTV0 (3de116fe9fc7f15b0a5e0e611b344236) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
23:38:35.0000 0872 iAimTV0 - ok
23:38:35.0125 0872 iAimTV1 (275b8ec3a1aa555e3f1586eaf1302ac5) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
23:38:35.0203 0872 iAimTV1 - ok
23:38:35.0250 0872 iAimTV2 - ok
23:38:35.0359 0872 iAimTV3 (31d5981e35d0f158cd1031e0ee74c6fe) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
23:38:35.0437 0872 iAimTV3 - ok
23:38:35.0500 0872 iAimTV4 (78b4456a11582a927e9b1eca87d1e4f6) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
23:38:35.0593 0872 iAimTV4 - ok
23:38:35.0687 0872 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:38:36.0078 0872 Imapi - ok
23:38:36.0171 0872 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
23:38:36.0546 0872 ImapiService - ok
23:38:36.0625 0872 ini910u - ok
23:38:36.0687 0872 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:38:37.0109 0872 IntelIde - ok
23:38:37.0187 0872 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:38:37.0562 0872 ip6fw - ok
23:38:37.0687 0872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:38:38.0250 0872 IpFilterDriver - ok
23:38:38.0328 0872 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:38:38.0718 0872 IpInIp - ok
23:38:38.0843 0872 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:38:39.0281 0872 IpNat - ok
23:38:39.0406 0872 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:38:39.0828 0872 IPSec - ok
23:38:39.0890 0872 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:38:40.0281 0872 IRENUM - ok
23:38:40.0343 0872 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:38:40.0750 0872 isapnp - ok
23:38:41.0000 0872 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
23:38:41.0046 0872 JavaQuickStarterService - ok
23:38:41.0171 0872 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:38:41.0562 0872 Kbdclass - ok
23:38:41.0687 0872 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:38:42.0109 0872 kmixer - ok
23:38:42.0250 0872 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:38:42.0390 0872 KSecDD - ok
23:38:42.0484 0872 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
23:38:42.0593 0872 lanmanserver - ok
23:38:42.0734 0872 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
23:38:42.0843 0872 lanmanworkstation - ok
23:38:42.0875 0872 lbrtfdc - ok
23:38:43.0015 0872 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
23:38:43.0421 0872 LmHosts - ok
23:38:43.0453 0872 LMIInfo - ok
23:38:43.0609 0872 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
23:38:43.0953 0872 lmimirr - ok
23:38:44.0031 0872 LMIRfsClientNP - ok
23:38:44.0156 0872 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
23:38:44.0187 0872 LMIRfsDriver - ok
23:38:44.0281 0872 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
23:38:44.0671 0872 Messenger - ok
23:38:44.0765 0872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:38:45.0359 0872 mnmdd - ok
23:38:45.0500 0872 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
23:38:45.0906 0872 mnmsrvc - ok
23:38:46.0015 0872 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:38:46.0437 0872 Modem - ok
23:38:46.0515 0872 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:38:46.0921 0872 Mouclass - ok
23:38:47.0031 0872 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:38:47.0593 0872 mouhid - ok
23:38:47.0656 0872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:38:48.0078 0872 MountMgr - ok
23:38:48.0125 0872 mraid35x - ok
23:38:48.0265 0872 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:38:48.0703 0872 MRxDAV - ok
23:38:48.0890 0872 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:38:49.0046 0872 MRxSmb - ok
23:38:49.0156 0872 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
23:38:49.0546 0872 MSDTC - ok
23:38:49.0609 0872 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:38:50.0031 0872 Msfs - ok
23:38:50.0093 0872 MSIServer - ok
23:38:50.0187 0872 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:38:50.0562 0872 MSKSSRV - ok
23:38:50.0656 0872 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:38:51.0046 0872 MSPCLOCK - ok
23:38:51.0093 0872 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:38:51.0484 0872 MSPQM - ok
23:38:51.0593 0872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:38:52.0015 0872 mssmbios - ok
23:38:52.0062 0872 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:38:52.0453 0872 MSTEE - ok
23:38:52.0578 0872 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
23:38:53.0171 0872 ms_mpu401 - ok
23:38:53.0296 0872 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:38:53.0390 0872 Mup - ok
23:38:53.0500 0872 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:38:53.0875 0872 NABTSFEC - ok
23:38:54.0000 0872 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
23:38:54.0453 0872 napagent - ok
23:38:54.0546 0872 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:38:54.0937 0872 NDIS - ok
23:38:55.0031 0872 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:38:55.0406 0872 NdisIP - ok
23:38:55.0500 0872 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:38:55.0593 0872 NdisTapi - ok
23:38:55.0718 0872 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:38:56.0140 0872 Ndisuio - ok
23:38:56.0234 0872 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:38:56.0656 0872 NdisWan - ok
23:38:56.0781 0872 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:38:56.0890 0872 NDProxy - ok
23:38:57.0015 0872 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:38:57.0406 0872 NetBIOS - ok
23:38:57.0500 0872 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:38:57.0921 0872 NetBT - ok
23:38:58.0046 0872 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:38:58.0453 0872 NetDDE - ok
23:38:58.0500 0872 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:38:58.0906 0872 NetDDEdsdm - ok
23:38:58.0968 0872 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
23:38:59.0375 0872 Netlogon - ok
23:38:59.0484 0872 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
23:38:59.0921 0872 Netman - ok
23:39:00.0062 0872 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
23:39:00.0250 0872 Nla - ok
23:39:00.0343 0872 Norton PC Checkup Application Launcher - ok
23:39:00.0453 0872 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:39:00.0875 0872 Npfs - ok
23:39:01.0015 0872 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:39:01.0531 0872 Ntfs - ok
23:39:01.0562 0872 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
23:39:02.0000 0872 NtLmSsp - ok
23:39:02.0187 0872 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
23:39:02.0625 0872 NtmsSvc - ok
23:39:02.0765 0872 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:39:03.0343 0872 Null - ok
23:39:03.0437 0872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:39:03.0968 0872 NwlnkFlt - ok
23:39:04.0015 0872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:39:04.0468 0872 NwlnkFwd - ok
23:39:04.0578 0872 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
23:39:04.0984 0872 P3 - ok
23:39:05.0109 0872 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:39:05.0515 0872 Parport - ok
23:39:05.0625 0872 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:39:06.0015 0872 PartMgr - ok
23:39:06.0093 0872 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:39:06.0687 0872 ParVdm - ok
23:39:06.0796 0872 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe
23:39:06.0906 0872 PCCUJobMgr - ok
23:39:06.0953 0872 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:39:07.0390 0872 PCI - ok
23:39:07.0453 0872 PCIDump - ok
23:39:07.0500 0872 PCIIde - ok
23:39:07.0609 0872 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:39:08.0015 0872 Pcmcia - ok
23:39:08.0109 0872 Pctspk (0275215d01c3985e682a661b8826f371) C:\WINDOWS\system32\pctspk.exe
23:39:08.0718 0872 Pctspk - ok
23:39:08.0750 0872 PDCOMP - ok
23:39:08.0796 0872 PDFRAME - ok
23:39:08.0859 0872 PDRELI - ok
23:39:08.0906 0872 PDRFRAME - ok
23:39:08.0953 0872 perc2 - ok
23:39:09.0000 0872 perc2hib - ok
23:39:09.0203 0872 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:39:09.0312 0872 PlugPlay - ok
23:39:09.0421 0872 pneteth (713e294439d982bb161317de0136faa0) C:\WINDOWS\system32\DRIVERS\pneteth.sys
23:39:09.0468 0872 pneteth ( UnsignedFile.Multi.Generic ) - warning
23:39:09.0484 0872 pneteth - detected UnsignedFile.Multi.Generic (1)
23:39:09.0515 0872 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
23:39:09.0890 0872 PolicyAgent - ok
23:39:09.0984 0872 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:39:10.0390 0872 PptpMiniport - ok
23:39:10.0468 0872 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:39:10.0843 0872 ProtectedStorage - ok
23:39:10.0921 0872 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:39:11.0343 0872 PSched - ok
23:39:11.0515 0872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:39:12.0015 0872 Ptilink - ok
23:39:12.0156 0872 Ptserli (4ea68256ba3ddfe5238e35af71c529aa) C:\WINDOWS\system32\DRIVERS\ptserli.sys
23:39:12.0687 0872 Ptserli - ok
23:39:12.0734 0872 ql1080 - ok
23:39:12.0796 0872 Ql10wnt - ok
23:39:12.0843 0872 ql12160 - ok
23:39:12.0906 0872 ql1240 - ok
23:39:12.0984 0872 ql1280 - ok
23:39:13.0093 0872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:39:13.0625 0872 RasAcd - ok
23:39:13.0718 0872 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
23:39:14.0125 0872 RasAuto - ok
23:39:14.0234 0872 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:39:14.0640 0872 Rasl2tp - ok
23:39:14.0750 0872 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
23:39:15.0218 0872 RasMan - ok
23:39:15.0281 0872 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:39:15.0718 0872 RasPppoe - ok
23:39:15.0781 0872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:39:16.0359 0872 Raspti - ok
23:39:16.0468 0872 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:39:16.0890 0872 Rdbss - ok
23:39:17.0000 0872 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:39:17.0578 0872 RDPCDD - ok
23:39:17.0750 0872 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
23:39:17.0843 0872 RDPWD - ok
23:39:17.0968 0872 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
23:39:18.0375 0872 RDSessMgr - ok
23:39:18.0468 0872 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:39:18.0890 0872 redbook - ok
23:39:18.0984 0872 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
23:39:19.0359 0872 RemoteAccess - ok
23:39:19.0500 0872 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
23:39:19.0906 0872 RpcLocator - ok
23:39:20.0046 0872 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:39:20.0250 0872 RpcSs - ok
23:39:20.0328 0872 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
23:39:20.0890 0872 RSVP - ok
23:39:21.0000 0872 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:39:21.0390 0872 SamSs - ok
23:39:21.0437 0872 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
23:39:21.0859 0872 SCardSvr - ok
23:39:21.0984 0872 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
23:39:22.0437 0872 Schedule - ok
23:39:22.0562 0872 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:39:22.0968 0872 Secdrv - ok
23:39:23.0062 0872 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
23:39:23.0484 0872 seclogon - ok
23:39:23.0578 0872 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
23:39:24.0000 0872 SENS - ok
23:39:24.0125 0872 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:39:24.0531 0872 serenum - ok
23:39:24.0625 0872 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:39:25.0031 0872 Serial - ok
23:39:25.0109 0872 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:39:25.0515 0872 Sfloppy - ok
23:39:25.0625 0872 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
23:39:26.0109 0872 SharedAccess - ok
23:39:26.0234 0872 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:39:26.0343 0872 ShellHWDetection - ok
23:39:26.0375 0872 Simbad - ok
23:39:26.0468 0872 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:39:26.0859 0872 SLIP - ok
23:39:26.0937 0872 Sparrow - ok
23:39:27.0000 0872 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:39:27.0390 0872 splitter - ok
23:39:27.0515 0872 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:39:27.0625 0872 Spooler - ok
23:39:27.0750 0872 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:39:28.0156 0872 sr - ok
23:39:28.0250 0872 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
23:39:28.0671 0872 srservice - ok
23:39:28.0828 0872 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:39:28.0968 0872 Srv - ok
23:39:29.0078 0872 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
23:39:29.0484 0872 SSDPSRV - ok
23:39:29.0656 0872 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
23:39:30.0093 0872 stisvc - ok
23:39:30.0156 0872 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:39:30.0546 0872 streamip - ok
23:39:30.0671 0872 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:39:31.0093 0872 swenum - ok
23:39:31.0187 0872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:39:31.0609 0872 swmidi - ok
23:39:31.0671 0872 SwPrv - ok
23:39:31.0750 0872 symc810 - ok
23:39:31.0828 0872 symc8xx - ok
23:39:31.0859 0872 sym_hi - ok
23:39:31.0906 0872 sym_u3 - ok
23:39:31.0984 0872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:39:32.0390 0872 sysaudio - ok
23:39:32.0515 0872 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
23:39:32.0890 0872 SysmonLog - ok
23:39:33.0265 0872 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
23:39:33.0718 0872 TapiSrv - ok
23:39:33.0890 0872 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:39:34.0187 0872 Tcpip - ok
23:39:34.0265 0872 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:39:34.0671 0872 TDPIPE - ok
23:39:34.0750 0872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:39:35.0156 0872 TDTCP - ok
23:39:35.0250 0872 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:39:35.0656 0872 TermDD - ok
23:39:35.0843 0872 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
23:39:36.0296 0872 TermService - ok
23:39:36.0421 0872 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:39:36.0500 0872 Themes - ok
23:39:36.0578 0872 TosIde - ok
23:39:36.0703 0872 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
23:39:37.0109 0872 TrkWks - ok
23:39:37.0218 0872 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:39:37.0609 0872 Udfs - ok
23:39:37.0656 0872 ultra - ok
23:39:37.0812 0872 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:39:38.0312 0872 Update - ok
23:39:38.0484 0872 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
23:39:38.0921 0872 upnphost - ok
23:39:39.0000 0872 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
23:39:39.0390 0872 UPS - ok
23:39:39.0468 0872 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:39:39.0859 0872 usbccgp - ok
23:39:40.0000 0872 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:39:40.0390 0872 usbhub - ok
23:39:40.0468 0872 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:39:40.0875 0872 USBSTOR - ok
23:39:40.0953 0872 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:39:41.0375 0872 usbuhci - ok
23:39:41.0500 0872 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:39:41.0906 0872 VgaSave - ok
23:39:41.0953 0872 ViaIde - ok
23:39:42.0140 0872 Vmodem (b289d19df6103352d3c4b13c0ed79331) C:\WINDOWS\system32\DRIVERS\vmodem.sys
23:39:42.0843 0872 Vmodem - ok
23:39:42.0921 0872 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:39:43.0328 0872 VolSnap - ok
23:39:43.0515 0872 Vpctcom (4a4448332075c5a909df123c21616b2a) C:\WINDOWS\system32\DRIVERS\vpctcom.sys
23:39:44.0125 0872 Vpctcom - ok
23:39:44.0250 0872 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
23:39:44.0703 0872 VSS - ok
23:39:44.0781 0872 Vvoice (120e61aac05f00c867a32de493dab9b4) C:\WINDOWS\system32\DRIVERS\vvoice.sys
23:39:45.0328 0872 Vvoice - ok
23:39:45.0406 0872 vzandnetdiag (1135dea44142cd5eab1ff44c4bf009e7) C:\WINDOWS\system32\DRIVERS\lgvzandnetdiag.sys
23:39:45.0546 0872 vzandnetdiag - ok
23:39:45.0640 0872 vzandnetdiag2 (8297f1db7ab39dd4ae0803ea9b6960c1) C:\WINDOWS\system32\DRIVERS\lgvzandnetdiag2.sys
23:39:45.0703 0872 vzandnetdiag2 - ok
23:39:45.0765 0872 vzandnetmodem (bc4a55522746d956329070c41801195e) C:\WINDOWS\system32\DRIVERS\lgvzandnetmdm.sys
23:39:45.0859 0872 vzandnetmodem - ok
23:39:45.0937 0872 vzandnetndis (5a1c71356bfc32b69e1485d25fbcbaa7) C:\WINDOWS\system32\DRIVERS\lgvzandnetndis.sys
23:39:46.0000 0872 vzandnetndis - ok
23:39:46.0171 0872 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
23:39:46.0625 0872 W32Time - ok
23:39:46.0703 0872 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:39:47.0125 0872 Wanarp - ok
23:39:47.0296 0872 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
23:39:47.0437 0872 Wdf01000 - ok
23:39:47.0468 0872 WDICA - ok
23:39:47.0562 0872 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:39:48.0000 0872 wdmaud - ok
23:39:48.0109 0872 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
23:39:48.0500 0872 WebClient - ok
23:39:48.0734 0872 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:39:49.0156 0872 winmgmt - ok
23:39:49.0312 0872 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
23:39:49.0359 0872 WinUSB - ok
23:39:49.0765 0872 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:39:50.0093 0872 wlidsvc - ok
23:39:50.0359 0872 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:39:50.0453 0872 WmdmPmSN - ok
23:39:50.0656 0872 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
23:39:51.0093 0872 WmiApSrv - ok
23:39:51.0390 0872 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
23:39:51.0625 0872 WMPNetworkSvc - ok
23:39:51.0703 0872 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
23:39:52.0125 0872 wscsvc - ok
23:39:52.0312 0872 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:39:52.0718 0872 WSTCODEC - ok
23:39:52.0828 0872 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
23:39:53.0234 0872 wuauserv - ok
23:39:53.0296 0872 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:39:53.0390 0872 WudfPf - ok
23:39:53.0453 0872 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:39:53.0515 0872 WudfRd - ok
23:39:53.0578 0872 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:39:53.0656 0872 WudfSvc - ok
23:39:53.0812 0872 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
23:39:54.0312 0872 WZCSVC - ok
23:39:54.0406 0872 X4HS32Ex - ok
23:39:54.0609 0872 XIRLINK (82c3630318fa1fd547994ab50e6cc587) C:\WINDOWS\system32\DRIVERS\C-itnt.sys
23:39:54.0734 0872 XIRLINK ( UnsignedFile.Multi.Generic ) - warning
23:39:54.0734 0872 XIRLINK - detected UnsignedFile.Multi.Generic (1)
23:39:54.0859 0872 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
23:39:55.0265 0872 xmlprov - ok
23:39:55.0546 0872 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
23:39:55.0750 0872 YahooAUService - ok
23:39:55.0890 0872 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
23:39:56.0312 0872 \Device\Harddisk0\DR0 - ok
23:39:56.0359 0872 Boot (0x1200) (fd17ce19b07541c640ccb1a339b508be) \Device\Harddisk0\DR0\Partition0
23:39:56.0359 0872 \Device\Harddisk0\DR0\Partition0 - ok
23:39:56.0390 0872 ============================================================
23:39:56.0390 0872 Scan finished
23:39:56.0390 0872 ============================================================
23:39:56.0468 1316 Detected object count: 3
23:39:56.0468 1316 Actual detected object count: 3
23:42:02.0843 1316 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
23:42:02.0843 1316 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:42:02.0843 1316 pneteth ( UnsignedFile.Multi.Generic ) - skipped by user
23:42:02.0843 1316 pneteth ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:42:02.0843 1316 XIRLINK ( UnsignedFile.Multi.Generic ) - skipped by user
23:42:02.0843 1316 XIRLINK ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#6
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
OK it looks like we need a bigger tool.

Please do not install your enterprise AV until we finish the two runs with this tool.


Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions

  • 0

#7
whittakerjr

whittakerjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
The operation ran as discribed. The ComboFix loaded/installed the check point and then prompted a 10 minute or longer scan time. I don't know how long it really took, as I left to go shopping, but it was 30 minutes before I left the house from the time the message appeared.

The requested posted file.

ComboFix 12-05-04.02 - Joanne 05/04/2012 12:14:17.1.1 - x86
Running from: c:\documents and settings\Joanne\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-04-04 to 2012-05-04 )))))))))))))))))))))))))))))))
.
.
2012-05-04 06:16 . 2012-05-04 06:16 -------- d-----w- C:\_OTL
2012-05-04 05:26 . 2011-11-25 07:26 13440 ----a-w- c:\windows\system32\drivers\pneteth.sys
2012-05-04 05:19 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-05-04 05:19 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-05-04 05:10 . 2012-05-04 05:24 -------- d-----w- c:\program files\LG Electronics
2012-05-04 05:07 . 2012-05-04 05:26 -------- d-----w- c:\program files\PdaNet for Android
2012-05-03 01:10 . 2012-05-03 01:10 -------- d-----w- c:\windows\PIF
2012-04-05 02:13 . 2012-05-04 04:44 -------- d-----w- C:\Joseph
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 22:56 . 2010-08-31 02:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 01:25 . 2001-10-01 22:58 832512 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 01:25 . 2008-06-04 19:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-03-01 01:25 . 2001-10-01 22:57 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 01:25 . 2001-10-01 22:56 17408 ------w- c:\windows\system32\corpol.dll
2012-02-29 14:10 . 2001-10-01 22:58 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2001-10-01 22:57 148480 ----a-w- c:\windows\system32\imagehlp.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files\Dogpile Bundle Toolbar\Helper.dll" [2011-01-16 356864]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-01-16 1530880]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2011-8-9 13695752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2008-10-18 02:28 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Dogpile Bundle Toolbar\\TroubleShooter.exe"=
"c:\\Program Files\\Dogpile Bundle Toolbar\\ToolbarUpdate.exe"=
.
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag.sys [2011-08-03 23168]
R3 vzandnetdiag2;LGE AndroidNet for VZW Diagnostics Port;c:\windows\system32\DRIVERS\lgvzandnetdiag2.sys [2011-08-03 23168]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm.sys [2011-08-03 27776]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis.sys [2011-08-03 70784]
R3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys [2001-03-16 587064]
R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R4 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.8.5\SymcPCCULaunchSvc.exe [2011-11-05 123320]
R4 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe [2009-08-24 126392]
R4 X4HS32Ex;X4HS32Ex;c:\program files\Free Ride Games\X4HS32Ex.Sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 13440]
S3 Ptserli;PCTEL Serial Device Driver for INTEL;c:\windows\system32\DRIVERS\ptserli.sys [2001-08-17 128286]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: {{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\PlaySushi\PSText.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
URLSearchHooks-{f92a9fe4-2850-4198-b9d5-279880e49b16} - c:\program files\Free_Ride_Games\tbFree.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
Toolbar-{f92a9fe4-2850-4198-b9d5-279880e49b16} - c:\program files\Free_Ride_Games\tbFree.dll
SafeBoot-Wdf01000.sys
HKLM_ActiveSetup-{6E341BB1-72DB-44AC-1237-9ACC7053A815} - c:\documents and settings\Joanne\My Documents\My Received Files\Sexy-waw.jpg
AddRemove-Gourmania Deluxe - c:\program files\Zylom Games\Gourmania Deluxe\GameInstlr.exe
AddRemove-Hotel Solitaire Deluxe - c:\program files\Zylom Games\Hotel Solitaire Deluxe\GameInstlr.exe
AddRemove-PalTalk8.2 - c:\windows\Paltalk Messenger\uninstall.exe
AddRemove-Rainforest Adventure Deluxe - c:\program files\Zylom Games\Rainforest Adventure Deluxe\GameInstlr.exe
AddRemove-Super Collapse! 3 Deluxe - c:\program files\Zylom Games\Super Collapse! 3 Deluxe\GameInstlr.exe
AddRemove-Super Collapse! Puzzle Gallery 4 - c:\program files\Zylom Games\Super Collapse! Puzzle Gallery 4\GameInstlr.exe
AddRemove-The Weather Channel Desktop 6 - c:\program files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-04 16:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.8.5\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(360)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\PdaNet for Android\PdaNetPC.exe
.
**************************************************************************
.
Completion time: 2012-05-04 16:45:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-04 23:45
.
Pre-Run: 9,946,439,680 bytes free
Post-Run: 9,922,252,800 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - ED3CEB7CF3CE44544452BF0EB9D0C456
  • 0

#8
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
How is your computer performing now?
  • 0

#9
whittakerjr

whittakerjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
For what I saw when my co-worker asked me to assist her, it is much better. My XP laptop still is what I am comparing this too and I am hesitant to say great. The banding during video refresh appears to have stopped and when I type, I am getting immediate response out of the keyboard and mouse.

I would like to install the anti-virus and reinstall Malwarebytes (Malware was telling me it had courpeted files when I was trying disable it).

Then return it back to my co-worker and attach the internet to it. At witch time if it runs like it did when she asked me you can help determine what the issue is.
  • 0

#10
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
After running these you can install the McAfee or Norton. Please do not install both


Step 1.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application. Please do not accept the trial right now. We just want to run it on demand.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Step 2.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 4.

Please post:


mbam log
eset log
security check log


Please give me an update on how your computer is doing!
  • 0

Advertisements


#11
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
On second thought your installed memory is showing only 128 MB. McAfee and Norton require more than that. This computer needs more memory. Using modern software it should have at least 500 MB to barely run and somewhere between 1 GB and 2 GB to run properly. Memory is your cheapest and best upgrade to make this computer run well.

For the memory I would recommend that you run the Crucial scanner as that will give you full details about the RAM that your system will accept.
  • 0

#12
whittakerjr

whittakerjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
Morning,
I ran each of the programs. Malware comes up with a corputed notice but then starts. The defination file had today's date so I continued. I saw your notice of holding off installing the Anti-virus software were so I will wait. I will tell my co-work you recommend she upgrade memory - The support tool you suggested sates only 512 is the max she could install and this is below the minimum you recommend. She will need to make that call - as you may see from what is on the hard drive she doesn't use the computer as productivity tool but a past the time and entertainment interface with the web.

As for the computer. Towards the end of runing all the scans the mouse/window drags became a bit choppy (delay as I moved the to access items behind them) and closure of the windows were at time slow. But I still think the unit is better than at her place. Again, the unit performed so much better when I took it off the internet. The one thing I have noticed is that the hard drive is not continuously spinning.

The posts:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.05.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Joanne :: YOUR-VIU5VCDUB5 [administrator]

5/5/2012 4:14:37 PM
mbam-log-2012-05-05 (16-14-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230705
Time elapsed: 27 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0



Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 26
Out of date Java installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbam.exe
``````````End of Log````````````

(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17109 (vista_gdr.120227-1644)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=52feb0ccc13b3c4da36723d7d3e39f01
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-06 08:00:23
# local_time=2012-05-06 01:00:23 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=84361
# found=5
# cleaned=5
# scan_time=6658
C:\Program Files\PlaySushi\psuninst.exe a variant of Win32/Adware.Gamevance.BE application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\WinPalace\casino.dll a variant of Win32/CasOnline application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{058AE4F6-965F-4400-83F0-2086E5BA0FD9}\RP10\A0008482.exe a variant of Win32/Adware.Gamevance.BE application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{058AE4F6-965F-4400-83F0-2086E5BA0FD9}\RP10\A0008483.dll a variant of Win32/CasOnline application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{058AE4F6-965F-4400-83F0-2086E5BA0FD9}\RP9\A0008202.DLL Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#13
whittakerjr

whittakerjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
I have read some of the logs. In most cases they don't mean anything to me, but the Secuity317 states things are out of date. Would you like me to rund the updates again. I thought I had run them two weeks ago when I first sat down at the machine.
  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Thank you for noticing on the AV. I did some research and the free version of Avast! requires the least resources 128MB and it is an excellent tool!

I would strongly suggest getting the memory necessary to go to 512MB. Given here use of the computer, she will realize a dramatic improvement in performance. Please, please convince her to do this. It is money well spent unless she is buying a new computer in the next 3 months!

Step 1.

First download Avast to the desktop - Direct link

Disconnect from the internet


Run the Avast set up file - a reboot may be required
Accept the default settings
When it starts properly it will ask you to register..
Now reconnect to the internet so you can register.
This is so that they can calculate how many servers are required for updating
Select the free option and fill in the small form

Now to set Autosandbox to ask.
This is an option where Avast will ask you whether to run a programme sandboxed (i.e. Virtual) or normally
From the GUI select > Additional Protection > Autosandbox
Then select Settings
Then set the drop down box to ask
OK out of this

Now just forget it, it will auto update every two hours without any requirement for action on your part
Also Avast will speak to you :lol:
When an update has been done, when malware is detected etc..


Things to note :

On installation it will offer a boot scan. This is where it will scan before windows loads:
Not really necessary unless you want to try it out

How often do you do a full scan:
Personally I do one a month if I remember, otherwise I just leave it to the shields and the screen saver


Step 2.

Go here and download IE 8.0 to the desktop and then click on it to install it.


Step 3.

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



Step 4.

Get the memory installed and the other issues you described will be improved dramatically.


Please update me on this and if the machine simply cannot run right with Avast and the minimal memory then uninstall it and stay off the internet until the memory is installed.



Please update me once these are completed or if there are problems completing the steps.
  • 0

#15
whittakerjr

whittakerjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
I spoke to my co-worker and she said go ahead with the memory upgrade. I will be ordering something tomorrow, as shopping online is much easier at the office than with this unit. I will perform all the other items over the next two days. I am not at the house (have class tomorrow) until after midnight. I see you are up all hours, I don't fuction that well when tired and could make some error here and really F the machine up. Do you recommend a company for the memory purchase.

You have been a real pleasure to work with. I will get back with by Thursday night with the status.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP