I went to safe mode, downloaded Malwarebytes on a third computer and imported it into the main comp (in Safe Mode), but it didnt find anything! I dowloaded Kaspersky, I ran it; Kaspersky found Backdoor.Bot, but didn't cure the problem. It's very slow opening, and doesn't close down. Please can someone help. The main comp is Windows XP and is a few years old now - BUT ALL MY FAMILY PHOTOS ARE ON IT - FOR THE LAST 12 YEARS! Please help.
Downloaded VLC v2 and comp grinds to a holt [Closed]
#1
Posted 21 May 2012 - 08:03 AM
I went to safe mode, downloaded Malwarebytes on a third computer and imported it into the main comp (in Safe Mode), but it didnt find anything! I dowloaded Kaspersky, I ran it; Kaspersky found Backdoor.Bot, but didn't cure the problem. It's very slow opening, and doesn't close down. Please can someone help. The main comp is Windows XP and is a few years old now - BUT ALL MY FAMILY PHOTOS ARE ON IT - FOR THE LAST 12 YEARS! Please help.
#2
Posted 21 May 2012 - 08:24 AM
If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.
Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
- Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
- Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
- If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
- These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
- Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
- Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
- You must reply within four days failure to reply will result in the topic being closed!
- Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
- Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.
Step 1.
Protect the third computer (Clean one) with this:
Panda Vaccine
- Please download Panda USB Vaccine (you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
- Install and run the program.
- Double-click on the file USBVaccine.zip located on your desktop.
- A file viewer will open. Double-click on the file USBVaccineSetup.exe. Please select Yes if you are asked if you want to allow the program to make changes to the computer.
- Follow the steps on screen to install the program on your computer.
- Plug in your USB drive and click on Vaccinate USB and Vaccinate Computer.
This way malware will have a more difficult time transferring from the infected computers to the clean one.
Step 2.
BUT ALL MY FAMILY PHOTOS ARE ON IT - FOR THE LAST 12 YEARS! Please help.
Our first priority based on your note is to save the family photos. So we will need to do this:
Use Puppy LInux either burned on a CD or made intor a bootable USB flash drive on the clean computer. Then used on the infected computer to retrieve your photos.
Please click here to find instructions to do this important step.
Now on one of the infected computers run these next two steps:
Please hold one of the infected computers to work on later or you may start a new topic for it but we do not want to confuse steps for cleaning between them.
Step 3.
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
If it does not run rename it iexplore.exe and try it again.
Step 4.
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select Scan All Users
- Select Lop Check and Purity Check
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
C:\windows\*. /RP /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT - Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
Step 5.
Please post:
aswMBR log
OTL.txt
Extras.txt
Give me an update on your computer's issues.
#3
Posted 22 May 2012 - 12:15 AM
I reached 3b, copied loads of files (up to the year 2010) on my memory stick; everything fine, then...
The bad computer (all of a sudden) didn't display the Flash icon on bottom left. It had done so until then; no problem. Now, when I insert it into the USB drive, it just flashes continuously, and I can't see the icon on the screen. Sorry. Maybe I should go and buy an external HDD?
#4
Posted 22 May 2012 - 02:30 AM
Edited by DragonFromWales, 22 May 2012 - 02:47 AM.
#5
Posted 22 May 2012 - 04:58 AM
Try plugging it in before you boot up on the Puppy Linux as well.
#6
Posted 22 May 2012 - 03:44 PM
Where is 3b?I reached 3b
Did you notice anything else or was there an error message?The bad computer (all of a sudden) didn't display the Flash icon on bottom left. It had done so until then; no problem.
Can puppy see it and it can't mount or it can't see it at all?I can't mount it in Puppy
Regards,
CompCav
#7
Posted 23 May 2012 - 12:23 AM
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-22 22:05:46
-----------------------------
22:05:46.437 OS Version: Windows 5.1.2600 Service Pack 3
22:05:46.437 Number of processors: 1 586 0xA00
22:05:46.437 ComputerName: PRIF UserName:
22:05:47.093 Initialize success
22:28:47.453 AVAST engine defs: 12052201
05:25:51.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
05:25:51.312 Disk 0 Vendor: Maxtor_6Y120L0 YAR41BW0 Size: 117246MB BusType: 3
05:25:51.328 Disk 0 MBR read successfully
05:25:51.343 Disk 0 MBR scan
05:25:51.593 Disk 0 Windows XP default MBR code
05:25:51.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 117239 MB offset 63
05:25:51.625 Disk 0 scanning sectors +240107490
05:25:51.734 Disk 0 scanning C:\WINDOWS\system32\drivers
05:26:05.593 Service scanning
05:26:17.546 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
05:26:29.812 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
05:26:36.593 Modules scanning
05:26:44.500 Disk 0 trace - called modules:
05:26:44.625 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spsg.sys >>UNKNOWN [0x86b8c938]<<
05:26:44.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b02ab8]
05:26:44.718 3 CLASSPNP.SYS[f771afd7] -> nt!IofCallDriver -> \Device\00000072[0x86b43968]
05:26:44.765 5 ACPI.sys[f757c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86b4a940]
05:26:45.609 AVAST engine scan C:\WINDOWS
05:27:03.656 AVAST engine scan C:\WINDOWS\system32
05:31:08.312 AVAST engine scan C:\WINDOWS\system32\drivers
05:31:38.406 AVAST engine scan C:\Documents and Settings\Robin.PRIF
06:54:53.359 AVAST engine scan C:\Documents and Settings\All Users
06:56:12.734 Scan finished successfully
07:17:42.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Robin.PRIF\Desktop\MBR.dat"
07:17:42.078 The log file has been saved successfully to "C:\Documents and Settings\Robin.PRIF\Desktop\Scan aswMBR.txt"
#8
Posted 23 May 2012 - 12:48 AM
OTL logfile created on: 23/05/2012 07:31:12 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Robin.PRIF\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
991.49 Mb Total Physical Memory | 565.26 Mb Available Physical Memory | 57.01% Memory free
4.88 Gb Paging File | 4.53 Gb Available in Paging File | 92.88% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.49 Gb Total Space | 36.79 Gb Free Space | 32.14% Space Free | Partition Type: NTFS
Computer Name: PRIF | User Name: Robin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/23 07:28:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin.PRIF\My Documents\Downloads\OTL.exe
PRC - [2012/05/03 20:39:01 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/17 10:26:40 | 000,996,856 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\System Mechanic\SystemGuardAlerter.exe
PRC - [2012/04/17 10:26:10 | 000,936,592 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\System Mechanic\SMTrayNotify.exe
PRC - [2012/04/17 09:30:36 | 001,047,336 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012/05/04 21:33:51 | 008,797,856 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/05/03 20:38:56 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2007/08/18 11:54:30 | 000,380,928 | ---- | M] () -- C:\WINDOWS\system32\ac3filter.acm
MOD - [2003/04/07 07:35:38 | 000,095,292 | ---- | M] () -- C:\WINDOWS\system32\atrac3.acm
MOD - [2002/08/29 13:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
========== Win32 Services (SafeList) ==========
SRV - [2012/05/04 21:33:54 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/03 20:39:05 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/17 09:30:36 | 001,047,336 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2012/01/29 16:10:11 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files\TalkTalk\Security\FWES\program\fsdfwd.exe -- (FSDFWD)
SRV - [2012/01/29 15:51:24 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files\TalkTalk\Security\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/08/05 16:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files\TalkTalk\Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 16:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files\TalkTalk\Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2007/11/08 02:02:30 | 000,294,912 | ---- | M] () [Auto | Stopped] -- C:\Program Files\RingThree\bin\PvmService.exe -- (PVM Service)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/11/17 16:48:40 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [On_Demand | Stopped] -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2003/05/23 05:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2001/08/09 02:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\lvusbsta.sys -- (LVUSBSta)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\JiaoCap.sys -- (JiaoCap)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- -- (bsaspi32)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ROBIN~1.PRI\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/05/21 06:47:37 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uti2mju5.sys -- (uti2mju5)
DRV - [2012/05/09 08:07:45 | 000,044,184 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts)
DRV - [2012/01/29 16:10:57 | 000,082,120 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsdfw.sys -- (FSFW)
DRV - [2012/01/29 15:50:16 | 000,148,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\TalkTalk\Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2011/11/01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/11/01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 10:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/08/05 16:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Program Files\TalkTalk\Security\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/08/05 16:56:14 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\TalkTalk\Security\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/08/05 16:56:14 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\TalkTalk\Security\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/09/02 09:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/21 15:02:42 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007/09/05 02:46:34 | 000,092,544 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/08/23 13:58:21 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/06/13 05:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 05:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 05:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 05:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 05:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/03/17 08:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 08:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/10/21 08:25:32 | 000,013,396 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2005/10/21 08:25:32 | 000,013,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune)
DRV - [2003/10/24 05:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/08/08 13:54:48 | 000,013,535 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2003/06/19 08:30:18 | 000,752,764 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/01/14 17:16:58 | 001,067,008 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/14 17:16:56 | 000,585,472 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/01/14 17:16:56 | 000,166,144 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/01/14 17:16:56 | 000,022,400 | ---- | M] (Conexant Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/01/10 10:56:34 | 000,030,921 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SQCaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2002/12/27 13:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/11/28 18:33:20 | 000,093,962 | R--- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm302.sys -- (ZSMC302)
DRV - [2002/11/13 21:10:52 | 000,234,368 | ---- | M] (Ziontek Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snct511.sys -- (SNCT511) PC Camera (6005 CIF)
DRV - [2002/08/29 13:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2002/05/14 12:05:08 | 000,022,571 | R--- | M] (Walter Oney Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UsbMicfilt.sys -- (Z302Mic)
DRV - [2001/08/17 14:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 14:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 14:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 14:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 14:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 14:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 14:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 14:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 14:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2001/08/17 13:12:32 | 000,016,074 | ---- | M] (NETGEAR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FA312nd5.sys -- (FA312)
DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\BRPAR.SYS -- (BrPar)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.boyns.net
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.boyns.net
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.boyns.net
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.1and1.co.uk/?ref=EasyLogin
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\..\SearchScopes\{056272D3-20BF-4AA7-8372-1AE31731960C}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7RNWF_enGB469
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.10.10.10:3128
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\WINDOWS\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\TalkTalk\Security\NRS\[email protected] [2012/04/23 09:25:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/03 20:39:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/16 07:36:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/04/04 17:52:47 | 000,000,000 | ---D | M]
[2012/01/25 15:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin.PRIF\Application Data\Mozilla\Extensions
[2012/05/02 10:54:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin.PRIF\Application Data\Mozilla\Firefox\Profiles\13x0v4cf.default\extensions
[2012/02/03 00:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/07 15:23:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/08/03 16:07:19 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/03/21 13:02:14 | 000,042,737 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ROBIN.PRIF\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\13X0V4CF.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI
[2012/05/03 20:39:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/21 05:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 05:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2008/10/29 11:48:27 | 000,268,560 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 208.67.70.3
O1 - Hosts: 127.0.0.1 38.99.150.167
O1 - Hosts: 127.0.0.1 38.99.150.205
O1 - Hosts: 127.0.0.1 88.255.90.60
O1 - Hosts: 127.0.0.1 opal.spod.org
O1 - Hosts: 127.0.0.1 sendspace.com
O1 - Hosts: 127.0.0.1 ad1.ny.yieldmanager.com
O1 - Hosts: 127.0.0.1 ad2.ny.yieldmanager.com
O1 - Hosts: 127.0.0.1 ny.yieldmanager.com
O1 - Hosts: 127.0.0.1 yieldmanager.com
O1 - Hosts: 127.0.0.1 193.165.167.2
O1 - Hosts: 127.0.0.1 152.66.249.135
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 9297 more lines...
O2 - BHO: (no name) - {0D84EF14-ED8E-475F-96D4-2123F65D701B} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\TalkTalk\Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\TalkTalk\Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\TalkTalk\Security\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\TalkTalk\Security\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012..\Run: [] File not found
O4 - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
O4 - Startup: C:\Documents and Settings\Erin\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Erin\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Robin.PRIF\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\TalkTalk\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\TalkTalk\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\TalkTalk\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\TalkTalk\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKLM\..Trusted Domains: contentmatch.net ([ny] http in Trusted sites)
O15 - HKLM\..Trusted Domains: contentmatch.net ([ny] https in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} http://www.mrw.inter...er/tdserver.cab (TDServer Control)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} https://components.v...unknown (Reg Error: Key error.)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/...oader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macrom...tor/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} https://signup.msn.c...es/MsnInstC.cab (InstallerBehaviorFactory Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1203240243193 (MUCatalogWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1124365501312 (MUWebControl Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} https://www.ibm.com/...ad/IbmEgath.cab (IBM Access Support)
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} http://secure2.comne...login-devel.cab (SecureLogin class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} http://webcamnow.com...tiveXWebCam.cab (WebCam Control)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7934.2904282407 (Reg Error: Key error.)
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} http://195.62.202.14...in/h263ctrl.cab (VaPgCtrl Class)
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} http://www.nwales-tr...ivex/camera.cab (Cameractl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} http://download.macr...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} http://download.abac...abasetup145.cab (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72B1AAA1-C5C0-448A-A0F0-4E2DD54F4FF4}: DhcpNameServer = 10.10.10.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A746E855-84F1-49DE-8FAA-832298807267}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found.
O24 - Desktop WallPaper: C:\Documents and Settings\Robin.PRIF\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robin.PRIF\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/11/09 04:54:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{459e5c43-a4e2-11d8-bec6-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{459e5c43-a4e2-11d8-bec6-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{459e5c43-a4e2-11d8-bec6-806d6172696f}\Shell\AutoRun\command - "" = D:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck smrgdf C:\Documents and Settings\Robin.PRIF\Application Data\iolo\)
O34 - HKLM BootExecute: (6.)
O34 - HKLM BootExecute: (╁̉Ұ)
O34 - HKLM BootExecute: (])
O34 - HKLM BootExecute: (Software\Adobe\Acrobat Reader\10.0\RememberedViews\cNoCategoryFiles\c12\cViewDef\cTopLeftView)
O34 - HKLM BootExecute: (l)
O34 - HKLM BootExecute: (⑱̉Ұ)
O34 - HKLM BootExecute: (])
O34 - HKLM BootExecute: (Software\Adobe\Acrobat Reader\10.0\RememberedViews\cNoCategoryFiles\c12\cViewDef\cTopLeftView)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (㷑ҤҰ)
O34 - HKLM BootExecute: (ġ)
O34 - HKLM BootExecute: (Offline pages are Web pages that are stored on your computer so you can view them without being connected to the Internet. If you delete these pages now)
O34 - HKLM BootExecute: (you can still view your favorites offline later by synchronizing them. Your personalized settings for Web pages will be left intact.)
O34 - HKLM BootExecute: (unt)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10
========== Files/Folders - Created Within 30 Days ==========
[2012/05/21 14:09:53 | 068,634,224 | ---- | C] (F-Secure Corporation) -- C:\Documents and Settings\Robin.PRIF\Desktop\TTS9-0[UZR0-BRKJ-90BJ-RVM0-U26K].exe
[2012/05/21 12:57:02 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/05/20 21:08:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2012/05/20 21:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sonic
[2012/05/20 10:45:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.PRIF\Application Data\Sony Corporation
[2012/05/20 10:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.PRIF\My Documents\Picture Motion Browser
[2012/05/20 10:35:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DLA
[2012/05/20 10:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Sonic
[2012/05/20 10:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2012/05/20 09:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.PRIF\Application Data\vlc
[2012/05/11 05:37:08 | 015,935,168 | ---- | C] (Corel ) -- C:\Documents and Settings\Robin.PRIF\My Documents\English_PSPX_RegXtras.exe
[2012/05/11 05:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.PRIF\Application Data\Download Manager
[2012/05/10 14:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.PRIF\Application Data\com.acrobat.createpdf.CreatePDFDesktop
[2012/05/10 14:09:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2012/05/03 20:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/03 20:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/27 14:25:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Robin.PRIF\My Documents\My Data Sources
[2012/04/27 05:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012/04/25 06:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.PRIF\Desktop\Unused Desktop Shortcuts
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/23 07:17:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Robin.PRIF\Desktop\MBR.dat
[2012/05/23 06:08:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/22 21:59:00 | 000,012,710 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/22 21:58:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/21 13:23:27 | 068,634,224 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\Robin.PRIF\Desktop\TTS9-0[UZR0-BRKJ-90BJ-RVM0-U26K].exe
[2012/05/21 06:47:37 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\uti2mju5.sys
[2012/05/20 10:36:11 | 000,040,424 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/05/20 10:32:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/20 10:24:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2012/05/20 10:22:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/20 09:22:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/20 05:22:00 | 000,000,562 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2012/05/19 10:50:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Diskeeper Lite.job
[2012/05/14 05:26:35 | 000,302,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/14 03:20:27 | 000,451,584 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/14 03:20:27 | 000,075,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/11 05:40:35 | 015,935,168 | ---- | M] (Corel ) -- C:\Documents and Settings\Robin.PRIF\My Documents\English_PSPX_RegXtras.exe
[2012/05/11 05:36:00 | 000,000,848 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/05/10 14:09:48 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe CreatePDF Desktop.lnk
[2012/05/09 08:07:45 | 000,044,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012/04/27 11:37:36 | 000,001,785 | ---- | M] () -- C:\Documents and Settings\Robin.PRIF\My Documents\Gwyfynod a gloynod 30.odb
[2012/04/27 07:04:02 | 000,001,786 | ---- | M] () -- C:\Documents and Settings\Robin.PRIF\My Documents\Gwyfynod a gloynod 21.odb
[2012/04/27 07:00:53 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\Robin.PRIF\My Documents\Gwyfynod a gloynod 20.odb
[2012/04/23 09:29:17 | 000,001,696 | ---- | M] () -- C:\Documents and Settings\Robin.PRIF\Desktop\System Mechanic.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/23 07:17:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Robin.PRIF\Desktop\MBR.dat
[2012/05/21 06:47:28 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\uti2mju5.sys
[2012/05/10 14:09:48 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe CreatePDF Desktop.lnk
[2012/04/27 11:37:36 | 000,001,785 | ---- | C] () -- C:\Documents and Settings\Robin.PRIF\My Documents\Gwyfynod a gloynod 30.odb
[2012/04/27 07:04:02 | 000,001,786 | ---- | C] () -- C:\Documents and Settings\Robin.PRIF\My Documents\Gwyfynod a gloynod 21.odb
[2012/04/27 07:00:53 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\Robin.PRIF\My Documents\Gwyfynod a gloynod 20.odb
[2012/04/17 08:13:51 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/03/20 19:43:07 | 000,000,334 | ---- | C] () -- C:\WINDOWS\SysMech.INI
[2012/03/19 13:18:17 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/03/13 14:12:42 | 000,000,008 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2012/02/14 17:49:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/01 17:09:28 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Robin.PRIF\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/29 15:21:48 | 000,044,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011/02/01 19:25:32 | 000,000,248 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
========== LOP Check ==========
[2008/05/03 16:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/01/29 15:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2012/01/29 15:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2011/08/28 15:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hazard Perception Training
[2008/12/09 20:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012/04/23 09:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/04/04 17:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2012/04/04 16:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2008/05/31 15:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/03/14 08:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer
[2004/09/23 11:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PGP Corporation
[2008/02/20 08:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2003/11/10 07:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2003/11/10 07:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\InterTrust
[2012/03/27 14:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\iolo
[2012/02/13 14:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\OpenOffice.org
[2012/02/13 14:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\PC Suite
[2012/03/09 20:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\Search Settings
[2003/11/10 07:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\InterTrust
[2008/10/23 16:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\PC Suite
[2008/11/15 12:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Search Settings
[2012/03/19 13:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2012/05/20 21:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2012/02/24 07:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\1&1
[2012/01/25 15:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\Canon
[2012/05/10 14:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\com.acrobat.createpdf.CreatePDFDesktop
[2012/01/25 15:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\CyberScrub
[2012/02/01 12:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\EPSON
[2012/03/07 01:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\F-Secure
[2012/03/06 16:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\FileZilla
[2003/11/10 07:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\InterTrust
[2012/04/04 11:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\iolo
[2012/04/04 17:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\Nokia
[2012/01/30 14:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\OpenOffice.org
[2012/01/25 16:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\PC Suite
[2012/03/14 08:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\PDF Writer
[2012/01/30 13:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\Search Settings
[2012/05/20 10:24:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2012/05/19 10:50:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\Diskeeper Lite.job
[2004/05/25 11:22:00 | 000,000,696 | ---- | M] () -- C:\WINDOWS\Tasks\new.job
[2012/05/20 05:22:00 | 000,000,562 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled scanning task.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 08:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2002/08/29 13:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\$NtUninstallKB820291$\explorer.exe
< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 08:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: USERINIT.EXE >
[2004/08/04 08:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/04 08:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = System32\DRIVERS\netbt.sys -- [2008/04/13 20:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
"DisplayName" = NetBT
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{053E339B-B115-46E2-A513-EE43E7AD00BB}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{6078BE8E-6CB2-4167-980D-65EFBDB392CC}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{72B1AAA1-C5C0-448A-A0F0-4E2DD54F4FF4}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{8AA7050F-F468-443F-8059-101873B32F47}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{A175AC96-18AA-4341-BC66-D78BF5750B16}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{A746E855-84F1-49DE-8FAA-832298807267}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{BD31F44A-EB0B-4B9F-AB5F-8D3FE8D7736E}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{CB38713B-854E-4744-AA0A-40122955D1FE}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{CBC6863B-5B26-43FF-8E4D-F345B26B1178}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = System32\DRIVERS\netbios.sys -- [2008/04/13 19:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 08 01 07 01 06 01 00 01 01 00 02 00 03 00 04 00 05 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2002/08/29 13:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/03 20:38:39 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/03 20:38:39 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/03 20:38:39 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/03 20:39:01 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/03 20:39:01 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/03 20:39:01 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 13:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 13:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 13:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/03 20:38:39 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/03 20:38:39 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/03 20:38:39 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/03 20:39:01 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/03 20:39:01 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/03 20:39:01 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 13:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 13:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 13:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< C:\Windows\assembly\tmp\U\*.* /s >
< C:\Program Files\Common Files\ComObjects\*.* /s >
< C:\windows\*. /RP /s >
< %Temp%\smtmp\1\*.* >
< %Temp%\smtmp\2\*.* >
< %Temp%\smtmp\3\*.* >
< %Temp%\smtmp\4\*.* >
< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: PRIF
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B
Volume 1 D DVD-ROM 0 B
Volume 2 W DVD-ROM 0 B
Volume 3 C DRIVE_C NTFS Partition 114 GB Healthy System
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
========== Alternate Data Streams ==========
@Alternate Data Stream - 5016 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
< End of report >
OTL Extras logfile created on: 23/05/2012 07:31:12 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Robin.PRIF\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
991.49 Mb Total Physical Memory | 565.26 Mb Available Physical Memory | 57.01% Memory free
4.88 Gb Paging File | 4.53 Gb Available in Paging File | 92.88% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.49 Gb Total Space | 36.79 Gb Free Space | 32.14% Space Free | Partition Type: NTFS
Computer Name: PRIF | User Name: Robin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-2380534116-3245949913-2394868359-1012\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Directory [DirSize] -- Reg Error: Value error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01000A03-E058-11D3-9C13-0000E220DC33}" = MiraScan V4.03
"{113EECD6-9A04-11D4-811D-00805F923B86}" = Lotus NotesSQL 3.01 driver
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1E6875D5-5A1D-4569-840F-371FF391A4CE}" = ScanButton 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{269DBC9C-CAFC-472d-B1F1-0D327C2FFA76}" = Canon MF3200 Series
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java 6 Update 22
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.0
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59552B98-E671-AFA7-C04D-6F62DDD44D3C}" = Adobe® CreatePDF Desktop
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{6B28B35A-2A37-46A0-8A84-B0D838D37BE9}" = PageManager For EPSON
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.4.3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}" = ALi USB2.0 Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABE6EF98-9D69-471F-A52D-CE5E86B84FFC}" = PC Camera (6005 CIF)
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{D1AD7439-FBCA-4345-A780-2A5617EBA9DE}" = neoDVDplus5
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DCFF9230-22DC-40ED-BBCC-0F260B85734C}" = Tsunami-Filter-Pack
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11
"{EB489F13-5AA1-450D-8E8E-44D6B55A5574}" = Nokia PC Suite 5.8
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.19)
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALC1100 Paper Jam Guide" = ALC1100 Paper Jam Guide
"ALC1100 Reference Guide" = ALC1100 Reference Guide
"ALCX11 User's Guide" = ALCX11 User's Guide
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1394
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"com.acrobat.createpdf.CreatePDFDesktop" = Adobe® CreatePDF Desktop
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CorelDRAW 10" = CorelDRAW 10
"CyberScrub Professional 3.0" = CyberScrub Professional 3.0
"DivX Codec" = DivX Codec
"DivX Player" = DivX Player
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"FLV Player" = FLV Player 2.0, build 24
"F-Secure Product 444" = TalkTalk Security
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War
"InstallShield_{D1AD7439-FBCA-4345-A780-2A5617EBA9DE}" = neoDVDplus
"InstallShield_{EB489F13-5AA1-450D-8E8E-44D6B55A5574}" = Nokia PC Suite 5.8
"LameACM" = Lame ACM MP3 Codec
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MagicDisc 2.5.79" = MagicDisc 2.5.79
"Matroska Pack" = Matroska Pack
"Media Player - Codec Pack" = Media Player Codec Pack 2.2.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"MoffFreeCalc_is1" = Moffsoft FreeCalc
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Suite" = Nokia Suite
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"PowerDVD" = PowerDVD
"PSP Anniversary Edition Xtras" = PSP Anniversary Edition Xtras
"S3" = KM400/KN400 Display Driver and Utilities
"SecondLifeViewer" = SecondLifeViewer (remove only)
"ST6UNST #3" = Audio Edit
"SWiSH Max2" = SWiSH Max2
"SWiSHmax" = SWiSHmax
"SWiSHvideo2" = SWiSHvideo2
"The Core Media Player" = The Core Media Player 4.0
"TreeSize Professional_is1" = TreeSize Professional 3.3.3
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"wa2wmp" = Windows Media Player Skin Importer
"WavePad" = WavePad Uninstall
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WebDesigner" = Microsoft Expression Web
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2380534116-3245949913-2394868359-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ OSession Events ]
Error - 10/02/2008 05:46:05 | Computer Name = YOUR-R8CM2B14MH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10054
seconds with 2460 seconds of active time. This session ended with a crash.
Error - 19/05/2008 14:43:12 | Computer Name = YOUR-R8CM2B14MH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5858
seconds with 1320 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 22/05/2012 16:50:25 | Computer Name = PRIF | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBT service which failed
to start because of the following error: %%31
Error - 22/05/2012 16:50:25 | Computer Name = PRIF | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31
Error - 22/05/2012 16:50:25 | Computer Name = PRIF | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31
Error - 22/05/2012 16:50:25 | Computer Name = PRIF | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31
Error - 22/05/2012 16:50:25 | Computer Name = PRIF | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK7 eeCtrl Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
Error - 22/05/2012 16:50:28 | Computer Name = PRIF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 22/05/2012 16:52:10 | Computer Name = PRIF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 22/05/2012 16:59:11 | Computer Name = PRIF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 22/05/2012 17:00:14 | Computer Name = PRIF | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK7 eeCtrl Fips
Error - 23/05/2012 02:17:39 | Computer Name = PRIF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
#9
Posted 23 May 2012 - 08:20 AM
iolo technologies' System Mechanic
Please uninstall this registry cleaner.
A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
We strongly advise that people stay away from any of the registry cleaners out there.
Go HERE to get more information about why registry cleaners aren't needed.
Do you recognize this?
GMSIPCI.SYS on drive D:\ in the Install directory as a service, normally these are on drive C:\
Step 2.
If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
- Please reopen on your desktop.
- Copy and Paste the following code into the textbox.
:OTL DRV - [2012/05/21 06:47:37 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uti2mju5.sys -- (uti2mju5) IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.boyns.net IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.boyns.net IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.boyns.net IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.) IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.10.10.10:3128 FF - prefs.js..extensions.enabledItems: [email protected]:1.0 FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) [2008/08/03 16:07:19 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\[email protected] [2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll O2 - BHO: (no name) - {0D84EF14-ED8E-475F-96D4-2123F65D701B} - No CLSID value found. O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.) O3 - HKLM\..\Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found O4 - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012..\Run: [] File not found O15 - HKLM\..Trusted Domains: contentmatch.net ([ny] http in Trusted sites) O15 - HKLM\..Trusted Domains: contentmatch.net ([ny] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30) O33 - MountPoints2\{459e5c43-a4e2-11d8-bec6-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{459e5c43-a4e2-11d8-bec6-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{459e5c43-a4e2-11d8-bec6-806d6172696f}\Shell\AutoRun\command - "" = D:\Install.exe [2012/04/23 09:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2008/02/20 08:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2012/03/27 14:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\iolo [2012/03/19 13:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo [2012/05/20 21:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo [2012/04/04 11:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\iolo @Alternate Data Stream - 5016 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc :files ipconfig /flushdns /c :reg :Commands [purity] [resethosts] [emptytemp] [createrestorepoint]
- Push
- OTL may ask to reboot the machine. Please do so if asked.
- Click the OK button.
- A report will open. Copy and Paste that report in your next reply.
- If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
Step 3.
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. This infection will require a reboot to correct so make sure these are turned off and will not turn back on at reboot. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
- Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
- Click on Yes, to continue scanning for malware.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" for further review.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions
Step 4.
Download the latest version of TDSSKiller from here and save it to your Desktop.
- Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
- Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
- Click the Start Scan button.
- If a suspicious object is detected, the default action will be Skip, click on Continue.
- If malicious objects are found, they will show in the Scan results and offer three (3) options.
- Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
- Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
- Get the report by selecting Reports
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Step 5.
Please post:
OTL fix log
ComboFix.txt
TDSSKiller log
Update me on your computer issues.
#10
Posted 23 May 2012 - 01:05 PM
1. Deleted Iolo; I have it installed on the other comp (the lap-top) as well.
2. Re: Do you recognize this?
GMSIPCI.SYS on drive D:\ in the Install directory as a service, normally these are on drive C:\
No idea! The odd thing, however is that I have only 2 dvd drives: D and E. there appears a third - W in the My Comp window.
3. re: Malwarebytes: I don't have it installed.
4. Logs:
OTL logfile created on: 23/05/2012 19:50:49 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Robin.PRIF\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
991.49 Mb Total Physical Memory | 625.54 Mb Available Physical Memory | 63.09% Memory free
4.88 Gb Paging File | 4.65 Gb Available in Paging File | 95.37% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.49 Gb Total Space | 36.83 Gb Free Space | 32.17% Space Free | Partition Type: NTFS
Drive D: | 130.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: PRIF | User Name: Robin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/23 19:48:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin.PRIF\My Documents\Downloads\OTL(1).exe
PRC - [2012/05/03 20:39:01 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/17 09:30:36 | 001,047,336 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012/05/03 20:38:56 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2007/12/29 01:04:02 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll
MOD - [2007/12/29 01:03:34 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
MOD - [2007/08/18 11:54:30 | 000,380,928 | ---- | M] () -- C:\WINDOWS\system32\ac3filter.acm
MOD - [2003/04/07 07:35:38 | 000,095,292 | ---- | M] () -- C:\WINDOWS\system32\atrac3.acm
MOD - [2002/08/29 13:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
========== Win32 Services (SafeList) ==========
SRV - [2012/05/04 21:33:54 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/03 20:39:05 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/17 09:30:36 | 001,047,336 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2012/01/29 16:10:11 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files\TalkTalk\Security\FWES\program\fsdfwd.exe -- (FSDFWD)
SRV - [2012/01/29 15:51:24 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files\TalkTalk\Security\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/08/05 16:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files\TalkTalk\Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 16:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files\TalkTalk\Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2007/11/08 02:02:30 | 000,294,912 | ---- | M] () [Auto | Stopped] -- C:\Program Files\RingThree\bin\PvmService.exe -- (PVM Service)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/11/17 16:48:40 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [On_Demand | Stopped] -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2003/05/23 05:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2001/08/09 02:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\lvusbsta.sys -- (LVUSBSta)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\JiaoCap.sys -- (JiaoCap)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- -- (bsaspi32)
DRV - [2012/05/21 06:47:37 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uti2mju5.sys -- (uti2mju5)
DRV - [2012/05/09 08:07:45 | 000,044,184 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts)
DRV - [2012/01/29 16:10:57 | 000,082,120 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsdfw.sys -- (FSFW)
DRV - [2012/01/29 15:50:16 | 000,148,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\TalkTalk\Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2011/11/01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/11/01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 10:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/08/05 16:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Program Files\TalkTalk\Security\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/08/05 16:56:14 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\TalkTalk\Security\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/08/05 16:56:14 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\TalkTalk\Security\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/09/02 09:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/21 15:02:42 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007/09/05 02:46:34 | 000,092,544 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/08/23 13:58:21 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/06/13 05:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 05:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 05:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 05:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 05:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/03/17 08:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 08:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/10/21 08:25:32 | 000,013,396 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2005/10/21 08:25:32 | 000,013,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune)
DRV - [2003/10/24 05:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/08/08 13:54:48 | 000,013,535 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2003/06/19 08:30:18 | 000,752,764 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/01/14 17:16:58 | 001,067,008 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/14 17:16:56 | 000,585,472 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/01/14 17:16:56 | 000,166,144 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/01/14 17:16:56 | 000,022,400 | ---- | M] (Conexant Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/01/10 10:56:34 | 000,030,921 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SQCaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2002/12/27 13:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/11/28 18:33:20 | 000,093,962 | R--- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm302.sys -- (ZSMC302)
DRV - [2002/11/13 21:10:52 | 000,234,368 | ---- | M] (Ziontek Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snct511.sys -- (SNCT511) PC Camera (6005 CIF)
DRV - [2002/08/29 13:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2002/05/14 12:05:08 | 000,022,571 | R--- | M] (Walter Oney Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UsbMicfilt.sys -- (Z302Mic)
DRV - [2001/08/17 14:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 14:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 14:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 14:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 14:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 14:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 14:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 14:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 14:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2001/08/17 13:12:32 | 000,016,074 | ---- | M] (NETGEAR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FA312nd5.sys -- (FA312)
DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\BRPAR.SYS -- (BrPar)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.boyns.net
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.boyns.net
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.boyns.net
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.1and1.co.uk/?ref=EasyLogin
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\..\SearchScopes\{056272D3-20BF-4AA7-8372-1AE31731960C}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7RNWF_enGB469
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.10.10.10:3128
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\WINDOWS\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\TalkTalk\Security\NRS\[email protected] [2012/04/23 09:25:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/03 20:39:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/16 07:36:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/04/04 17:52:47 | 000,000,000 | ---D | M]
[2012/01/25 15:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin.PRIF\Application Data\Mozilla\Extensions
[2012/05/02 10:54:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin.PRIF\Application Data\Mozilla\Firefox\Profiles\13x0v4cf.default\extensions
[2012/02/03 00:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/07 15:23:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/08/03 16:07:19 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/03/21 13:02:14 | 000,042,737 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ROBIN.PRIF\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\13X0V4CF.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI
[2012/05/03 20:39:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/21 05:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 05:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2008/10/29 11:48:27 | 000,268,560 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 208.67.70.3
O1 - Hosts: 127.0.0.1 38.99.150.167
O1 - Hosts: 127.0.0.1 38.99.150.205
O1 - Hosts: 127.0.0.1 88.255.90.60
O1 - Hosts: 127.0.0.1 opal.spod.org
O1 - Hosts: 127.0.0.1 sendspace.com
O1 - Hosts: 127.0.0.1 ad1.ny.yieldmanager.com
O1 - Hosts: 127.0.0.1 ad2.ny.yieldmanager.com
O1 - Hosts: 127.0.0.1 ny.yieldmanager.com
O1 - Hosts: 127.0.0.1 yieldmanager.com
O1 - Hosts: 127.0.0.1 193.165.167.2
O1 - Hosts: 127.0.0.1 152.66.249.135
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 9297 more lines...
O2 - BHO: (no name) - {0D84EF14-ED8E-475F-96D4-2123F65D701B} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\TalkTalk\Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\TalkTalk\Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\TalkTalk\Security\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\TalkTalk\Security\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012..\Run: [] File not found
O4 - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKLM..\RunOnce: [iolo WebUpdate Reboot] File not found
O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
O4 - Startup: C:\Documents and Settings\Erin\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Erin\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Robin.PRIF\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2380534116-3245949913-2394868359-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\TalkTalk\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\TalkTalk\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\TalkTalk\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\TalkTalk\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKLM\..Trusted Domains: contentmatch.net ([ny] http in Trusted sites)
O15 - HKLM\..Trusted Domains: contentmatch.net ([ny] https in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} http://www.mrw.inter...er/tdserver.cab (TDServer Control)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} https://components.v...unknown (Reg Error: Key error.)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/...oader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macrom...tor/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} https://signup.msn.c...es/MsnInstC.cab (InstallerBehaviorFactory Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1203240243193 (MUCatalogWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1124365501312 (MUWebControl Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} https://www.ibm.com/...ad/IbmEgath.cab (IBM Access Support)
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} http://secure2.comne...login-devel.cab (SecureLogin class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} http://webcamnow.com...tiveXWebCam.cab (WebCam Control)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7934.2904282407 (Reg Error: Key error.)
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} http://195.62.202.14...in/h263ctrl.cab (VaPgCtrl Class)
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} http://www.nwales-tr...ivex/camera.cab (Cameractl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} http://download.macr...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} http://download.abac...abasetup145.cab (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72B1AAA1-C5C0-448A-A0F0-4E2DD54F4FF4}: DhcpNameServer = 10.10.10.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A746E855-84F1-49DE-8FAA-832298807267}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found.
O24 - Desktop WallPaper: C:\Documents and Settings\Robin.PRIF\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robin.PRIF\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/11/09 04:54:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{459e5c43-a4e2-11d8-bec6-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{459e5c43-a4e2-11d8-bec6-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{459e5c43-a4e2-11d8-bec6-806d6172696f}\Shell\AutoRun\command - "" = D:\Install.exe
O34 - HKLM BootExecute: ("autocheck autochk *")
O34 - HKLM BootExecute: (6.)
O34 - HKLM BootExecute: ("╁̉Ұ")
O34 - HKLM BootExecute: (])
O34 - HKLM BootExecute: ("Software\Adobe\Acrobat Reader\10.0\RememberedViews\cNoCategoryFiles\c12\cViewDef\cTopLeftView")
O34 - HKLM BootExecute: (l)
O34 - HKLM BootExecute: ("⑱̉Ұ")
O34 - HKLM BootExecute: (])
O34 - HKLM BootExecute: ("Software\Adobe\Acrobat Reader\10.0\RememberedViews\cNoCategoryFiles\c12\cViewDef\cTopLeftView")
O34 - HKLM BootExecute: ("")
O34 - HKLM BootExecute: ("㷑ҤҰ")
O34 - HKLM BootExecute: (ġ)
O34 - HKLM BootExecute: ("Offline pages are Web pages that are stored on your computer so you can view them without being connected to the Internet. If you delete these pages now, you can still view your favorites offline later by synchronizing them. Your personalized settings for Web pages will be left intact.")
O34 - HKLM BootExecute: (unt)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10
========== Files/Folders - Created Within 30 Days ==========
[2012/05/21 14:09:53 | 068,634,224 | ---- | C] (F-Secure Corporation) -- C:\Documents and Settings\Robin.PRIF\Desktop\TTS9-0[UZR0-BRKJ-90BJ-RVM0-U26K].exe
[2012/05/21 12:57:02 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/05/20 21:08:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2012/05/20 21:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sonic
[2012/05/20 10:45:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.PRIF\Application Data\Sony Corporation
[2012/05/20 10:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.PRIF\My Documents\Picture Motion Browser
[2012/05/20 10:35:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DLA
[2012/05/20 10:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Sonic
[2012/05/20 10:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2012/05/20 09:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.PRIF\Application Data\vlc
[2012/05/11 05:37:08 | 015,935,168 | ---- | C] (Corel ) -- C:\Documents and Settings\Robin.PRIF\My Documents\English_PSPX_RegXtras.exe
[2012/05/11 05:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.PRIF\Application Data\Download Manager
[2012/05/10 14:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.PRIF\Application Data\com.acrobat.createpdf.CreatePDFDesktop
[2012/05/10 14:09:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2012/05/03 20:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/03 20:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/27 14:25:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Robin.PRIF\My Documents\My Data Sources
[2012/04/27 05:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012/04/25 06:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.PRIF\Desktop\Unused Desktop Shortcuts
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/23 19:29:11 | 000,012,710 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/23 19:28:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/23 17:16:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/23 15:13:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2012/05/23 07:17:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Robin.PRIF\Desktop\MBR.dat
[2012/05/21 13:23:27 | 068,634,224 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\Robin.PRIF\Desktop\TTS9-0[UZR0-BRKJ-90BJ-RVM0-U26K].exe
[2012/05/21 06:47:37 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\uti2mju5.sys
[2012/05/20 10:36:11 | 000,040,424 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/05/20 10:32:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/20 10:24:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2012/05/20 10:22:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/20 09:22:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/20 05:22:00 | 000,000,562 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2012/05/19 10:50:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Diskeeper Lite.job
[2012/05/14 05:26:35 | 000,302,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/14 03:20:27 | 000,451,584 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/14 03:20:27 | 000,075,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/11 05:40:35 | 015,935,168 | ---- | M] (Corel ) -- C:\Documents and Settings\Robin.PRIF\My Documents\English_PSPX_RegXtras.exe
[2012/05/11 05:36:00 | 000,000,848 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/05/10 14:09:48 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe CreatePDF Desktop.lnk
[2012/05/09 08:07:45 | 000,044,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012/04/27 11:37:36 | 000,001,785 | ---- | M] () -- C:\Documents and Settings\Robin.PRIF\My Documents\Gwyfynod a gloynod 30.odb
[2012/04/27 07:04:02 | 000,001,786 | ---- | M] () -- C:\Documents and Settings\Robin.PRIF\My Documents\Gwyfynod a gloynod 21.odb
[2012/04/27 07:00:53 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\Robin.PRIF\My Documents\Gwyfynod a gloynod 20.odb
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/23 07:17:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Robin.PRIF\Desktop\MBR.dat
[2012/05/21 06:47:28 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\uti2mju5.sys
[2012/05/10 14:09:48 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe CreatePDF Desktop.lnk
[2012/04/27 11:37:36 | 000,001,785 | ---- | C] () -- C:\Documents and Settings\Robin.PRIF\My Documents\Gwyfynod a gloynod 30.odb
[2012/04/27 07:04:02 | 000,001,786 | ---- | C] () -- C:\Documents and Settings\Robin.PRIF\My Documents\Gwyfynod a gloynod 21.odb
[2012/04/27 07:00:53 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\Robin.PRIF\My Documents\Gwyfynod a gloynod 20.odb
[2012/04/17 08:13:51 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/03/19 13:18:17 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/03/13 14:12:42 | 000,000,008 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2012/02/14 17:49:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/01 17:09:28 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Robin.PRIF\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/29 15:21:48 | 000,044,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011/02/01 19:25:32 | 000,000,248 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
========== LOP Check ==========
[2008/05/03 16:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/01/29 15:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2012/01/29 15:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2011/08/28 15:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hazard Perception Training
[2008/12/09 20:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012/05/23 19:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/04/04 17:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2012/04/04 16:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2008/05/31 15:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/03/14 08:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer
[2004/09/23 11:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PGP Corporation
[2008/02/20 08:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2003/11/10 07:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2003/11/10 07:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\InterTrust
[2012/03/27 14:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\iolo
[2012/02/13 14:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\OpenOffice.org
[2012/02/13 14:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\PC Suite
[2012/03/09 20:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\Search Settings
[2003/11/10 07:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\InterTrust
[2008/10/23 16:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\PC Suite
[2008/11/15 12:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Search Settings
[2012/03/19 13:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2012/05/20 21:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2012/02/24 07:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\1&1
[2012/01/25 15:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\Canon
[2012/05/10 14:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\com.acrobat.createpdf.CreatePDFDesktop
[2012/01/25 15:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\CyberScrub
[2012/02/01 12:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\EPSON
[2012/03/07 01:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\F-Secure
[2012/03/06 16:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\FileZilla
[2003/11/10 07:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\InterTrust
[2012/04/04 11:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\iolo
[2012/04/04 17:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\Nokia
[2012/01/30 14:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\OpenOffice.org
[2012/01/25 16:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\PC Suite
[2012/03/14 08:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\PDF Writer
[2012/01/30 13:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.PRIF\Application Data\Search Settings
[2012/05/20 10:24:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2012/05/19 10:50:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\Diskeeper Lite.job
[2004/05/25 11:22:00 | 000,000,696 | ---- | M] () -- C:\WINDOWS\Tasks\new.job
[2012/05/20 05:22:00 | 000,000,562 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled scanning task.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 08:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2002/08/29 13:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\$NtUninstallKB820291$\explorer.exe
< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 08:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: USERINIT.EXE >
[2004/08/04 08:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/04 08:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = System32\DRIVERS\netbt.sys -- [2008/04/13 20:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
"DisplayName" = NetBT
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{053E339B-B115-46E2-A513-EE43E7AD00BB}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{6078BE8E-6CB2-4167-980D-65EFBDB392CC}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{72B1AAA1-C5C0-448A-A0F0-4E2DD54F4FF4}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{8AA7050F-F468-443F-8059-101873B32F47}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{A175AC96-18AA-4341-BC66-D78BF5750B16}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{A746E855-84F1-49DE-8FAA-832298807267}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{BD31F44A-EB0B-4B9F-AB5F-8D3FE8D7736E}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{CB38713B-854E-4744-AA0A-40122955D1FE}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{CBC6863B-5B26-43FF-8E4D-F345B26B1178}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = System32\DRIVERS\netbios.sys -- [2008/04/13 19:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 08 01 07 01 06 01 00 01 01 00 02 00 03 00 04 00 05 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2002/08/29 13:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/03 20:38:39 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/03 20:38:39 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/03 20:38:39 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/03 20:39:01 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/03 20:39:01 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/03 20:39:01 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 13:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 13:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 13:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/03 20:38:39 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/03 20:38:39 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/03 20:38:39 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/03 20:39:01 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/03 20:39:01 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/03 20:39:01 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 13:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 13:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 13:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< C:\Windows\assembly\tmp\U\*.* /s >
< C:\Program Files\Common Files\ComObjects\*.* /s >
< C:\windows\*. /RP /s >
< %Temp%\smtmp\1\*.* >
< %Temp%\smtmp\2\*.* >
< %Temp%\smtmp\3\*.* >
< %Temp%\smtmp\4\*.* >
< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: PRIF
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B
Volume 1 D lupu_528 CDFS DVD-ROM 131 MB
Volume 2 W DVD-ROM 0 B
Volume 3 C DRIVE_C NTFS Partition 114 GB Healthy System
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
========== Alternate Data Streams ==========
@Alternate Data Stream - 5016 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
< End of report >
OTL Extras logfile created on: 23/05/2012 19:50:49 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Robin.PRIF\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
991.49 Mb Total Physical Memory | 625.54 Mb Available Physical Memory | 63.09% Memory free
4.88 Gb Paging File | 4.65 Gb Available in Paging File | 95.37% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.49 Gb Total Space | 36.83 Gb Free Space | 32.17% Space Free | Partition Type: NTFS
Drive D: | 130.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: PRIF | User Name: Robin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-2380534116-3245949913-2394868359-1012\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Directory [DirSize] -- Reg Error: Value error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01000A03-E058-11D3-9C13-0000E220DC33}" = MiraScan V4.03
"{113EECD6-9A04-11D4-811D-00805F923B86}" = Lotus NotesSQL 3.01 driver
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1E6875D5-5A1D-4569-840F-371FF391A4CE}" = ScanButton 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{269DBC9C-CAFC-472d-B1F1-0D327C2FFA76}" = Canon MF3200 Series
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java 6 Update 22
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59552B98-E671-AFA7-C04D-6F62DDD44D3C}" = Adobe® CreatePDF Desktop
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{6B28B35A-2A37-46A0-8A84-B0D838D37BE9}" = PageManager For EPSON
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.4.3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}" = ALi USB2.0 Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABE6EF98-9D69-471F-A52D-CE5E86B84FFC}" = PC Camera (6005 CIF)
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{D1AD7439-FBCA-4345-A780-2A5617EBA9DE}" = neoDVDplus5
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DCFF9230-22DC-40ED-BBCC-0F260B85734C}" = Tsunami-Filter-Pack
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11
"{EB489F13-5AA1-450D-8E8E-44D6B55A5574}" = Nokia PC Suite 5.8
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.19)
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALC1100 Paper Jam Guide" = ALC1100 Paper Jam Guide
"ALC1100 Reference Guide" = ALC1100 Reference Guide
"ALCX11 User's Guide" = ALCX11 User's Guide
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1394
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"com.acrobat.createpdf.CreatePDFDesktop" = Adobe® CreatePDF Desktop
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CorelDRAW 10" = CorelDRAW 10
"CyberScrub Professional 3.0" = CyberScrub Professional 3.0
"DivX Codec" = DivX Codec
"DivX Player" = DivX Player
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"FLV Player" = FLV Player 2.0, build 24
"F-Secure Product 444" = TalkTalk Security
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War
"InstallShield_{D1AD7439-FBCA-4345-A780-2A5617EBA9DE}" = neoDVDplus
"InstallShield_{EB489F13-5AA1-450D-8E8E-44D6B55A5574}" = Nokia PC Suite 5.8
"LameACM" = Lame ACM MP3 Codec
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MagicDisc 2.5.79" = MagicDisc 2.5.79
"Matroska Pack" = Matroska Pack
"Media Player - Codec Pack" = Media Player Codec Pack 2.2.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"MoffFreeCalc_is1" = Moffsoft FreeCalc
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Suite" = Nokia Suite
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"PowerDVD" = PowerDVD
"PSP Anniversary Edition Xtras" = PSP Anniversary Edition Xtras
"S3" = KM400/KN400 Display Driver and Utilities
"SecondLifeViewer" = SecondLifeViewer (remove only)
"ST6UNST #3" = Audio Edit
"SWiSH Max2" = SWiSH Max2
"SWiSHmax" = SWiSHmax
"SWiSHvideo2" = SWiSHvideo2
"The Core Media Player" = The Core Media Player 4.0
"TreeSize Professional_is1" = TreeSize Professional 3.3.3
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"wa2wmp" = Windows Media Player Skin Importer
"WavePad" = WavePad Uninstall
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WebDesigner" = Microsoft Expression Web
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2380534116-3245949913-2394868359-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ OSession Events ]
Error - 10/02/2008 05:46:05 | Computer Name = YOUR-R8CM2B14MH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10054
seconds with 2460 seconds of active time. This session ended with a crash.
Error - 19/05/2008 14:43:12 | Computer Name = YOUR-R8CM2B14MH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5858
seconds with 1320 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 23/05/2012 14:16:27 | Computer Name = PRIF | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31
Error - 23/05/2012 14:16:27 | Computer Name = PRIF | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31
Error - 23/05/2012 14:16:27 | Computer Name = PRIF | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31
Error - 23/05/2012 14:16:27 | Computer Name = PRIF | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK7 eeCtrl Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
Error - 23/05/2012 14:26:18 | Computer Name = PRIF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 23/05/2012 14:28:53 | Computer Name = PRIF | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 000C76BFE378 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 23/05/2012 14:29:22 | Computer Name = PRIF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 23/05/2012 14:30:24 | Computer Name = PRIF | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK7 eeCtrl Fips
Error - 23/05/2012 14:36:33 | Computer Name = PRIF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 23/05/2012 14:37:33 | Computer Name = PRIF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
#11
Posted 23 May 2012 - 01:45 PM
I am glad you removed it!1. Deleted Iolo; I have it installed on the other comp (the lap-top) as well.
Thanks we will address it in a future post if necessary.2. Re: Do you recognize this?
GMSIPCI.SYS on drive D:\ in the Install directory as a service, normally these are on drive C:\
No idea! The odd thing, however is that I have only 2 dvd drives: D and E. there appears a third - W in the My Comp window.
OK3. re: Malwarebytes: I don't have it installed.
4. Logs:
Below the turn of MalwareBytes' is a Fix you will need to run and beyond that the running of ComboFix and TDSSKiller.
I am looking forward to the results of those tools!
#12
Posted 23 May 2012 - 02:15 PM
ComboFix 12-05-23.05 - Robin 23/05/2012 20:26:17.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.991.446 [GMT 1:00]
Running from: c:\documents and settings\Robin.PRIF\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Erin\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\Robin.PRIF\Application Data\1&1
c:\documents and settings\Robin.PRIF\WINDOWS
c:\program files\Common Files\qoio
c:\program files\Common Files\qoio\qoioa.lck
c:\program files\Common Files\qoio\qoiod\class-barrel
c:\program files\Common Files\qoio\qoioh
c:\program files\Common Files\qoio\qoiol.lck
c:\program files\Common Files\qoio\qoiom.lck
c:\program files\Common Files\qoio\qoiop.lck
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettings.dll
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
C:\Thumbs.db
c:\windows\apppatch\apploc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\fspscprereqmsiinst.log
c:\windows\Mplayer.exe
c:\windows\system32\65.dll
c:\windows\system32\avisynth.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\delete.bat
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\setup.ini
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EPSONSTATUSAGENT2
-------\Service_EPSONStatusAgent2
.
.
((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))
.
.
2012-05-21 05:47 . 2012-05-21 05:47 7168 ----a-w- c:\windows\system32\drivers\uti2mju5.sys
2012-05-20 20:08 . 2012-05-20 20:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo
2012-05-20 20:08 . 2012-05-20 20:08 -------- d-----w- c:\windows\LastGood.Tmp
2012-05-20 09:45 . 2012-05-20 09:45 -------- d-----w- c:\documents and settings\Robin.PRIF\Application Data\Sony Corporation
2012-05-20 09:35 . 2006-06-12 02:30 89264 ----a-w- c:\windows\system32\drivers\DRVMCDB.SYS
2012-05-20 09:35 . 2006-03-17 07:35 5660 ----a-w- c:\windows\system32\drivers\DLACDBHM.SYS
2012-05-20 09:35 . 2006-03-17 07:34 22684 ----a-w- c:\windows\system32\drivers\DLARTL_N.SYS
2012-05-20 09:35 . 2006-03-17 04:20 40544 ----a-w- c:\windows\system32\drivers\DRVNDDM.SYS
2012-05-20 09:35 . 2006-06-13 04:20 94263 ----a-w- c:\windows\DLA.EXE
2012-05-20 09:35 . 2012-05-20 20:06 -------- d-----w- c:\windows\system32\DLA
2012-05-20 09:35 . 2012-05-20 09:35 -------- d-----w- c:\program files\Sonic
2012-05-20 09:28 . 2012-05-20 09:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2012-05-20 08:42 . 2012-05-20 19:47 -------- d-----w- c:\documents and settings\Robin.PRIF\Application Data\vlc
2012-05-14 02:02 . 2012-05-14 02:02 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2012-05-11 04:37 . 2012-05-11 05:44 -------- d-----w- c:\documents and settings\Robin.PRIF\Application Data\Download Manager
2012-05-10 13:10 . 2012-05-10 13:10 -------- d-----w- c:\documents and settings\Robin.PRIF\Application Data\com.acrobat.createpdf.CreatePDFDesktop
2012-05-08 12:33 . 2012-05-08 12:33 -------- d-----w- c:\documents and settings\Robin\Ffon Dad
2012-05-03 19:40 . 2012-05-03 19:40 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-03 19:39 . 2012-05-03 19:39 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-03 19:39 . 2012-05-03 19:39 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-27 04:58 . 2012-04-27 04:59 -------- d-----w- c:\program files\MSECache
2012-04-24 19:02 . 2008-04-13 23:12 20992 ----a-w- c:\windows\system32\dshowext.ax
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 20:33 . 2012-04-05 07:20 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 20:33 . 2012-02-02 15:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:12 . 2008-02-17 09:56 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2008-02-17 09:56 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2008-02-17 09:56 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-19 12:18 . 2012-03-19 12:18 74703 ----a-w- c:\windows\system32\mfc45.dll
2012-03-03 00:00 . 2012-03-14 07:32 197120 ----a-w- c:\windows\system32\bzpdf.dll
2012-03-01 11:01 . 2004-02-06 17:05 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2003-11-09 02:40 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2003-11-09 02:40 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-02-17 09:56 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:10 . 2003-11-09 02:41 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 12:17 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2001-06-17 16:29 . 2001-06-17 16:29 204800 -c--a-w- c:\program files\MagicFlare.exe
2012-05-03 19:39 . 2012-01-29 14:04 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 68856]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-02-01 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 55296]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-04-03 160840]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMem
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 10:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scan Buttons]
2006-01-12 18:21 221184 -c--a-w- c:\program files\EPSON\Creativity Suite\PageManager\Pmsb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"InvisibleBrowsing"=
"Nokia Tray Application"=c:\program files\Common Files\Nokia\Tools\NclTray.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"<NO NAME>"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"RemoteAddresses"= *
"Enabled"= 1 (0x1)
.
R2 bsaspi32;bsaspi32; [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-30 135664]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [x]
R2 PVM Service;PVM Service;c:\program files\RingThree\bin\pvmservice.exe [2007-11-08 294912]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-30 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
R3 SNCT511;PC Camera (6005 CIF);c:\windows\system32\DRIVERS\snct511.sys [2002-11-13 234368]
R3 uti2mju5;AVZ Kernel Driver;c:\windows\system32\Drivers\uti2mju5.sys [2012-05-21 7168]
R3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver;c:\windows\system32\drivers\UsbMicfilt.sys [2002-05-14 22571]
R3 ZSMC302;PCL-W310;c:\windows\system32\Drivers\usbvm302.sys [2002-11-28 93962]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-06-21 716272]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 20:33]
.
2012-05-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-30 16:02]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-30 16:02]
.
2004-05-25 c:\windows\Tasks\new.job
- c:\windows\system32\ntbackup.exe [2003-11-09 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.1and1.co.uk/?ref=EasyLogin
uInternet Settings,ProxyServer = 10.10.10.10:3128
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: contentmatch.net\ny
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - hxxp://www.nwales-traffic.co.uk/files/activex/camera.cab
FF - ProfilePath - c:\documents and settings\Robin.PRIF\Application Data\Mozilla\Firefox\Profiles\13x0v4cf.default\
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0D84EF14-ED8E-475F-96D4-2123F65D701B} - (no file)
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
SafeBoot-Wdf01000.sys
AddRemove-PowerDVD - c:\program files\CyberLink\PowerDVD\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-23 20:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{057AFF8E-18BB-3F80-364CCC2831522BE6}\{99AD5AFA-2676-F639-545B2C570527D246}\{9515C81F-50C9-6ACD-17AF77618A15A8EB}*]
"63AUOURV1X6YIYB2ELIFO4LTRC1"=hex:01,00,01,00,00,00,00,00,87,da,ad,38,2b,26,f8,
c3,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EA0A4278-51A3-7709-84DDEF02950ADF94}\{11936336-4B9A-79DD-A94F2AD208D83E94}\{0A7B61F5-80AE-3EB6-867F93DE000E0517}*]
"63AUOURV1X6YIYB2ELIFO4LTRC1"=hex:01,00,01,00,00,00,00,00,87,da,ad,38,2b,26,f8,
c3,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\LameACM.acm
c:\windows\system32\IEFRAME.dll
c:\windows\system32\ac3filter.acm
c:\windows\system32\l3codecp.acm
.
- - - - - - - > 'explorer.exe'(1064)
c:\windows\system32\WININET.dll
c:\docume~1\ROBIN~1.PRI\LOCALS~1\Temp\catchme.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SOUNDMAN.EXE
c:\program files\Microsoft IntelliPoint\dw15.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2012-05-23 20:55:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-23 19:55
.
Pre-Run: 40,042,160,128 bytes free
Post-Run: 40,114,376,704 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 6BBCAA1E8BC5C3CE3A1A43A53A3E3704
more to follow
#13
Posted 23 May 2012 - 02:19 PM
You said: If Cure is not available, please choose Skip instead; however there is a third option: "Copy to quarantine". Which should I chose, please?
#14
Posted 23 May 2012 - 02:23 PM
21:13:11.0781 1268 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
21:13:11.0968 1268 ============================================================
21:13:11.0968 1268 Current date / time: 2012/05/23 21:13:11.0968
21:13:11.0968 1268 SystemInfo:
21:13:11.0968 1268
21:13:11.0968 1268 OS Version: 5.1.2600 ServicePack: 3.0
21:13:11.0968 1268 Product type: Workstation
21:13:11.0968 1268 ComputerName: PRIF
21:13:11.0968 1268 UserName: Robin
21:13:11.0968 1268 Windows directory: C:\WINDOWS
21:13:11.0968 1268 System windows directory: C:\WINDOWS
21:13:11.0968 1268 Processor architecture: Intel x86
21:13:11.0968 1268 Number of processors: 1
21:13:11.0968 1268 Page size: 0x1000
21:13:11.0968 1268 Boot type: Safe boot with network
21:13:11.0968 1268 ============================================================
21:13:14.0734 1268 Drive \Device\Harddisk0\DR0 - Size: 0x1C9FEF0000 (114.50 Gb), SectorSize: 0x200, Cylinders: 0x3A62, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:13:14.0734 1268 ============================================================
21:13:14.0734 1268 \Device\Harddisk0\DR0:
21:13:14.0734 1268 MBR partitions:
21:13:14.0734 1268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE4FBFA3
21:13:14.0734 1268 ============================================================
21:13:14.0781 1268 C: <-> \Device\Harddisk0\DR0\Partition0
21:13:14.0796 1268 ============================================================
21:13:14.0796 1268 Initialize success
21:13:14.0796 1268 ============================================================
21:14:51.0359 0720 ============================================================
21:14:51.0359 0720 Scan started
21:14:51.0359 0720 Mode: Manual; SigCheck; TDLFS;
21:14:51.0359 0720 ============================================================
21:14:52.0359 0720 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
21:14:55.0000 0720 61883 - ok
21:14:55.0015 0720 Abiosdsk - ok
21:14:55.0046 0720 abp480n5 - ok
21:14:55.0093 0720 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:14:55.0281 0720 ACPI - ok
21:14:55.0328 0720 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:14:55.0515 0720 ACPIEC - ok
21:14:55.0625 0720 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:14:55.0640 0720 AdobeFlashPlayerUpdateSvc - ok
21:14:55.0671 0720 adpu160m - ok
21:14:55.0718 0720 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:14:55.0906 0720 aec - ok
21:14:55.0937 0720 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:14:56.0000 0720 AFD - ok
21:14:56.0015 0720 Aha154x - ok
21:14:56.0031 0720 aic78u2 - ok
21:14:56.0062 0720 aic78xx - ok
21:14:56.0156 0720 ALCXWDM (02d94d2d336d3de8c5e8fe04a62d552d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:14:56.0312 0720 ALCXWDM - ok
21:14:56.0359 0720 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:14:56.0515 0720 Alerter - ok
21:14:56.0546 0720 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:14:56.0734 0720 ALG - ok
21:14:56.0750 0720 AliIde - ok
21:14:56.0796 0720 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
21:14:56.0968 0720 AmdK7 - ok
21:14:56.0984 0720 amsint - ok
21:14:57.0031 0720 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:14:57.0218 0720 AppMgmt - ok
21:14:57.0250 0720 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:14:57.0421 0720 Arp1394 - ok
21:14:57.0437 0720 asc - ok
21:14:57.0468 0720 asc3350p - ok
21:14:57.0500 0720 asc3550 - ok
21:14:57.0593 0720 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\aspi32.sys
21:14:57.0609 0720 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
21:14:57.0609 0720 Aspi32 - detected UnsignedFile.Multi.Generic (1)
21:14:57.0718 0720 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:14:57.0765 0720 aspnet_state - ok
21:14:57.0796 0720 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:14:57.0968 0720 AsyncMac - ok
21:14:58.0000 0720 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:14:58.0171 0720 atapi - ok
21:14:58.0187 0720 Atdisk - ok
21:14:58.0218 0720 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:14:58.0406 0720 Atmarpc - ok
21:14:58.0500 0720 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:14:58.0703 0720 AudioSrv - ok
21:14:58.0734 0720 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:14:58.0937 0720 audstub - ok
21:14:59.0000 0720 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
21:14:59.0156 0720 Avc - ok
21:14:59.0203 0720 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
21:14:59.0437 0720 basic2 - ok
21:14:59.0500 0720 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:14:59.0703 0720 Beep - ok
21:14:59.0750 0720 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:15:00.0140 0720 BITS - ok
21:15:00.0171 0720 Brother XP spl Service (d3facb34fff5db91adb70987838f8ba7) C:\WINDOWS\System32\brsvc01a.exe
21:15:00.0250 0720 Brother XP spl Service - ok
21:15:00.0296 0720 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:15:00.0468 0720 Browser - ok
21:15:00.0515 0720 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
21:15:00.0531 0720 BrPar ( UnsignedFile.Multi.Generic ) - warning
21:15:00.0531 0720 BrPar - detected UnsignedFile.Multi.Generic (1)
21:15:00.0546 0720 bsaspi32 - ok
21:15:00.0578 0720 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
21:15:00.0765 0720 BthEnum - ok
21:15:00.0796 0720 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
21:15:00.0968 0720 BthPan - ok
21:15:01.0046 0720 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
21:15:01.0093 0720 BTHPORT - ok
21:15:01.0125 0720 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
21:15:01.0312 0720 BthServ - ok
21:15:01.0359 0720 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
21:15:01.0531 0720 BTHUSB - ok
21:15:01.0625 0720 catchme - ok
21:15:01.0687 0720 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:15:01.0921 0720 cbidf2k - ok
21:15:01.0953 0720 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:15:02.0125 0720 CCDECODE - ok
21:15:02.0156 0720 cd20xrnt - ok
21:15:02.0218 0720 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:15:02.0453 0720 Cdaudio - ok
21:15:02.0484 0720 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:15:02.0656 0720 Cdfs - ok
21:15:02.0703 0720 cdrbsvsd (c1ec76f0af2c4f748eb2c907fb345c48) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
21:15:02.0718 0720 cdrbsvsd ( UnsignedFile.Multi.Generic ) - warning
21:15:02.0718 0720 cdrbsvsd - detected UnsignedFile.Multi.Generic (1)
21:15:02.0750 0720 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:15:03.0078 0720 Cdrom - ok
21:15:03.0093 0720 Changer - ok
21:15:03.0125 0720 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:15:03.0265 0720 CiSvc - ok
21:15:03.0281 0720 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:15:03.0453 0720 ClipSrv - ok
21:15:03.0546 0720 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:15:03.0656 0720 clr_optimization_v2.0.50727_32 - ok
21:15:03.0656 0720 CmdIde - ok
21:15:03.0671 0720 COMSysApp - ok
21:15:03.0703 0720 Cpqarray - ok
21:15:03.0750 0720 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:15:03.0937 0720 CryptSvc - ok
21:15:03.0937 0720 dac2w2k - ok
21:15:03.0953 0720 dac960nt - ok
21:15:04.0000 0720 DCamUSBSQTECH (100ff3d9e16afb3163bd6f9aaaab7c55) C:\WINDOWS\system32\Drivers\SQcaptur.sys
21:15:04.0031 0720 DCamUSBSQTECH ( UnsignedFile.Multi.Generic ) - warning
21:15:04.0031 0720 DCamUSBSQTECH - detected UnsignedFile.Multi.Generic (1)
21:15:04.0078 0720 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:15:04.0218 0720 DcomLaunch - ok
21:15:04.0250 0720 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:15:04.0421 0720 Dhcp - ok
21:15:04.0453 0720 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:15:04.0609 0720 Disk - ok
21:15:04.0671 0720 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:15:04.0765 0720 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
21:15:04.0765 0720 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
21:15:04.0796 0720 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:15:04.0812 0720 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
21:15:04.0812 0720 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
21:15:04.0843 0720 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) C:\WINDOWS\system32\DLA\DLADResN.SYS
21:15:04.0859 0720 DLADResN ( UnsignedFile.Multi.Generic ) - warning
21:15:04.0859 0720 DLADResN - detected UnsignedFile.Multi.Generic (1)
21:15:04.0875 0720 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:15:04.0890 0720 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
21:15:04.0890 0720 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
21:15:04.0906 0720 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:15:04.0937 0720 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
21:15:04.0937 0720 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
21:15:04.0953 0720 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:15:04.0968 0720 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
21:15:04.0968 0720 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
21:15:04.0984 0720 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
21:15:05.0015 0720 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
21:15:05.0015 0720 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
21:15:05.0046 0720 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:15:05.0062 0720 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
21:15:05.0062 0720 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
21:15:05.0078 0720 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:15:05.0093 0720 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
21:15:05.0093 0720 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
21:15:05.0109 0720 dmadmin - ok
21:15:05.0171 0720 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:15:05.0343 0720 dmboot - ok
21:15:05.0390 0720 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:15:05.0562 0720 dmio - ok
21:15:05.0593 0720 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:15:05.0828 0720 dmload - ok
21:15:05.0859 0720 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:15:06.0000 0720 dmserver - ok
21:15:06.0031 0720 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:15:06.0203 0720 DMusic - ok
21:15:06.0234 0720 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:15:06.0343 0720 Dnscache - ok
21:15:06.0406 0720 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:15:06.0562 0720 Dot3svc - ok
21:15:06.0578 0720 dpti2o - ok
21:15:06.0609 0720 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:15:06.0765 0720 drmkaud - ok
21:15:06.0796 0720 DRVMCDB (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:15:06.0828 0720 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
21:15:06.0828 0720 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
21:15:06.0843 0720 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:15:06.0859 0720 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
21:15:06.0859 0720 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
21:15:06.0906 0720 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
21:15:06.0937 0720 dtscsi - ok
21:15:06.0984 0720 DVD-RAM_Service (77c4901986fc7a83e853b300e80d234b) C:\WINDOWS\System32\DVDRAMSV.exe
21:15:07.0000 0720 DVD-RAM_Service ( UnsignedFile.Multi.Generic ) - warning
21:15:07.0000 0720 DVD-RAM_Service - detected UnsignedFile.Multi.Generic (1)
21:15:07.0031 0720 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:15:07.0187 0720 EapHost - ok
21:15:07.0296 0720 eeCtrl (47ce4e650d91dc095a2fddb15631a78a) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:15:07.0343 0720 eeCtrl - ok
21:15:07.0484 0720 EpsonBidirectionalService (a0fb385b6281d694f8930c2ef85c453e) C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
21:15:07.0546 0720 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
21:15:07.0546 0720 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
21:15:07.0578 0720 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:15:07.0750 0720 ERSvc - ok
21:15:07.0781 0720 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:15:07.0890 0720 Eventlog - ok
21:15:07.0921 0720 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
21:15:07.0984 0720 EventSystem - ok
21:15:08.0046 0720 FA312 (aa855fb8a866281aacb393c1feab91ae) C:\WINDOWS\system32\DRIVERS\FA312nd5.sys
21:15:08.0250 0720 FA312 - ok
21:15:08.0312 0720 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
21:15:08.0531 0720 Fallback - ok
21:15:08.0578 0720 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:15:08.0734 0720 Fastfat - ok
21:15:08.0781 0720 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:15:08.0859 0720 FastUserSwitchingCompatibility - ok
21:15:08.0890 0720 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:15:09.0046 0720 Fdc - ok
21:15:09.0062 0720 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
21:15:09.0281 0720 FETNDIS - ok
21:15:09.0343 0720 FETNDISB (693f6de7a06225ad242ffcacfe70800b) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
21:15:09.0375 0720 FETNDISB - ok
21:15:09.0406 0720 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:15:09.0562 0720 Fips - ok
21:15:09.0593 0720 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:15:09.0750 0720 Flpydisk - ok
21:15:09.0781 0720 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:15:09.0937 0720 FltMgr - ok
21:15:10.0031 0720 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:15:10.0046 0720 FontCache3.0.0.0 - ok
21:15:10.0093 0720 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
21:15:10.0343 0720 Fsks - ok
21:15:10.0406 0720 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
21:15:10.0640 0720 FsVga - ok
21:15:10.0671 0720 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:15:10.0921 0720 Fs_Rec - ok
21:15:10.0968 0720 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:15:11.0203 0720 Ftdisk - ok
21:15:11.0234 0720 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:15:11.0250 0720 GEARAspiWDM - ok
21:15:11.0250 0720 GMSIPCI - ok
21:15:11.0265 0720 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:15:11.0421 0720 Gpc - ok
21:15:11.0562 0720 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:15:11.0578 0720 gupdate - ok
21:15:11.0578 0720 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:15:11.0609 0720 gupdatem - ok
21:15:11.0671 0720 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:15:11.0703 0720 gusvc - ok
21:15:11.0750 0720 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:15:11.0921 0720 helpsvc - ok
21:15:11.0921 0720 HidServ - ok
21:15:11.0953 0720 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:15:12.0109 0720 HidUsb - ok
21:15:12.0140 0720 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:15:12.0296 0720 hkmsvc - ok
21:15:12.0312 0720 hpn - ok
21:15:12.0359 0720 HSFHWBS2 (376a3060770e356158e326a0a6983eb0) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
21:15:12.0390 0720 HSFHWBS2 ( UnsignedFile.Multi.Generic ) - warning
21:15:12.0390 0720 HSFHWBS2 - detected UnsignedFile.Multi.Generic (1)
21:15:12.0468 0720 HSF_DP (78ea911be6dcfb8d9a98a72550ec6c69) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
21:15:12.0546 0720 HSF_DP ( UnsignedFile.Multi.Generic ) - warning
21:15:12.0546 0720 HSF_DP - detected UnsignedFile.Multi.Generic (1)
21:15:12.0593 0720 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
21:15:12.0859 0720 hsf_msft - ok
21:15:12.0906 0720 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:15:12.0953 0720 HTTP - ok
21:15:12.0984 0720 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:15:13.0140 0720 HTTPFilter - ok
21:15:13.0140 0720 i2omgmt - ok
21:15:13.0156 0720 i2omp - ok
21:15:13.0187 0720 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:15:13.0359 0720 i8042prt - ok
21:15:13.0515 0720 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:15:13.0593 0720 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:15:13.0593 0720 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:15:13.0703 0720 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:15:13.0812 0720 idsvc - ok
21:15:13.0843 0720 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:15:13.0984 0720 Imapi - ok
21:15:14.0031 0720 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:15:14.0203 0720 ImapiService - ok
21:15:14.0218 0720 ini910u - ok
21:15:14.0234 0720 IntelIde - ok
21:15:14.0312 0720 ioloSystemService - ok
21:15:14.0359 0720 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:15:14.0531 0720 Ip6Fw - ok
21:15:14.0546 0720 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:15:14.0796 0720 IpFilterDriver - ok
21:15:14.0812 0720 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:15:14.0953 0720 IpInIp - ok
21:15:15.0109 0720 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:15:15.0281 0720 IpNat - ok
21:15:15.0312 0720 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:15:15.0453 0720 IPSec - ok
21:15:15.0484 0720 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:15:15.0640 0720 IRENUM - ok
21:15:15.0656 0720 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:15:15.0812 0720 isapnp - ok
21:15:15.0906 0720 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
21:15:15.0937 0720 JavaQuickStarterService - ok
21:15:15.0937 0720 JiaoCap - ok
21:15:16.0000 0720 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
21:15:16.0281 0720 K56 - ok
21:15:16.0312 0720 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:15:16.0453 0720 Kbdclass - ok
21:15:16.0500 0720 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:15:16.0718 0720 kmixer - ok
21:15:16.0765 0720 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
21:15:16.0796 0720 KMWDFILTER - ok
21:15:16.0843 0720 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:15:16.0906 0720 KSecDD - ok
21:15:16.0937 0720 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:15:17.0031 0720 lanmanserver - ok
21:15:17.0078 0720 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:15:17.0125 0720 lanmanworkstation - ok
21:15:17.0140 0720 lbrtfdc - ok
21:15:17.0171 0720 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:15:17.0375 0720 LmHosts - ok
21:15:17.0390 0720 LVUSBSta - ok
21:15:17.0453 0720 MagicTune (f627e9da4d3d8dc05a15b68944302f14) C:\WINDOWS\system32\drivers\MTiCtwl.sys
21:15:17.0468 0720 MagicTune ( UnsignedFile.Multi.Generic ) - warning
21:15:17.0468 0720 MagicTune - detected UnsignedFile.Multi.Generic (1)
21:15:17.0515 0720 mcdbus (f922b609524cf1ed66a1a109f3ce014f) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
21:15:17.0531 0720 mcdbus ( UnsignedFile.Multi.Generic ) - warning
21:15:17.0531 0720 mcdbus - detected UnsignedFile.Multi.Generic (1)
21:15:17.0718 0720 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
21:15:17.0750 0720 MDM - ok
21:15:17.0812 0720 mdmxsdk (29174d3d90ee4244fda6355a859691be) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:15:17.0812 0720 mdmxsdk ( UnsignedFile.Multi.Generic ) - warning
21:15:17.0812 0720 mdmxsdk - detected UnsignedFile.Multi.Generic (1)
21:15:17.0859 0720 meiudf (766a1d242f4390ddf1243084898a20c9) C:\WINDOWS\system32\Drivers\meiudf.sys
21:15:17.0875 0720 meiudf ( UnsignedFile.Multi.Generic ) - warning
21:15:17.0875 0720 meiudf - detected UnsignedFile.Multi.Generic (1)
21:15:17.0906 0720 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:15:18.0062 0720 Messenger - ok
21:15:18.0109 0720 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:15:18.0328 0720 mnmdd - ok
21:15:18.0359 0720 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
21:15:18.0515 0720 mnmsrvc - ok
21:15:18.0562 0720 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:15:18.0718 0720 Modem - ok
21:15:18.0765 0720 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:15:18.0984 0720 MODEMCSA - ok
21:15:19.0015 0720 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:15:19.0156 0720 Mouclass - ok
21:15:19.0187 0720 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:15:19.0406 0720 mouhid - ok
21:15:19.0453 0720 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:15:19.0609 0720 MountMgr - ok
21:15:19.0640 0720 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:15:19.0671 0720 MozillaMaintenance - ok
21:15:19.0671 0720 mraid35x - ok
21:15:19.0718 0720 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:15:19.0875 0720 MRxDAV - ok
21:15:19.0921 0720 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:15:20.0031 0720 MRxSmb - ok
21:15:20.0062 0720 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
21:15:20.0218 0720 MSDTC - ok
21:15:20.0250 0720 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
21:15:20.0390 0720 MSDV - ok
21:15:20.0421 0720 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:15:20.0562 0720 Msfs - ok
21:15:20.0578 0720 MSIServer - ok
21:15:20.0593 0720 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:15:20.0750 0720 MSKSSRV - ok
21:15:20.0750 0720 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:15:20.0906 0720 MSPCLOCK - ok
21:15:20.0906 0720 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:15:21.0046 0720 MSPQM - ok
21:15:21.0078 0720 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:15:21.0218 0720 mssmbios - ok
21:15:21.0250 0720 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:15:21.0390 0720 MSTEE - ok
21:15:21.0468 0720 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:15:21.0500 0720 Mup - ok
21:15:21.0531 0720 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:15:21.0703 0720 NABTSFEC - ok
21:15:21.0750 0720 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:15:21.0906 0720 napagent - ok
21:15:21.0953 0720 NCPro (f627e9da4d3d8dc05a15b68944302f14) C:\WINDOWS\system32\drivers\MTictwl.sys
21:15:21.0953 0720 NCPro ( UnsignedFile.Multi.Generic ) - warning
21:15:21.0953 0720 NCPro - detected UnsignedFile.Multi.Generic (1)
21:15:21.0984 0720 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:15:22.0140 0720 NDIS - ok
21:15:22.0171 0720 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:15:22.0312 0720 NdisIP - ok
21:15:22.0343 0720 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:15:22.0375 0720 NdisTapi - ok
21:15:22.0406 0720 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:15:22.0562 0720 Ndisuio - ok
21:15:22.0609 0720 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:15:22.0765 0720 NdisWan - ok
21:15:22.0796 0720 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:15:22.0859 0720 NDProxy - ok
21:15:22.0890 0720 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:15:23.0031 0720 NetBIOS - ok
21:15:23.0062 0720 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:15:23.0218 0720 NetBT - ok
21:15:23.0265 0720 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:15:23.0406 0720 NetDDE - ok
21:15:23.0406 0720 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:15:23.0546 0720 NetDDEdsdm - ok
21:15:23.0578 0720 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:15:23.0734 0720 Netlogon - ok
21:15:23.0765 0720 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:15:23.0921 0720 Netman - ok
21:15:24.0000 0720 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:15:24.0015 0720 NetTcpPortSharing - ok
21:15:24.0046 0720 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:15:24.0203 0720 NIC1394 - ok
21:15:24.0234 0720 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:15:24.0312 0720 Nla - ok
21:15:24.0343 0720 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\WINDOWS\system32\drivers\ccdcmb.sys
21:15:24.0515 0720 nmwcd - ok
21:15:24.0578 0720 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
21:15:24.0656 0720 nmwcdc - ok
21:15:24.0703 0720 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:15:24.0859 0720 Npfs - ok
21:15:24.0906 0720 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:15:25.0125 0720 Ntfs - ok
21:15:25.0156 0720 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
21:15:25.0296 0720 NtLmSsp - ok
21:15:25.0343 0720 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:15:25.0546 0720 NtmsSvc - ok
21:15:25.0593 0720 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:15:25.0812 0720 Null - ok
21:15:25.0859 0720 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:15:26.0078 0720 NwlnkFlt - ok
21:15:26.0093 0720 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:15:26.0328 0720 NwlnkFwd - ok
21:15:26.0562 0720 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:15:26.0609 0720 odserv - ok
21:15:26.0656 0720 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:15:26.0796 0720 ohci1394 - ok
21:15:26.0843 0720 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:15:26.0859 0720 ose - ok
21:15:26.0906 0720 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:15:27.0046 0720 Parport - ok
21:15:27.0062 0720 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:15:27.0203 0720 PartMgr - ok
21:15:27.0250 0720 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:15:27.0484 0720 ParVdm - ok
21:15:27.0515 0720 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:15:27.0578 0720 pccsmcfd - ok
21:15:27.0625 0720 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:15:27.0765 0720 PCI - ok
21:15:27.0781 0720 PCIDump - ok
21:15:27.0781 0720 PCIIde - ok
21:15:27.0812 0720 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:15:28.0015 0720 Pcmcia - ok
21:15:28.0078 0720 PDCOMP - ok
21:15:28.0093 0720 PDFRAME - ok
21:15:28.0156 0720 PDRELI - ok
21:15:28.0171 0720 PDRFRAME - ok
21:15:28.0187 0720 perc2 - ok
21:15:28.0203 0720 perc2hib - ok
21:15:28.0234 0720 PID_0928 - ok
21:15:28.0265 0720 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:15:28.0312 0720 PlugPlay - ok
21:15:28.0343 0720 Point32 (3b6973d60bde757c53bb76842d31318e) C:\WINDOWS\system32\DRIVERS\point32.sys
21:15:28.0375 0720 Point32 - ok
21:15:28.0421 0720 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:15:28.0546 0720 PolicyAgent - ok
21:15:28.0578 0720 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:15:28.0734 0720 PptpMiniport - ok
21:15:28.0750 0720 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:15:28.0906 0720 Processor - ok
21:15:28.0906 0720 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:15:29.0046 0720 ProtectedStorage - ok
21:15:29.0062 0720 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:15:29.0218 0720 PSched - ok
21:15:29.0250 0720 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:15:29.0468 0720 Ptilink - ok
21:15:29.0546 0720 PVM Service (5cdccdeb28ad6d9004d2d670e8ce3f26) C:\Program Files\RingThree\bin\pvmservice.exe
21:15:29.0609 0720 PVM Service ( UnsignedFile.Multi.Generic ) - warning
21:15:29.0609 0720 PVM Service - detected UnsignedFile.Multi.Generic (1)
21:15:29.0640 0720 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:15:29.0671 0720 PxHelp20 - ok
21:15:29.0671 0720 ql1080 - ok
21:15:29.0687 0720 Ql10wnt - ok
21:15:29.0703 0720 ql12160 - ok
21:15:29.0718 0720 ql1240 - ok
21:15:29.0734 0720 ql1280 - ok
21:15:29.0765 0720 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:15:29.0984 0720 RasAcd - ok
21:15:30.0015 0720 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:15:30.0156 0720 RasAuto - ok
21:15:30.0187 0720 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:15:30.0312 0720 Rasl2tp - ok
21:15:30.0359 0720 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:15:30.0531 0720 RasMan - ok
21:15:30.0562 0720 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:15:30.0734 0720 RasPppoe - ok
21:15:30.0781 0720 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:15:31.0015 0720 Raspti - ok
21:15:31.0046 0720 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:15:31.0187 0720 Rdbss - ok
21:15:31.0218 0720 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:15:31.0437 0720 RDPCDD - ok
21:15:31.0468 0720 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:15:31.0625 0720 rdpdr - ok
21:15:31.0671 0720 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
21:15:32.0687 0720 RDPWD - ok
21:15:34.0703 0720 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:15:34.0859 0720 RDSessMgr - ok
21:15:34.0890 0720 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:15:35.0031 0720 redbook - ok
21:15:35.0062 0720 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:15:35.0203 0720 RemoteAccess - ok
21:15:35.0250 0720 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:15:35.0406 0720 RemoteRegistry - ok
21:15:35.0453 0720 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
21:15:35.0609 0720 RFCOMM - ok
21:15:35.0640 0720 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
21:15:35.0906 0720 Rksample - ok
21:15:35.0953 0720 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
21:15:36.0109 0720 RpcLocator - ok
21:15:36.0156 0720 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
21:15:36.0265 0720 RpcSs - ok
21:15:36.0312 0720 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
21:15:36.0546 0720 RSVP - ok
21:15:36.0578 0720 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:15:36.0718 0720 SamSs - ok
21:15:36.0750 0720 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:15:36.0953 0720 SCardSvr - ok
21:15:37.0000 0720 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:15:37.0171 0720 Schedule - ok
21:15:37.0218 0720 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:15:37.0375 0720 Secdrv - ok
21:15:37.0406 0720 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:15:37.0578 0720 seclogon - ok
21:15:37.0609 0720 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:15:37.0828 0720 SENS - ok
21:15:37.0859 0720 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:15:38.0015 0720 serenum - ok
21:15:38.0046 0720 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:15:38.0187 0720 Serial - ok
21:15:38.0328 0720 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:15:38.0390 0720 ServiceLayer - ok
21:15:38.0437 0720 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
21:15:38.0593 0720 Sfloppy - ok
21:15:38.0625 0720 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:15:38.0828 0720 SharedAccess - ok
21:15:38.0859 0720 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:15:38.0890 0720 ShellHWDetection - ok
21:15:38.0890 0720 Simbad - ok
21:15:38.0921 0720 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:15:39.0062 0720 SLIP - ok
21:15:39.0109 0720 SNCT511 (d0646a58b5d1252d9b1d0bfb86bd1c06) C:\WINDOWS\system32\DRIVERS\snct511.sys
21:15:39.0140 0720 SNCT511 ( UnsignedFile.Multi.Generic ) - warning
21:15:39.0140 0720 SNCT511 - detected UnsignedFile.Multi.Generic (1)
21:15:39.0187 0720 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
21:15:39.0437 0720 SoftFax - ok
21:15:39.0500 0720 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
21:15:39.0718 0720 SONYPVU1 - ok
21:15:39.0734 0720 Sparrow - ok
21:15:39.0765 0720 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:15:39.0906 0720 splitter - ok
21:15:39.0953 0720 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:15:40.0000 0720 Spooler - ok
21:15:40.0062 0720 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\WINDOWS\system32\Drivers\sptd.sys
21:15:40.0062 0720 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
21:15:40.0078 0720 sptd ( LockedFile.Multi.Generic ) - warning
21:15:40.0078 0720 sptd - detected LockedFile.Multi.Generic (1)
21:15:40.0093 0720 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:15:40.0234 0720 sr - ok
21:15:40.0281 0720 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:15:40.0437 0720 srservice - ok
21:15:40.0500 0720 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:15:40.0593 0720 Srv - ok
21:15:40.0625 0720 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:15:40.0781 0720 SSDPSRV - ok
21:15:40.0812 0720 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:15:41.0015 0720 stisvc - ok
21:15:41.0062 0720 StreamDispatcher (5e2d5b8d8032fb05f9525a3ccfbb0600) C:\WINDOWS\system32\DRIVERS\strmdisp.sys
21:15:41.0093 0720 StreamDispatcher ( UnsignedFile.Multi.Generic ) - warning
21:15:41.0093 0720 StreamDispatcher - detected UnsignedFile.Multi.Generic (1)
21:15:41.0125 0720 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:15:41.0265 0720 streamip - ok
21:15:41.0296 0720 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:15:41.0437 0720 swenum - ok
21:15:41.0453 0720 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:15:41.0609 0720 swmidi - ok
21:15:41.0625 0720 SwPrv - ok
21:15:41.0640 0720 symc810 - ok
21:15:41.0656 0720 symc8xx - ok
21:15:41.0671 0720 sym_hi - ok
21:15:41.0687 0720 sym_u3 - ok
21:15:41.0718 0720 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:15:41.0875 0720 sysaudio - ok
21:15:41.0921 0720 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:15:42.0078 0720 SysmonLog - ok
21:15:42.0109 0720 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:15:42.0265 0720 TapiSrv - ok
21:15:42.0312 0720 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:15:42.0437 0720 Tcpip - ok
21:15:42.0484 0720 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:15:42.0625 0720 TDPIPE - ok
21:15:42.0640 0720 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:15:42.0781 0720 TDTCP - ok
21:15:42.0812 0720 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:15:42.0968 0720 TermDD - ok
21:15:43.0000 0720 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:15:43.0171 0720 TermService - ok
21:15:43.0203 0720 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:15:43.0218 0720 Themes - ok
21:15:43.0265 0720 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
21:15:43.0406 0720 TlntSvr - ok
21:15:43.0484 0720 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
21:15:43.0718 0720 Tones - ok
21:15:43.0734 0720 TosIde - ok
21:15:43.0765 0720 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:15:43.0906 0720 TrkWks - ok
21:15:43.0953 0720 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
21:15:43.0968 0720 TVICHW32 ( UnsignedFile.Multi.Generic ) - warning
21:15:43.0968 0720 TVICHW32 - detected UnsignedFile.Multi.Generic (1)
21:15:44.0015 0720 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:15:44.0156 0720 Udfs - ok
21:15:44.0171 0720 ultra - ok
21:15:44.0218 0720 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:15:44.0421 0720 Update - ok
21:15:44.0484 0720 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:15:44.0671 0720 upnphost - ok
21:15:44.0718 0720 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
21:15:44.0812 0720 upperdev - ok
21:15:44.0843 0720 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:15:44.0984 0720 UPS - ok
21:15:45.0000 0720 USBAAPL - ok
21:15:45.0046 0720 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:15:45.0187 0720 usbaudio - ok
21:15:45.0218 0720 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:15:45.0375 0720 usbccgp - ok
21:15:45.0390 0720 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:15:45.0546 0720 usbehci - ok
21:15:45.0578 0720 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:15:45.0734 0720 usbhub - ok
21:15:45.0750 0720 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:15:45.0906 0720 usbprint - ok
21:15:45.0921 0720 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:15:46.0062 0720 usbscan - ok
21:15:46.0078 0720 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
21:15:46.0234 0720 usbser - ok
21:15:46.0250 0720 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
21:15:46.0343 0720 UsbserFilt - ok
21:15:46.0375 0720 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:15:46.0562 0720 USBSTOR - ok
21:15:46.0593 0720 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:15:46.0765 0720 usbuhci - ok
21:15:46.0812 0720 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:15:46.0953 0720 usbvideo - ok
21:15:47.0000 0720 uti2mju5 (524d8d450622db4a7875b111c299a76b) C:\WINDOWS\system32\Drivers\uti2mju5.sys
21:15:47.0015 0720 uti2mju5 ( UnsignedFile.Multi.Generic ) - warning
21:15:47.0015 0720 uti2mju5 - detected UnsignedFile.Multi.Generic (1)
21:15:47.0078 0720 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
21:15:47.0390 0720 V124 - ok
21:15:47.0406 0720 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:15:47.0562 0720 VgaSave - ok
21:15:47.0609 0720 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
21:15:47.0625 0720 viaagp1 - ok
21:15:47.0687 0720 viagfx (3bcc43e2225851e0aef2a8c27ce420ea) C:\WINDOWS\system32\DRIVERS\vtmini.sys
21:15:47.0734 0720 viagfx - ok
21:15:47.0750 0720 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:15:47.0921 0720 ViaIde - ok
21:15:47.0953 0720 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:15:48.0171 0720 VolSnap - ok
21:15:48.0234 0720 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:15:48.0437 0720 VSS - ok
21:15:48.0500 0720 vulfnths (16409c468ceee99b6b129fcaa5c0f206) C:\WINDOWS\System32\Drivers\vulfnth.sys
21:15:48.0500 0720 vulfnths ( UnsignedFile.Multi.Generic ) - warning
21:15:48.0500 0720 vulfnths - detected UnsignedFile.Multi.Generic (1)
21:15:48.0531 0720 vulfntrs (541447e05eddd1164a5ea925778b209d) C:\WINDOWS\System32\Drivers\vulfntr.sys
21:15:48.0546 0720 vulfntrs ( UnsignedFile.Multi.Generic ) - warning
21:15:48.0546 0720 vulfntrs - detected UnsignedFile.Multi.Generic (1)
21:15:48.0578 0720 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:15:48.0734 0720 W32Time - ok
21:15:48.0765 0720 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:15:48.0921 0720 Wanarp - ok
21:15:48.0968 0720 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:15:49.0015 0720 Wdf01000 - ok
21:15:49.0015 0720 WDICA - ok
21:15:49.0046 0720 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:15:49.0203 0720 wdmaud - ok
21:15:49.0234 0720 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:15:49.0390 0720 WebClient - ok
21:15:49.0468 0720 winachsf (ee6ce0a6b5fda622160dddd8a2ca0032) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:15:49.0546 0720 winachsf ( UnsignedFile.Multi.Generic ) - warning
21:15:49.0546 0720 winachsf - detected UnsignedFile.Multi.Generic (1)
21:15:49.0625 0720 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
21:15:49.0640 0720 WinDefend - ok
21:15:49.0718 0720 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:15:49.0875 0720 winmgmt - ok
21:15:49.0953 0720 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
21:15:50.0031 0720 WLSetupSvc - ok
21:15:50.0062 0720 WMDM PMSP Service (668056d5c3c11ab7d266819a96b964e8) C:\WINDOWS\system32\MsPMSPSv.exe
21:15:50.0093 0720 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - warning
21:15:50.0093 0720 WMDM PMSP Service - detected UnsignedFile.Multi.Generic (1)
21:15:50.0125 0720 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
21:15:50.0203 0720 WmdmPmSN - ok
21:15:50.0265 0720 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:15:50.0375 0720 Wmi - ok
21:15:50.0421 0720 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
21:15:50.0593 0720 WmiApSrv - ok
21:15:50.0671 0720 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:15:50.0765 0720 WMPNetworkSvc - ok
21:15:50.0812 0720 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:15:50.0828 0720 WpdUsb - ok
21:15:50.0875 0720 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:15:51.0125 0720 WS2IFSL - ok
21:15:51.0156 0720 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:15:51.0312 0720 wscsvc - ok
21:15:51.0359 0720 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:15:51.0515 0720 WSTCODEC - ok
21:15:51.0562 0720 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:15:51.0734 0720 wuauserv - ok
21:15:51.0765 0720 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:15:51.0843 0720 WudfPf - ok
21:15:51.0875 0720 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:15:51.0906 0720 WudfRd - ok
21:15:51.0937 0720 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:15:51.0968 0720 WudfSvc - ok
21:15:52.0031 0720 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:15:52.0234 0720 WZCSVC - ok
21:15:52.0281 0720 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:15:52.0500 0720 xmlprov - ok
21:15:52.0546 0720 Z302Mic (4ae48a210e3b773462a9939304e788f1) C:\WINDOWS\system32\drivers\UsbMicfilt.sys
21:15:52.0625 0720 Z302Mic - ok
21:15:52.0671 0720 ZSMC302 (3c482e427f0e62a29ac839398831e2bc) C:\WINDOWS\system32\Drivers\usbvm302.sys
21:15:52.0765 0720 ZSMC302 - ok
21:15:53.0093 0720 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:15:56.0187 0720 \Device\Harddisk0\DR0 - ok
21:15:56.0187 0720 Boot (0x1200) (3f36e2be40eeeb770b9d00c7dcad72e3) \Device\Harddisk0\DR0\Partition0
21:15:56.0187 0720 \Device\Harddisk0\DR0\Partition0 - ok
21:15:56.0203 0720 ============================================================
21:15:56.0203 0720 Scan finished
21:15:56.0203 0720 ============================================================
21:15:56.0328 1392 Detected object count: 35
21:15:56.0328 1392 Actual detected object count: 35
#15
Posted 23 May 2012 - 04:32 PM
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users